CN111539032B - Electronic signature application system resistant to quantum computing disruption and implementation method thereof - Google Patents
Electronic signature application system resistant to quantum computing disruption and implementation method thereof Download PDFInfo
- Publication number
- CN111539032B CN111539032B CN202010555749.8A CN202010555749A CN111539032B CN 111539032 B CN111539032 B CN 111539032B CN 202010555749 A CN202010555749 A CN 202010555749A CN 111539032 B CN111539032 B CN 111539032B
- Authority
- CN
- China
- Prior art keywords
- quantum
- signature
- electronic signature
- electronic
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N10/00—Quantum computing, i.e. information processing based on quantum-mechanical phenomena
Abstract
The invention discloses an electronic signature application system for resisting quantum computation cracking and an implementation method thereof.A quantum secure electronic signature service system can extract an electronic signature in an electronic file and utilizes a quantum secure signature verification system to verify a signature; the quantum security electronic signature client can utilize a symmetric signature key in a quantum security certificate to complete quantum computation cracking resistant electronic signature generation, and can utilize a symmetric communication key in the quantum security certificate to realize quantum computation cracking resistant secure login of the quantum security electronic signature service system; the quantum secure signature verification system can decrypt and verify the electronic signature generated by encrypting the symmetric signature key. The invention can meet the requirements of users on encryption, anti-counterfeiting and transmission protection by using a quantum computation cracking resistant cryptographic technology in the processes of carrying out electronic signature on electronic files and verifying the electronic signature, and can be combined with the existing CA certificate based on asymmetric keys to realize higher cryptographic security performance.
Description
Technical Field
The invention relates to the technical field of encryption, in particular to an electronic signature application system resistant to quantum computing cracking and an implementation method thereof.
Background
In the current digital and networked era, communication among people is accompanied by application of various communication technical means, and the efficiency is greatly improved. The signing of various contracts and contracts in commercial activities does not depend on traditional paper contract credentials any more, but can be completed in modes of electronic contract signing, online electronic contract signing and the like, so that on one hand, the transaction signing speed can be improved, and on the other hand, the relevant statistics, analysis, prediction and management of electronic transactions are facilitated. However, while the efficiency is improved, the signing of the electronic contract also faces the challenge of information security, and the important point is how to prevent the counterfeit counterfeiting of the electronic contract information.
At present, a common electronic signing service system generally adopts a Certificate Authority (CA) certificate based on a Public Key Infrastructure (PKI) system for users with higher security requirements, generates electronic signature information by using a client signature private key in the certificate, and can verify the CA certificate by a background service system or a contract master and further decrypt and verify the electronic signature information by using a verified CA certificate signature public key.
The public and private key signature verification method based on the PKI system has better security in the face of the decryption of a classical computer, but once a quantum computer is developed to be mature, the method is not safe any more by combining a corresponding public and private key decryption algorithm, and can be decrypted and counterfeited at will. Therefore, it is necessary to consider adopting a new cryptographic technique to implement an electronic signature capable of preventing a quantum computer from cracking a counterfeit, and to ensure the validity of a related electronic contract.
Disclosure of Invention
The invention aims to provide an electronic signature application system for resisting quantum computation cracking and an implementation method thereof, aiming at overcoming the defects in the prior art, the method is based on a symmetric cryptosystem, and is combined with a symmetric encryption and decryption algorithm with a key length twice as long as that used by the conventional symmetric cryptographic algorithm to design an integral solution scheme for resisting quantum computation cracking, such as electronic signature generation, user security access and electronic signature verification, and the integral solution scheme can be used as an enhancement means of the current electronic signature service system to ensure the long-term effectiveness of electronic signatures on electronic contracts.
In order to achieve the purpose, the invention is realized by the following technical scheme: an electronic signature application system resistant to quantum computing cracking comprises a quantum secure electronic signature service system, a quantum secure electronic signature client, a quantum secure signature verification system, a quantum secure service module and a quantum secure certificate; the quantum secure electronic signature service system can extract an electronic signature in an electronic file and verify the signature by using the quantum secure signature verification system; the quantum secure electronic signature client can utilize a signature key in a quantum secure certificate to complete quantum computation cracking resistant electronic signature generation, and can utilize a communication key in the quantum secure certificate to realize quantum computation cracking resistant secure login of the quantum secure electronic signature service system; the quantum secure signature verification system can decrypt and verify the electronic signature generated by encrypting the signature key; the quantum security service module is mainly used in a service system, and has the capability of storing a signature key and a communication key and completing information encryption and decryption based on the keys; the quantum security certificate is mainly used for a user terminal, and has the capability of storing a signature key and a communication key and finishing information encryption and decryption based on the keys.
