201246889 六、發明說明: 【發明所屬之技術領域】 本發明係錢赃全有關,更詳而言之是減巾—種易於 傳遞的電子簽章及其驗章方法。 【先前技術】 按,資訊技術的蓬勃發展,文件或資料訊息之簽署方式亦 隨之電子化’使得使用者可透過電子簽章的方式進行文件或是 資料訊息之簽署,經由電子簽章的驗證方式,對於使用者簽署 的相關内容進行認證與不可否認性質之應用。 現今之電子簽章方法大多係先透過將資料或文件經過雜 湊運算(Hash Algorithm)後所得之摘要值(Digest Value)儲存於 編碼訊息(Encoded Message,EM)中,再透過將該編碼訊息與 私鑰(Private key)以可復原簽章運算法(Recoverable Sign Algorithm)運算後求得一簽章值(Signature)。當電子簽章在進行 簽章運算時,則會利用各簽章規範定義的填塞(Padding)方式填 補該編碼訊息中除該摘要值以外的儲存空間,使其長度可補足 至與該私鑰進行運算所需要之基本長度。其中,較常被使用之 RSA-X.509、RSA-PKCS與RSA-PSS等之可復原簽章運算法, 其編碼訊息(EM)組成的格式分別如下描述: RSA-X.509 : ΕΜ = 0χ00〜0χ00||Τ; 其中,Τ為資料或是文件的摘要值,而十六進位表示之 201246889 0x00數值則為填塞(Padding)串’用以補足該編碼訊息至私鑰 運算所需要的長度。 RSA-PKCS(EMSA-PKCSl-vl_5): EM = 0x00 || 0x01 || PS || 0x00 || T ; 其中’ T為雜凑演异法之識別瑪(Identifier,ID)與摘要值(由 資料或是文件產生)透過 ASN.l(Abstract Syntax Notation One) 結構語法中之DER(Distinguished Encoding Rules)編碼格式組 成之摘要訊息(Digest Info)。以SHA-1演算法為例,其編碼後 之T如下表示: SHA-1: (〇χ)3〇 21 30 09 06 05 2b 0e 03 02 la 05 00 04 Η || Η 其中’ Η為長度20位元組之摘要值。而填塞值Γ 〇χ〇〇丨丨〇χ〇1 11 PS丨丨0x00」中之填充字串(Padding String ’ PS)為十六進位碼201246889 VI. Description of the invention: [Technical field to which the invention pertains] The present invention relates to Qian Qiquan, and more specifically to a towel reduction type, an electronic signature that is easy to transmit, and a method of checking the same. [Previous technology] According to the rapid development of information technology, the way in which documents or information messages are signed is also electronically enabled to enable users to sign documents or information messages through electronic signatures and verify them via electronic signatures. The method of authentication and non-repudiation of the relevant content signed by the user. Most of the current electronic signature methods are first stored in the Encoded Message (EM) by the Digest Value obtained by hashing the data or file, and then by using the encoded message and the private message. The Private key is calculated by the Recoverable Sign Algorithm to obtain a Signature. When the electronic signature is in the signing operation, the storage space defined by each signature specification is filled in a padding manner to fill the storage space except the digest value, so that the length can be complemented to the private key. The basic length required for the operation. Among them, the recoverable signature algorithm of RSA-X.509, RSA-PKCS and RSA-PSS, which are commonly used, the format of the encoded message (EM) is as follows: RSA-X.509 : ΕΜ = 0χ00~0χ00||Τ; where Τ is the digest value of the data or file, and hexadecimal indicates that the 201246889 0x00 value is the padding string used to complement the length required for the encoded message to the private key operation. . RSA-PKCS(EMSA-PKCSl-vl_5): EM = 0x00 || 0x01 || PS || 0x00 || T ; where 'T is the Identifier (ID) and digest value of the hashing algorithm Or file generation) Digest Info consisting of the DER (Distinguished Encoding Rules) encoding format in the ASN.l (Abstract Syntax Notation One) structure syntax. Taking the SHA-1 algorithm as an example, the encoded T is represented as follows: SHA-1: (〇χ)3〇21 30 09 06 05 2b 0e 03 02 la 05 00 04 Η || Η where 'Η is the length 20 The summary value of the byte. The padding string (Padding String ’ PS) in the padding value 〇χ〇〇丨丨〇χ〇1 11 PS丨丨0x00” is the hexadecimal code