The method for realizing the electronic signature application system resisting quantum computation cracking comprises the following steps:
1. preparing: a user needing to perform electronic signature on the electronic file completes the installation of a quantum security electronic signature client and claims a quantum security certificate; the quantum security certificate finishes the distribution of a communication key between the quantum security service module and a quantum security electronic signature service system, and the corresponding relation between the number of the communication key and a user is stored in the quantum security electronic signature service system; the quantum security certificate completes the distribution of a signature key between the quantum security service module in the quantum security signature verification system, and the corresponding relation between the number of the signature key and a user is stored in the quantum security signature verification system; and communication key distribution is completed between the quantum security service module in the quantum security electronic signature service system and the quantum security service module in the quantum security signature verification system.
2. Electronic signature of electronic document: and the user calls the signature key in the quantum security certificate by using the quantum security electronic signature client to complete the electronic signature of the electronic file.
3. User quantum secure access: and the user calls the communication key in the quantum security certificate by using the quantum security electronic signature client, authenticates and accesses the quantum security electronic signature service system, protects and negotiates a session key by using the communication key, and encrypts and transmits the electronic file to the quantum security electronic signature service system.
4. Verifying the electronic signature; and the quantum secure electronic signature service system sends the electronic signature in the electronic file to the quantum secure signature verification system for verification.
Preferably, the electronic signature of the electronic file in the step 2 specifically includes the following sub-steps:
2.1, generating electronic file characteristic information, namely, using a quantum secure electronic signature client by a user to extract information which can uniquely identify an electronic file to be signed, and combining the information with user identity information and current time information to form the characteristic information of the electronic file;
2.2, generating an electronic signature, namely, a user uses a quantum security electronic signature client to send the characteristic information of the electronic file to a quantum security certificate according to a signature interface format of the quantum security certificate, the quantum security certificate randomly selects a signature key which is stored in the quantum security certificate and has the length of not less than 256 bits, the characteristic information is encrypted by using a symmetric encryption algorithm, and a ciphertext and a signature key number are returned to the quantum security electronic signature client;
and 2.3, electronic signature of the electronic file, namely embedding the cipher text and the signature key number obtained in the step 2.2 into the electronic file to be signed by using the quantum secure electronic signature client by the user to generate a new signed electronic file.
Preferably, the implementation of the user quantum secure access in step 3 includes the following sub-steps:
3.1, encrypting user identity information, namely, a user uses a quantum security electronic signature client to send the user identity information to a quantum security certificate according to an encryption interface format of the quantum security certificate, the quantum security certificate randomly selects a communication key which is stored safely and has a length of not less than 256 bits, the identity information is encrypted by using a symmetric encryption algorithm, and a ciphertext and a key number are returned to the quantum security electronic signature client;
3.2, user identity authentication, namely, the user sends the ciphertext of the identity information to the quantum secure electronic signature service system; the service system sends the ciphertext and the key number to the quantum security service module according to a decryption interface format of the quantum security module, the quantum security service module extracts a corresponding communication key according to the key number, decrypts the ciphertext, and returns the decrypted plaintext to the quantum security electronic signature service system; the quantum security electronic signature service system inputs the identity information and the key number into a user identity and key binding relationship database for comparison, and confirms whether the quantum security certificate is in the valid period and whether the corresponding relationship between the user identity and the key number is legal and consistent; if the illegal user, directly refusing the user to access the service;
3.3, session key negotiation, namely, locally generating a random number with the length not less than 256 bits by the quantum secure electronic signature service system, and using the random number as the session key accessed by the user at this time; sending the session key to the quantum security certificate according to the encryption interface format of the quantum security certificate to obtain a ciphertext and a key number; the cipher text and the key number are sent to the accessed user through the public internet; the user sends the ciphertext and the key number to the quantum security certificate according to the decryption interface format of the quantum security certificate to obtain a plaintext, and the plaintext is used as the session key accessed at this time;
3.4, encrypting and transmitting the electronic file, symmetrically encrypting the signed electronic file by using the session key by the user, and sending a ciphertext to the quantum secure electronic signature service system through the public internet; and the service system decrypts the ciphertext by using the session key to obtain the signed electronic file.
Preferably, the specific implementation of the electronic signature verification in step 4 includes the following sub-steps:
4.1, extracting and encrypting the electronic signature, namely extracting electronic file characteristic information from the signed electronic file and resisting quantum computing to crack the electronic signature information by the quantum security electronic signature service system, and sending the electronic file characteristic information to a quantum security service module according to an encryption interface format of the quantum security service module; the quantum security service module randomly selects a service communication key which is safely stored inside and has the length of not less than 256 bits, encrypts the characteristic information by using a symmetric encryption algorithm, and returns a cipher text and a key number to the quantum security electronic signature service system; the quantum secure electronic signature service system sends the anti-quantum-computation-cracking electronic signature information, the ciphertext and the secret key number to the quantum secure signature verification system through a public communication network;
4.2, electronic signature decryption, namely, the quantum security signature verification system submits the received electronic signature information to the quantum security service module according to the requirements of the decryption interface format of the quantum security service module, the quantum security service module extracts a corresponding signature key according to the key number and decrypts the ciphertext, and the decrypted plaintext is returned to the quantum security signature verification system;
4.3, feature information decryption, namely the quantum security signature verification system submits the received ciphertext and the key number to the quantum security service module according to the requirements of the decryption interface format of the quantum security service module, the quantum security service module extracts the corresponding communication key according to the key number and decrypts the ciphertext, and the decrypted plaintext is returned to the quantum security signature verification system;
4.4, electronic signature verification, namely, the quantum secure signature verification system compares user information and electronic file characteristic information in the information after the electronic signature decryption with a plaintext after the characteristic information ciphertext decryption to determine the authenticity of the signature;
4.5, returning a signature verification result, namely sending the comparison result obtained in the step (4.4) to the quantum security service module by the quantum security signature verification system according to the encryption interface format of the quantum security service module; the quantum security service module randomly selects a service communication key which is safely stored inside and has the length of not less than 256 bits, encrypts a comparison result by using a symmetric encryption algorithm, and returns a cipher text and a key number to the quantum security signature verification system; the quantum secure signature verification system sends the ciphertext and the key number to a quantum secure electronic signature service system through a public network; and the quantum security electronic signature service system sends the ciphertext and the key number to the quantum security service module according to the decryption interface format of the quantum security service module, obtains a decrypted plaintext and determines a signature verification result of the electronic signature on the electronic file.
The quantum secure electronic signature service system is not a necessary link in the whole electronic signature service process, is mainly used for providing functions such as online file management, electronic contract signing process management, electronic contract signing file third party offline verification and the like, and in a simple application scene without the functions, a quantum secure electronic signature client can also directly access the quantum secure signature verification system to verify the signature.
The quantum security certificate function can be used as an enhancement function of a general CA certificate; the quantum secure signature verification system can be used as an enhanced function of a signature verification server based on PKI; the anti-quantum computation based on the quantum security certificate communication key breaks the security access and the encryption communication, and the anti-quantum computation based on the quantum security certificate signature key breaks the electronic signature information to generate verification, so that the anti-quantum computation based on the quantum security certificate signature key can be used as an enhancement function of functions such as the CA certificate access authentication, the VPN encryption communication, the electronic signature and the like based on the PKI.
The invention has the beneficial effects that:
1. the electronic signature information of the electronic file is generated by adopting a symmetric encryption algorithm with the key length not less than 256 bits, and the electronic signature information can be cracked by using a quantum computer immediately and also has the security and confidentiality strength of a 128-bit key length symmetric encryption and decryption algorithm under the current classical computer cracking attack, so that the electronic signature can be prevented from being cracked and imitated even if the quantum computer is mature;
2. in the invention, a user logs in the quantum secure electronic signature service system by using the quantum secure electronic signature client and adopts a symmetric encryption algorithm with the length not less than 256 bits to carry out authentication information encryption and anti-counterfeiting, so that the system also has the capability of preventing identity counterfeiting after a quantum computer is mature;
3. in the invention, a user performs encryption protection by using a symmetric encryption algorithm with the length not less than 256 bits by using information transmission between the quantum secure electronic signature client and the quantum secure electronic signature service system and information transmission between the quantum secure electronic signature service system and the electronic signature verification system, and the system also has the capabilities of preventing interception, leakage and forgery after a quantum computer is mature;
4. the quantum security certificate can be generated based on a general intelligent password key adopted in the current classical password application, does not conflict with the related application mode of the current CA certificate based on a PKI system, can be used as a security enhancement mode of the current CA authentication and asymmetric key electronic signature application, and provides a service for resisting quantum computing attack for a client with higher security requirement and longer signature validity period on the basis of being compatible with the current system application. Drawings
The invention is described in detail below with reference to the drawings and the detailed description;
FIG. 1 is a block diagram of the system of the present invention;
fig. 2 is a functional outline diagram of a quantum secure electronic signature client according to the present invention.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further explained by combining the specific embodiments.
Referring to fig. 1, the following technical solutions are adopted in the present embodiment: the invention realizes the safe electronic signature of the electronic document among the related affiliates of the electronic contract in the public internet environment, and the corresponding electronic signature service system verifies the electronic signature, wherein the system comprises a quantum secure electronic signature service system, a quantum secure electronic signature client, a quantum secure signature verification system, a quantum secure service module, a quantum secure certificate, a user and the public internet.