Oxff組成之字串,其長度為訊息編碼之長度—摘要訊息長 度- 3位元組。 RSA-PSS : EM = maskedDB || H || 〇xbc ; 其中’如圖1所示,M為資料或文件本文内容,她㈣ 為資料或文件本幼容經峰麟算法產生之摘要值,· P ngl為填塞值,其係由8個十六進位數值〇組成, 為乳數值係、&機|生之—亂數位元組,如此,利用上述數據 所得之M,,其詳細格式如下: M,= (0x)0° 00 00 〇〇 00 00 00 00 II mHash || salt ; 201246889 而Μ’再經由雜湊運算法產生摘要值(H)。而DB為資料 區塊(Data Block),其詳細格式如下: DB = PS || 0x01 || salt ; DB為係由填塞值(padding2)與亂數值(salt)組成,其中, 該填塞值(padding2)中包含有一填塞字串(padding Stfing,pS) 係由十六進位數值0x00組成,其長度為編碼訊息長度_slat 長度-摘要值長度-2位元組。 而遮罩後資料區塊(maskedDB)之詳細格式如下: maskedDB = DB ㊉ dbMask ; 其中’ dbMask = MGF(H,編碼訊息長度—摘要值長度—j), 即 ’ dbMask 係透過遮罩產生函式(Mask Generation Function, MGF)與摘要值(Η)運算產生一等同DB長度之遮罩數值,最 後,再將產出之遮罩數值與DB進行互斥或運算(Exclusive OR ’ XOR)而得到遮罩後資料區塊之數值。 根據上述幾種可復原電子簽章演算運算後得到之簽章 值,再依循 RSA PKCS#7(Public-Key Cryptography Standm〇、 或 IETF(Intemet Engineering Task Force)之 CMS(CryptographicThe string consisting of Oxff, the length of which is the length of the message code - summary message length - 3 bytes. RSA-PSS: EM = maskedDB || H || 〇xbc ; where 'as shown in Figure 1, M is the data or file content, she (4) is the abstract value generated by the data or file book by the Fenglin algorithm, P ngl is a stuffing value, which is composed of 8 hexadecimal values ,, which is a milk value system, & machine|born-disorder byte. Thus, the M obtained by using the above data has the following detailed format: M,= (0x)0° 00 00 〇〇00 00 00 00 II mHash || salt ; 201246889 and then generate a digest value (H) via the hash algorithm. The DB is a Data Block, and its detailed format is as follows: DB = PS || 0x01 || salt ; DB is composed of padding value (padding2) and random value (salt), where the padding value (padding2) There is a padding stfing (pS) consisting of a hexadecimal value of 0x00, the length of which is the length of the encoded message _slat length - the length of the digest value - 2 bytes. The detailed format of the masked data block (maskedDB) is as follows: maskedDB = DB ten dbMask ; where ' dbMask = MGF (H, coded message length - summary value length - j), ie ' dbMask system through the mask generation function (Mask Generation Function, MGF) and the digest value (Η) operation generate a mask value equal to the length of the DB, and finally, the mask value of the output is mutually exclusive OR with the DB (Exclusive OR 'XOR) to obtain the mask value. The value of the data block after the cover. According to the above-mentioned recoverable electronic signature calculation, the signature value obtained by RSA PKCS#7 (Public-Key Cryptography Standm〇, or IETF (Intemet Engineering Task Force) CMS (Cryptographic)
Message Syntax)規範,將簽章值與其他電子憑證以及相關演算 法資訊組成標準簽章格式,藉以用於資料傳遞與驗證之應用。 然而,由以上所述可得知,各種可復原簽章運算法之編碼 訊息的格式,其中許多空間皆是透過填塞無用字串之方式,使 其達到私鑰運算所需要的基本資料長度,因此,若能善用這些 5 201246889 浪費的空間做為—麵外賴之儲存與顧,可使簽章在不違 反安全性的狀況下,得有更多的擴展應用。 另外’現行的標準簽章格式由於需要憑證與其他資訊組 成’才能有共通的標準資料格式與後端的驗證服務介接整合, ㈣料量遠大於鮮值本身。換言之,在網路傳輸 速率較慢或資料傳輸空間有限的環境巾,資料大小將成為傳樞 成空與否之關鍵因素’當資料量較大時,不僅料因傳輸較慢 而造成接收端無法即時處理,更甚者將會造成簽章資料傳輸錯 誤或無法魏之情事發生。是以,已知的電子簽章方法仍未臻 完善,且尚有待改進之處。 【發明内容】 有鑑於此’本發明之主要目的在於提供一種電子簽章及其 驗章方法,傳遞資料量至簽章值之大小。 緣以達成上述目的’本發明所提供之電子簽章方法包含有 下列步驟: A 1.將文件摘要經過一雜湊運算法(也也Algorithm)加密取 得一具有預定長度之摘要值Value); A-2 ·將該摘要值與一額外資訊儲存於一編碼訊息(Enc〇ded Message ’ EM)中’且該額外資訊包含有文件資料、雜湊 運算法、或驗章金鑰(MVK)之索引; A-3.