The quantum secure electronic signature service system comprises: the electronic file electronic signing service function can be operated on a server or a cloud computing platform, provides a public internet access interface for the outside and realizes a corresponding network security isolation protection function;
quantum secure electronic signature client: the electronic signing operation function of the electronic file can be realized, the electronic signing operation function can be operated on a common computer or a smart phone, a quantum security certificate is accessed through a USB interface, and a public internet is accessed through a network port;
the quantum secure signature verification system comprises: the electronic file electronic signature verification service function can be operated on a server or a cloud computing platform, a public internet access interface is provided for the outside, and a corresponding network security isolation protection function is realized;
quantum security certificate: the safe storage of the communication key and the signature key and the related functions of key application are realized, and a standard USB interface is adopted externally;
quantum security service module: the safe storage of the communication key and the signature key and the related functions of key application are realized, the invention can be operated in a server cipher machine, an industrial personal computer containing a cipher card and the like, and the functions are provided for the outside through a USB interface or a network port of the computer;
the user: signing the electronic file by using the quantum security certificate and the quantum security electronic signature client, and sending the electronic file signed by others to the quantum security electronic signature service system by using the quantum security certificate and the quantum security electronic signature client for online signing management and signature verification;
public internet: the network is an internet network which can be used by other persons at the same time, comprises a wireless transmission channel, exchange, a route, a network management and the like, and conforms to the common internet protocol and system; the public internet emphasizes that the risk of intercepting information and files transmitted in the network by others exists;
the electronic signature application system capable of resisting quantum computing disruption further comprises an electronic file electronic signature, a user safety access signature service system and an electronic signature third party signature verification; the electronic signature of the electronic file is as follows: a user extracts the characteristic information of the electronic file by using the quantum security electronic signature client, encrypts by using a signature key in a quantum security certificate to generate an electronic signature which is resistant to quantum computation and cracking, and attaches the electronic signature to the electronic file; the user security access signature service system comprises: a user encrypts self identity information by using a communication key of the user in a quantum security certificate by using a quantum security electronic signature client to generate identity authentication information resistant to quantum computation and decryption, and the identity authentication information is sent to a quantum security electronic signature service system through the public internet for decryption and verification; after the authentication is passed, the negotiation of the session key is encrypted and protected by using the user communication key, and the communication between the quantum secure electronic signature client and the quantum secure electronic signature service system is encrypted and protected by using the session key; the electronic signature third party signature verification is as follows: the quantum secure electronic signature service system extracts the quantum computation cracking resistant electronic signature in the electronic file, extracts the characteristic information of the electronic file, encrypts the information by using a communication key between the quantum secure electronic signature service system and the quantum secure signature verification system, and sends the information to the quantum secure signature verification system through the public internet for decryption and comparison verification.
The communication key, the signature key and the session key are symmetric keys with the length not less than 256 bits.
The public internet includes various communication networks such as a fixed communication network, a mobile communication network, a wireless private network and the like.
The technical terms involved in the present invention are explained and illustrated below:
electronic document: in the invention, the electronic version of the document with the functions of contract, certification, guarantee and the like related to business behaviors needs related personnel to sign and confirm;
electronic signature: in the invention, data generated by related personnel of the electronic file by utilizing a cryptographic technology can be embedded into the electronic file according to a certain format;
a symmetric cryptographic mechanism: the encryption and decryption are performed by the same secret key, so that the efficiency is high;
symmetric key: random binary data used in a symmetric cipher mechanism is used for controlling confidential information of encryption and decryption;
communication key: a symmetric key used for identity authentication and information interaction encryption and decryption among public Internet users;
signature key: a symmetric key for encrypting specific information to generate an electronic signature;
an asymmetric cryptographic mechanism: the invention also refers to a public key cryptographic mechanism, and uses the key generation algorithm of the public key cryptographic mechanism to generate a pair of keys, namely a public key (public key for short) and a private key (private key for short).
Referring to fig. 2, the functional brief introduction diagram of the quantum secure electronic signature client in the embodiment of the present invention includes five functions of user management, certificate management, file signature verification, and system log;
the user management mainly completes authentication when a user logs in a terminal, and needs to have a legal quantum security certificate and correctly input a certificate login account password and the like;
the certificate management function mainly completes the management configuration of the quantum security certificate, and comprises the functions of certificate password modification, certificate key use condition inquiry, certificate validity period inquiry and the like;
the file signature function mainly completes browsing of the electronic file, generates an electronic signature based on the quantum security certificate, specifies the position of the signature on the file, and finally generates a signed electronic file;
the file signature checking function mainly finishes the extraction and browsing of electronic signature information in an externally input signed electronic file, and logs in a quantum secure electronic signature service system on line to verify the electronic signature;
the system log function mainly records user login, certificate management, file signature, signature verification and other operation behaviors executed by the current quantum secure electronic signature client, and records and queries error reasons of operation failure.
Example 1: in the embodiment of the invention, the user A is a clerk of a company X, and the user B is a clerk of a company Y. Company X and company Y are not located in one place, but need to sign a purchase contract frequently, and need to sign a purchase contract through a network in order to improve work efficiency.
According to the implementation method of the quantum computing cracking resistant electronic signature service system, the embodiment comprises the following steps:
step 1: preparing;
the user A has a quantum security certificate QSUkeyX, which comprises a plurality of communication keys CkeyX with the length not less than 256 bits for user security access and a plurality of signature keys SkeyX with the length not less than 256 bits for electronic signature;
the user B is provided with a quantum security certificate QSUkey Y, wherein the quantum security certificate QSUkey Y comprises a plurality of communication keys Ckey Y with the length not less than 256 bits for user secure access and a plurality of signature keys SkeyY with the length not less than 256 bits for electronic signature;
a quantum security service module QSSM in the quantum security electronic signature service system QSESS stores CkeyX and CkeyY;
QSSM in the quantum secure signature system QSSVS saves SseyX and SseyY;
the QSSM in both the QSESS and the QSSVS holds a symmetric communication key CkeyS.
Step 2: company X electronically signs an electronic document;
user A finishes the compilation and signature of a certain purchased file eFile by using a quantum security electronic signature client and QSUkeyX, and comprises the following steps:
step 2.1: a user A installs a quantum security electronic signature client, inserts a quantum security certificate QSUkeyX, correctly inputs an account password of the QSUkeyX and logs in the quantum security electronic signature client; a user A compiles an eFile, opens the eFile by using a file signature function in a quantum secure electronic signature client, specifies an electronic signature position and completes the signature;
step 2.2: the quantum secure electronic signature client generates electronic signature original position SignX1 by the characteristic information (file name, file size, file editor, file revision time, and file key information specified by the user A, such as contract number, contract amount and the like) of the eFile and the characteristic information (enterprise name, business license number and the like) of the company X;
step 2.3: the quantum security electronic signature client calls the signature function of SignX1 according to a signature interface format in QSUkeyX, the quantum security certificate randomly selects a signature key from the SkeyX key pool, and encrypts the SignX1 to obtain an encrypted electronic signature EncSignX1; the quantum security certificate returns EncSignX1 and a corresponding signature key number Signcode1 to the quantum security electronic signature client;
step 2.4: the quantum secure electronic signature client attaches EncSignX1 and Signcode1 to the eFile to obtain a signed file eFile _ X of the company X; user A sends eFile _ X to user B via email or other network.
And 3, step 3: carrying out signature verification on the electronic file by company Y;
the user B safely logs in the quantum secure electronic signature service system to carry out signature verification on the electronic file by using the quantum secure electronic signature client and the quantum secure certificate, and the specific steps are as follows:
step 3.1: a user B installs a quantum security electronic signature client, inserts a quantum security certificate QSUkeyY, correctly inputs an account password of the QSUkeyY and logs in the quantum security electronic signature client; opening an eFile _ X by using a signature verification function in the quantum secure electronic signature client, and browsing a purchase contract;
step 3.2: the user B selects an electronic signature EncSignX1 attached to the eFile _ X file to carry out online signature verification; firstly, selecting a communication key in QSUkey Y, symmetrically encrypting the identity information of a user B, and sending the identity information to a quantum secure electronic signature service system for authentication;
step 3.3: the quantum secure electronic signature service system calls a corresponding decryption key to decrypt the identity authentication information, inquires whether the user is in the validity period and whether the key number and the corresponding identity of the user are correct, passes the authentication, encrypts a session key Yn by using a communication key and then sends the session key Yn to a user B;
step 3.4: the quantum secure electronic signature client of the user B encrypts the eFile _ X characteristic information by using the Session KeyYn and sends the encrypted eFile _ X characteristic information and EncSignX1 to the quantum secure electronic signature service system; after the quantum security electronic signature service system decrypts, the eFile _ X characteristic information is encrypted by using a communication key in the accessed quantum security service module and is sent to the quantum security signature verification system together with EncSignX1;
step 3.5: the quantum secure signature verification system decrypts EncSignX1 to obtain SignX1, decrypts by using a communication key to obtain eFile _ X characteristic information, and compares the characteristic information with the characteristic information to obtain a signature verification result; the signature verification result is encrypted through a communication key and then transmitted back to the quantum secure electronic signature service system;
step 3.6: the quantum secure electronic signature service system decrypts to obtain a signature verification result, encrypts the signature verification result by using the SessionKeyYn, and then sends the encrypted signature verification result to the user Y.