將該編碼訊息利用一私鍮(private _)以一可復原簽章運The Message Syntax specification combines signature values with other electronic vouchers and related algorithm information in a standard signature format for data transfer and verification applications. However, as can be seen from the above, the format of the encoded message of various recoverable signature algorithms, in which many spaces are filled with useless strings, to achieve the basic data length required for private key operations, If you can make good use of these 5 201246889 wasted space as a storage and care, you can have more extended applications without violating security. In addition, the current standard signature format requires the combination of credentials and other information to enable a common standard data format to be integrated with the back-end verification service. (4) The amount of material is much larger than the fresh value itself. In other words, in an environmental towel with a slow network transmission rate or limited data transmission space, the data size will become a key factor for the transit of the air. When the amount of data is large, it is not only because the transmission is slow, but the receiving end cannot Instant processing, and even more will result in the transmission of the signature data error or the inability to happen. Therefore, the known electronic signature method is still not perfect, and there is still room for improvement. SUMMARY OF THE INVENTION In view of the above, the main object of the present invention is to provide an electronic signature and a method of checking the same, and to transfer the amount of data to the size of the signature. In order to achieve the above object, the electronic signature method provided by the present invention includes the following steps: A 1. The file digest is encrypted by a hash algorithm (also called Algorithm) to obtain a digest value of a predetermined length (Value); A- 2) storing the digest value and an additional information in an encoded message (Enc〇ded Message ' EM)' and the additional information includes an index of the file data, the hash algorithm, or the checksum key (MVK); -3. Use the private message (private _) with a retrievable signature
S 201246889 算法(Recoverable Sign Algorithm)加密後取得一簽章值 (Signature)。另外,本發明更提供有一種驗證上述電子簽章方法所 得之簽章值(Signature)之驗章方法,其包含有下列步驟: B-1.將該簽章值利用一簽章者的驗章金鑰(υγκ)以該復原簽 章運算法解密取得該編碼訊息; Β-2.擷取該編碼訊息預定攔位中之該額外資訊與該摘要值, 再利用額外資訊執行提取文件資料或驗章金鑰(MVK)進 行驗證比對; Β-3.若前一步驟係以該額外資訊執行提取文件資料,則將所 得之文件資料以該雜凑運算法進行算取得摘要值,並 與該編碼訊息中儲存之摘要值進行比對取得所需之一簽 章值驗證結果;若前一步驟係以該額外資訊執行驗章金 鑰(MVK)_ ’麻__#鄕得之縣麵(眶) 與簽章者的驗章金輪(UVK)是否相符取得所需之一驗章 金錄1比對結果。 藉此’利用上述之電子簽章方法便可將資料整合至該編碼 訊息,而使得傳遞資料量縮減至簽章值之大小。 【實施方式】 為能更清楚地說明本發明,茲舉較佳實施例並配合圖示詳 細說明如後。 、 電子簽章方法係適用於 請參閱圖2與圖3,本發明提供之 201246889 簽早者端,係將一文件與其他額外資訊一同加密成一簽章值 (Signature) ’該電子簽章方法包含下列步驟: A-1.將該文件摘要經過一雜湊運算法(Hash Alg〇rithm)加密取 得一具有預定長度之摘要值(Digest Value)。 A-2.將該摘要值與額外資訊儲存於一編碼訊息(Enc〇ded Message,EM)中’該額外資訊儲存有文件資料之統一資 源標識符(Uniform Resource Identifier,URJ)、雜凑運算法 之物件識別碼(Object Identifier,0HD)、驗章金鑰(Μγκ) 索引(由私鍮相對應之公開金錄憑證作為依據而產生之 統一資源標識符)以及其他資訊(保留給應用程式系統的 彈性擴展使用)。 A-3.將該編碼訊息利用一私鑰(private _)以一可復原簽章運 算法(Recoverable Sign Algorithm)加密取得一簽章值 (Signature)後發送。 續參閱圖4與圖5,於接收端所使用對應上述之電子簽章 方法之驗章方法,包含有下列步驟: B-1.將該簽章值利用一簽章者的驗章金鑰(υνκ)以該復原簽 早運异法解密取得該編碼訊息; Β-2.擷取該編碼訊息中之該額外資訊與該摘要值,並解譯該 編碼訊息中所儲存之資訊,其中,透過該驗章金鑰(MVK) 索引可尋得驗章所需之公開金鑰憑證;透過文件資料之 201246889 統-資源標識符可尋得簽署之讀或觀,並透過雜凑 運算法之物件翻啊職指定請透過定之雜湊 運算法梢摘要值;*透過其他資訊可搭配應用程 式進行其他相關的操作。 B-3.將該編碼訊息中取出之摘要值與上述㈣b_2.利用該額 外减重新轉出之摘要值進行輯,再根據一致性與 否取得所需之一簽章值驗證結果;並將該驗章金鑰(MVK) 與簽章者之驗章麵(υνκ)進行比對,雜據—致性與 否取得所需之一驗章金鑰比對結果。 值得提的疋’上述之文件資料通常為文件的部份關鍵資 料,以線上交易為例’可將交易金額、交&單據流水號、交易 對象代號、交树I.等資料依據其重要性選擇性地放入文件 資料中。糾,上述該額外資訊中用於指冑文件資料之統一資 源標示符,翻途伽來細出某項龍的項目。而統一資源 心示符可依不同需求而區分為兩種,—為統—資源名稱 (Universal Resource Name » URN) > m 名稱如.將、統一資源名稱編寫成「cert^cate」說明資源之 名稱,另為統一資源連結(Universal Resource Link,URL" 除能識別出指定之資源外,同時還能指出資源所在之位置, ^ :將統一資源連結編寫成 「http://w筒.se 而.c〇m/certiflcate/testcer」,來表示資源之名稱 201246889 與其存放之位置。 另外’用於指定雜錢算法之物件識綱,係為資訊物 件的唯識別符號,以使資訊得以在網際網路上方便且安全地 傳遞,當前技術規格多定義物件識別碼之使用(如:χ·5〇9(ν3)、 rsa加解密法、雜麟算法...