And 4, step 4: company Y signs up electronic document
And after the user B confirms that the electronic signature in the eFile _ X is legal and effective, signing a contract of the enterprise by using the method in the step 2 to obtain the eFile _ X _ Y, and sending the eFile _ X _ Y to the user A in an e-mail or other modes.
And 5: company X signs and checks electronic document
And (4) the user A verifies the electronic signature of the user Y in the eFile _ X _ Y by using the method in the step 3, and the electronic contract signing process is completed after the signature is confirmed to be legal.
The electronic signature verification method and the electronic signature verification device can realize generation and verification of the electronic signature of the electronic file resistant to quantum computing cracking, and prevent other people from counterfeiting the electronic signature; the long-key symmetric encryption technology for resisting quantum computing cracking attack can be used for realizing the encryption of the identity authentication and information transmission between the terminals and the services of the cross public Internet and between the services, and preventing the contract confidentiality from being leaked due to interception and cracking by other enterprise personnel.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (6)
1. An electronic signature application system resistant to quantum computing disruption is characterized by comprising a quantum secure electronic signature service system, a quantum secure electronic signature client, a quantum secure signature verification system, a quantum secure service module and a quantum secure certificate; the quantum secure electronic signature service system extracts an electronic signature in the electronic file and utilizes the quantum secure signature verification system to verify the signature; the quantum secure electronic signature client side completes quantum computation cracking resistant electronic signature generation by using a signature key in a quantum secure certificate, and realizes quantum computation cracking resistant secure login of a quantum secure electronic signature service system by using a communication key in the quantum secure certificate; the quantum secure signature verification system decrypts and verifies the electronic signature generated by encrypting the signature key; the quantum security service module is used in a service system, and has the capability of storing a signature key and a communication key and completing information encryption and decryption based on the keys; the quantum security certificate is used for a user terminal, has the capability of storing a signature key and a communication key and finishing information encryption and decryption based on the keys;
the electronic signature application system also comprises an electronic file electronic signature, a user safety access signature service system and an electronic signature third party signature verification;
the electronic signature of the electronic file is as follows: a user extracts the characteristic information of the electronic file by using the quantum security electronic signature client, encrypts by using a signature key in a quantum security certificate to generate an electronic signature which is resistant to quantum computation and cracking, and attaches the electronic signature to the electronic file;
the user security access signature service system comprises: a user encrypts self identity information by using a communication key of the user in a quantum security certificate by using a quantum security electronic signature client to generate identity authentication information resistant to quantum computation and decryption, and the identity authentication information is sent to a quantum security electronic signature service system through the public internet for decryption and verification; after the authentication is passed, the negotiation of the session key is encrypted and protected by using the user communication key, and the communication between the quantum secure electronic signature client and the quantum secure electronic signature service system is encrypted and protected by using the session key;
the electronic signature third party signature verification is as follows: the quantum secure electronic signature service system extracts the quantum computation cracking resistant electronic signature in the electronic file, extracts the characteristic information of the electronic file, encrypts the information by using a communication key between the quantum secure electronic signature service system and the quantum secure signature verification system, and sends the information to the quantum secure signature verification system through the public internet for decryption and comparison verification.
2. The system of claim 1, wherein the communication key, the signing key, and the session key are symmetric keys with a length of not less than 256 bits.
3. The system for applying an electronic signature to resist quantum computation disruption as claimed in claim 1, wherein the public internet comprises one or more of a fixed communication network, a mobile communication network, and a wireless private network.
4. An implementation method of an electronic signature application system resistant to quantum computation cracking is characterized by comprising the following steps:
(1) Preparing: a user needing to perform electronic signature on the electronic file completes the installation of a quantum security electronic signature client and claims a quantum security certificate; the quantum security certificate finishes the distribution of a communication key between the quantum security service module and a quantum security electronic signature service system, and the corresponding relation between the number of the communication key and a user is stored in the quantum security electronic signature service system; the quantum security certificate completes the distribution of a signature key between the quantum security service module in the quantum security signature verification system, and the corresponding relation between the number of the signature key and a user is stored in the quantum security signature verification system; the quantum security service module in the quantum security electronic signature service system and the quantum security service module in the quantum security signature verification system complete communication key distribution;
(2) Electronic signature of electronic document: a user calls a signature key in the quantum security certificate by using the quantum security electronic signature client to complete electronic signature of the electronic file;
(3) User quantum secure access: a user calls a communication key in a quantum security certificate by using a quantum security electronic signature client, authenticates and accesses the quantum security electronic signature service system, protects a negotiation session key by using the communication key, and encrypts and transmits an electronic file to the quantum security electronic signature service system;
(4) Verifying the electronic signature; the quantum secure electronic signature service system sends the electronic signature in the electronic file to a quantum secure signature verification system for verification;
the electronic signature operation of the electronic file in the step (2) is specifically realized by the following steps:
(2.1): generating electronic file characteristic information, namely, a user uses a quantum secure electronic signature client to extract information which can uniquely identify an electronic file to be signed, and the information, user identity information and current time information are combined into the characteristic information of the electronic file;
(2.2): generating an electronic signature, namely, a user uses a quantum security electronic signature client to send the electronic file characteristic information to a quantum security certificate according to a signature interface format of the quantum security certificate, the quantum security certificate randomly selects a signature key which is stored safely and internally and has a length of not less than 256 bits, the characteristic information is encrypted by using a symmetric encryption algorithm, and a ciphertext and a signature key number are returned to the quantum security electronic signature client;
(2.3): and (3) electronic signature of the electronic file, namely embedding the cipher text and the signature key number obtained in the step (2.2) into the electronic file to be signed by using the quantum secure electronic signature client by the user to generate a new signed electronic file.
5. The method for implementing an electronic signature application system resistant to quantum computing cracking as claimed in claim 4, wherein the implementation of the user quantum secure access operation in step (3) specifically comprises the following steps:
(3.1): encrypting user identity information, namely, a user uses a quantum security electronic signature client to send the user identity information to a quantum security certificate according to an encryption interface format of the quantum security certificate, the quantum security certificate randomly selects a communication key which is stored safely and has a length of not less than 256 bits, the identity information is encrypted by using a symmetric encryption algorithm, and a ciphertext and a key number are returned to the quantum security electronic signature client;
(3.2): user identity authentication, namely, the user sends the ciphertext of the identity information to the quantum secure electronic signature service system; the service system sends the ciphertext and the key number to the quantum security service module according to the decryption interface format of the quantum security module, the quantum security service module extracts a corresponding communication key according to the key number and decrypts the ciphertext, and the decrypted plaintext is returned to the quantum security electronic signature service system; the quantum security electronic signature service system inputs the identity information and the key number into a user identity and key binding relation database for comparison, and confirms whether the quantum security certificate is in the validity period and whether the corresponding relation between the user identity and the key number is legal and consistent; if the illegal user, directly refusing the user to access the service;
(3.3): session key negotiation, namely, a random number with the length not less than 256 bits is locally generated by the quantum security electronic signature service system to serve as a session key accessed by the user at this time, and the session key is sent to a quantum security certificate according to an encryption interface format of the quantum security certificate to obtain a ciphertext and a key number; sending the cipher text and the key number to the accessed user through the public internet; the user sends the ciphertext and the key number to the quantum security certificate according to the decryption interface format of the quantum security certificate to obtain a plaintext, and the plaintext is used as the session key accessed at this time;
(3.4): the electronic file is encrypted and transmitted, a user symmetrically encrypts the signed electronic file by using a session key and sends a ciphertext to a quantum secure electronic signature service system through the public internet; and the service system decrypts the ciphertext by using the session key to obtain the signed electronic file.
6. The method for implementing an electronic signature application system resistant to quantum computing cracking as claimed in claim 4, wherein the electronic signature verification operation in the step (4) comprises the following steps:
(4.1): extracting and encrypting the electronic signature, namely extracting electronic file characteristic information and resisting quantum computing to crack the electronic signature information from the signed electronic file by the quantum security electronic signature service system, and sending the electronic file characteristic information to the quantum security service module according to the quantum security service module encryption interface format; the quantum security service module randomly selects a service communication key which is safely stored inside and has the length of not less than 256 bits, encrypts the characteristic information by using a symmetric encryption algorithm, and returns a cipher text and a key number to the quantum security electronic signature service system; the quantum secure electronic signature service system sends the quantum computing cracking resistant electronic signature information, the ciphertext and the key number to the quantum secure signature verification system through a public communication network;
(4.2): the electronic signature decryption, namely the quantum security signature verification system submits the received electronic signature information to the quantum security service module according to the decryption interface format requirement of the quantum security service module, the quantum security service module extracts a corresponding signature key according to the key number and decrypts the ciphertext, and the decrypted plaintext is returned to the quantum security signature verification system;
(4.3): the characteristic information is decrypted, namely the quantum security signature verification system submits the received ciphertext and the key number to the quantum security service module according to the decryption interface format requirement of the quantum security service module, the quantum security service module extracts the corresponding communication key according to the key number and decrypts the ciphertext, and the decrypted plaintext is returned to the quantum security signature verification system;
(4.4): the electronic signature verification, namely the quantum secure signature verification system compares the user information and the electronic file characteristic information in the information after the electronic signature decryption with the plaintext after the characteristic information ciphertext decryption to determine the authenticity of the signature;