等),又如政府_或組織 團體之識糖訊,於公開金_證巾亦使用物件識別碼。而除 使用物件識觸外,上狀驗·法亦透過自定義編號的方 式來表示,如:利用0x31來表示WPEMD160運算法、或是 利用0x33來表示SHA1運算法等,而接收端之應用程式端則 需配合上述之自定義編號進行解譯。 再者,前述之公開金鑰憑證係可儲存於一目錄服務 (Directory service)中,或一公開可取得之佈放位置。 請參閱圖6至圖8,本發明之該額外資訊的儲存方式依據 不同的可復錢章運算法將儲存於不同之位置中,則為本發 明使用RSA-X.509運算法時,該額外資訊可置於由 「0χ00...0χ00」組成之填塞值中。圖7為本發明使用 RSA-PKCS運算法,額外資訊可置於由Γ〇χ〇〇丨丨〇χ〇1 所包含的填塞值中。圖8為本發明使用RSA-PSS運算法時, 該額外k訊可儲存於亂•數值(Salt)中’當然,除儲存於亂數值 外,亦可如前述運算法儲存於其填塞值中,於此容不再贅述。 另外’除由接收h直接進行簽章值的驗證,得以驗證簽章 正確性外,亦可於接收端將簽章者傳送之簽章值先進行驗證, 201246889 接著透過編碼訊息中之額外資訊,將簽章值包裝成符合 RSA-PKCS#7或IETF規範之CMS簽章資料格式,藉以供其 他公開金鍮系統之標準格式交換與驗證、存證與稽核。 再者,該額外資訊除用以儲存前述之搜尋文件資料之統一 資源標識符、驗章金鑰索引與雜凑運算法之物件識別碼外,亦 可用以儲存攜帶式應㈣統之魏齡或是其他關鍵資料,藉 以達成攜帶式應m認證操作或是雜認師證。舉例而 言’欲進行證券行動下單時,可將必要之下單資訊儲存於編碼 訊息中,證券系統之伺服器接收端可於接收用戶下單簽章後, 進行簽章驗證’確認簽章正確性並將該下單交易完成。而類似 如網路銀行或行動魏銀行交狀應用,亦可駐㈣鍵資訊 置於編碼訊息巾’並透過本發明之方法完成驗證而執行交易。 必須說明的是,若該可復原簽章算法中已包含了雜湊算 法,則本發明之該額外資訊中即可不必再儲存於該雜凑算法。 再者,只要是_將其他額外f訊或f訊索引儲存於 中來減少傳輸資料量大小之方法,不管是棚何種運算法,^ 屬本發明另一可實施之態樣而已,且舉凡應用本發明說明書及 申請專利範騎為之等效結構及製作方法變化,理應包含在本 發明之專利範圍内。 11 201246889 f圖式簡單說明】 圖1為習知RSA-PSS運算法之編碼訊息結構示意圖。 圖2為本發明電子簽章方法之流程圖。 圖3為本發明電子簽章方法之流程示意圖。 圖4為本發明驗章方法之流程圖。 圖5為本發明驗章方法之流程示意圖。 圖 圖 圖6為本發明使用RSA-X.5〇9運算法時之鵠螞> 幸钟The S 201246889 algorithm (Recoverable Sign Algorithm) encrypts and obtains a signature (Signature). In addition, the present invention further provides a method for verifying the signature of the electronic signature method, which includes the following steps: B-1. Using the signature of the signature of the signature The key (υγκ) decrypts the encoded message by the recovery signature algorithm; Β-2. extracts the additional information in the predetermined block of the encoded message and the digest value, and then uses the additional information to perform extracting the file data or Zhang Key (MVK) for verification comparison; Β-3. If the previous step is to extract the file data with the additional information, the obtained document data is calculated by the hash algorithm to obtain the digest value, and The digest value stored in the encoded message is compared to obtain one of the required signature value verification results; if the previous step is to perform the verification key (MVK) with the additional information _ '麻__#鄕得的县面(眶) Compatible with the signature of the signatories (UVK) to obtain one of the required results. By using the electronic signature method described above, data can be integrated into the encoded message, and the amount of data transferred can be reduced to the size of the signature. [Embodiment] In order to explain the present invention more clearly, the preferred embodiment will be described in detail with reference to the accompanying drawings. The electronic signature method is applicable to please refer to FIG. 2 and FIG. 3. The 201246889 signing of the early end of the present invention encrypts a file together with other additional information into a signature (Signature). The electronic signature method includes The following steps: A-1. The file digest is encrypted by a hash algorithm (Hash Alg〇rithm) to obtain a Digest Value having a predetermined length. A-2. Store the digest value and additional information in an Enc〇ded Message (EM). The extra information stores the Uniform Resource Identifier (URJ) and the hash algorithm. Object Identifier (0HD), the signature key (Μγκ) index (a uniform resource identifier generated from the corresponding public account voucher) and other information (reserved for the application system) Flexible extension use). A-3. The encoded message is transmitted by using a private key (private_) to obtain a signature (Signature) by a Recoverable Sign Algorithm (Encoverable Sign Algorithm). Continuing to refer to FIG. 4 and FIG. 5, the method of checking the electronic signature method corresponding to the above-mentioned method at the receiving end includes the following steps: B-1. Using the signature value of the signature of the signature holder ( Υνκ) decrypting the encoded message by using the recovery sign; and Β-2. extracting the additional information in the encoded message and the digest value, and interpreting the information stored in the encoded message, wherein The MVK index can be used to find the public key certificate required for the verification; the 201246889 system-resource identifier can be used to find the signed reading or view, and the object through the hash algorithm Please specify the hash summary value by specifying the hash algorithm. * Other information can be used with the application for other related operations. B-3. The digest value extracted from the encoded message is compared with (4) b_2. The digest value re-exported by using the additional deduction, and then the signature value verification result is obtained according to the consistency or not; The executor key (MVK) is compared with the signature face of the signer (υνκ), and the procedural-sexuality is obtained by comparing the results of the checkmark key. It is worth mentioning that the above-mentioned documents are usually part of the key information of the document. Take online transactions as an example. The information such as transaction amount, delivery & serial number, transaction object code, and I. Selectively put into the file data. Correction, the above-mentioned additional information is used to refer to the unified resource identifier of the document data, and to find out the project of a certain dragon. The unified resource indicator can be divided into two according to different needs, namely, the name of the resource (Universal Resource Name » URN) > m name such as, the unified resource name is written as "cert^cate" to explain the resource Name, and the same as the Uniform Resource Link (URL), in addition to identifying the specified resources, but also can indicate the location of the resource, ^: the unified resource link is written as "http://wtub.se .c〇m/certiflcate/testcer" to indicate the name of the resource 201246889 and its location. In addition, the object identifier used to specify the miscellaneous algorithm is the only identifier for the information object, so that the information can be obtained on the Internet. It is convenient and safe to transfer on the road. The current technical specifications define the use of object identification codes (such as: χ·5〇9 (ν3), rsa encryption and decryption method, hybrid algorithm, etc.), as well as government _ or organization groups. In addition to the sugar news, the object identification code is also used in the public gold _ badge. In addition to the use of object recognition, the upper test method is also expressed by a custom number, such as: 0x31 to represent the WPEMD160 algorithm, The SHA1 algorithm is used to represent the SHA1 algorithm, etc., and the application end of the receiving end needs to be interpreted in conjunction with the above-mentioned custom number. Furthermore, the aforementioned public key certificate can be stored in a directory service (Directory service). , or a publicly available location for deployment. Referring to FIG. 6 to FIG. 8 , the storage method of the additional information of the present invention is stored in different locations according to different recalculus algorithms, and is used for the present invention. In the RSA-X.509 algorithm, this extra information can be placed in the padding value consisting of "0χ00...0χ00". Figure 7 shows the RSA-PKCS algorithm in the present invention. Additional information can be placed in the UIA.填1 is included in the padding value. Figure 8 is the use of the RSA-PSS algorithm in the present invention, the additional k-message can be stored in the random value (Salt), of course, except stored in random values In addition, it can be stored in the packing value as described above, and will not be described here. In addition, the verification of the signature value can be verified by receiving h directly, and the correctness of the signature can be verified. The signing value transmitted by the signer is verified first, 2012 46889 Then, by using the additional information in the encoded message, the signature value is packaged into a CMS signature data format conforming to RSA-PKCS#7 or IETF specifications for exchange and verification, verification and auditing of standard formats of other public accounting systems. Furthermore, the additional information can be used to store the portable identification (four) system of Wei Ling, in addition to the uniform resource identifier, the signature key index and the object identification code of the hash algorithm for storing the aforementioned search document data. Or other key information to achieve a portable m-certification operation or a miscellaneous certificate. For example, when you want to place a securities action order, you can store the necessary information in the coded message. The server receiving end of the securities system can perform the signature verification after confirming the signature of the user. Correctness and completion of the order transaction. For example, if the online banking or mobile banking application is used, the information may be placed in the encoded message and executed by the method of the present invention. It must be noted that if the hash algorithm is included in the recoverable signature algorithm, the additional information of the present invention may no longer be stored in the hash algorithm. Furthermore, as long as it is a method of storing other additional f- or f-indexes to reduce the amount of data to be transmitted, no matter what algorithm is used, ^ is another implementation aspect of the present invention, and Variations in the equivalent structure and manufacturing method of the present specification and the patent application are intended to be included in the scope of the present invention. 11 201246889 f simple description of the schema] Figure 1 is a schematic diagram of the structure of the encoded message of the conventional RSA-PSS algorithm. 2 is a flow chart of an electronic signature method of the present invention. FIG. 3 is a schematic flow chart of an electronic signature method according to the present invention. Figure 4 is a flow chart of the method of checking the invention. FIG. 5 is a schematic flow chart of the method for checking the invention. Figure 6 Figure 6 is the use of the RSA-X.5〇9 algorithm in the invention
8為本發明使用RSA-PSS運算法時之 M 螂馬訊息結構圖。 【主要元件符號說明】8 is a structure diagram of the M Hummer message when the RSA-PSS algorithm is used in the present invention. [Main component symbol description]