(4.5): returning a signature verification result, namely sending the comparison result obtained in the step (4.4) to the quantum security service module by the quantum security signature verification system according to the encryption interface format of the quantum security service module; the quantum security service module randomly selects a service communication key which is safely stored inside and has the length of not less than 256 bits, encrypts a comparison result by using a symmetric encryption algorithm, and returns a cipher text and a key number to the quantum security signature verification system; the quantum secure signature verification system sends the ciphertext and the key number to a quantum secure electronic signature service system through a public network; the quantum security electronic signature service system sends the ciphertext and the key number to the quantum security service module according to the decryption interface format of the quantum security service module, obtains a decrypted plaintext, and determines a signature verification result of the electronic signature on the electronic file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010555749.8A CN111539032B (en) | 2020-06-17 | 2020-06-17 | Electronic signature application system resistant to quantum computing disruption and implementation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010555749.8A CN111539032B (en) | 2020-06-17 | 2020-06-17 | Electronic signature application system resistant to quantum computing disruption and implementation method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111539032A CN111539032A (en) | 2020-08-14 |
| CN111539032B true CN111539032B (en) | 2023-03-03 |
Family
ID=71978321
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010555749.8A Active CN111539032B (en) | 2020-06-17 | 2020-06-17 | Electronic signature application system resistant to quantum computing disruption and implementation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111539032B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116366436B (en) * | 2023-04-21 | 2024-03-05 | 南京弘竹泰信息技术有限公司 | Method for providing various telecom value-added services based on wide area networking |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6745327B1 (en) * | 1998-05-20 | 2004-06-01 | John H. Messing | Electronic certificate signature program |
| CN101655931A (en) * | 2008-08-21 | 2010-02-24 | 东方钢铁电子商务有限公司 | Electronic public bidding method based on digital certificate |
| CN105323062A (en) * | 2014-06-03 | 2016-02-10 | 北京收付宝科技有限公司 | Mobile terminal digital certificate electronic signature method |
| CN109600228A (en) * | 2018-10-31 | 2019-04-09 | 如般量子科技有限公司 | The signature method and sealing system of anti-quantum calculation based on public keys pond |
-
2020
- 2020-06-17 CN CN202010555749.8A patent/CN111539032B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6745327B1 (en) * | 1998-05-20 | 2004-06-01 | John H. Messing | Electronic certificate signature program |
| CN101655931A (en) * | 2008-08-21 | 2010-02-24 | 东方钢铁电子商务有限公司 | Electronic public bidding method based on digital certificate |
| CN105323062A (en) * | 2014-06-03 | 2016-02-10 | 北京收付宝科技有限公司 | Mobile terminal digital certificate electronic signature method |
| CN109600228A (en) * | 2018-10-31 | 2019-04-09 | 如般量子科技有限公司 | The signature method and sealing system of anti-quantum calculation based on public keys pond |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111539032A (en) | 2020-08-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1689297B (en) | Method of preventing unauthorized distribution and use of electronic keys using a key seed | |
| CN103020825B (en) | A kind of secure payment authentication method based on software client | |
| CN101212293B (en) | Identity authentication method and system | |
| CN109687965B (en) | Real-name authentication method for protecting user identity information in network | |
| CN101393628B (en) | Novel network safe transaction system and method | |
| CN104917741B (en) | A kind of plain text document public network secure transmission system based on USBKEY | |
| EP1322086A2 (en) | Assignment of user certificates/private keys in token enabled public key infrastructure system | |
| CN108243166A (en) | A kind of identity identifying method and system based on USBKey | |
| KR20020045003A (en) | Countermeasure Against Denial-of-Service Attack in Authentication Protocols Using Public-Key Encryption | |
| CN110046515B (en) | Safe electronic signature method based on short-lived digital certificate | |
| CN100566250C (en) | A kind of point to point network identity identifying method | |
| CN101216923A (en) | A system and method to enhance the data security of e-bank dealings | |
| JP2012044670A (en) | User authentication method based on utilization of biometric identification techniques, and related architecture | |
| CN113067699B (en) | Data sharing method and device based on quantum key and computer equipment | |
| WO2018133674A1 (en) | Method of verifying and feeding back bank payment permission authentication information | |
| CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
| CN103905388A (en) | Authentication method, authentication device, smart card, and server | |
| CN113364597A (en) | Privacy information proving method and system based on block chain | |
| CN111798224A (en) | SGX-based digital currency payment method | |
| CN111917543A (en) | User access cloud platform security access authentication system and application method thereof | |
| US20060053288A1 (en) | Interface method and device for the on-line exchange of content data in a secure manner | |
| US20120131347A1 (en) | Securing of electronic transactions | |
| CN111539032B (en) | Electronic signature application system resistant to quantum computing disruption and implementation method thereof | |
| JP2008502045A5 (en) | ||
| CN116132986A (en) | Data transmission method, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |