CN101980471A - Digital signature method, and method, device and system for verifying digital signature - Google Patents
Digital signature method, and method, device and system for verifying digital signature Download PDFInfo
- Publication number
- CN101980471A CN101980471A CN 201010505308 CN201010505308A CN101980471A CN 101980471 A CN101980471 A CN 101980471A CN 201010505308 CN201010505308 CN 201010505308 CN 201010505308 A CN201010505308 A CN 201010505308A CN 101980471 A CN101980471 A CN 101980471A
- Authority
- CN
- China
- Prior art keywords
- message
- digital signature
- digest value
- message digest
- fragment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 239000012634 fragment Substances 0.000 claims abstract description 110
- 238000012545 processing Methods 0.000 claims abstract description 20
- 230000005540 biological transmission Effects 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 9
- 230000002123 temporal effect Effects 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 17
- 238000005516 engineering process Methods 0.000 description 8
- 230000008878 coupling Effects 0.000 description 4
- 238000010168 coupling process Methods 0.000 description 4
- 238000005859 coupling reaction Methods 0.000 description 4
- 230000000052 comparative effect Effects 0.000 description 3
- 230000002950 deficient Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012163 sequencing technique Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a digital signature method and a method, a device and a system for verifying a digital signature. The digital signature method comprises the following steps of: processing a message to be transmitted to obtain a first message summary value; selecting at least one message fragment from the message; processing the message fragments respectively to obtain at least one corresponding second message summary value; and encrypting the first message summary value and at least one second message summary value by using a digital signature algorithm to obtain a final digital signature. By selecting at least one message fragment from the message and calculating the message summary values of the message and the message fragment respectively, an attacker is forced to find at least two internally related matched messages respectively directing the message summary value of the message and the message summary value of at least one message fragment, so that the difficulty of degraded attack is increased, and further the security of digital signature is improved.
Description
Technical field
The present invention relates to a kind of network information encryption technology, relate in particular to a kind of digital signature method, the verification method of digital signature, Apparatus and system that can effectively prevent downgrade attacks.
Background technology
Along with rapid development of network technology, network security problem becomes more and more important, and information encryption then is the core technology in the network security technology.Digital signature (Digital Signatures) is the technology comparatively widely of using in numerous information encryptions, it is the confidentiality of guarantee information transmission, the integrality of exchanges data, the non-repudiation that sends information, deterministic a kind of effective solution of dealer's identity, is the pith of e-commerce security.
In the prior art, digital signature scheme has multiple, for example RSA (Ron Rivest, Adi Shamir﹠amp; Leonard Adleman) signature, based on the digital signature of digital envelope, based on the digital signature scheme of eap-message digest etc.Wherein, the digital signature scheme based on eap-message digest comprises: adopt the algorithm of eap-message digest to form message digest value for needing encrypted messages earlier, with the RSA compiling method this message digest value is calculated and formed digital signature.This method has guaranteed the integrality of message data by message digest value, has guaranteed the confidentiality of message data by the RSA compiling method, simultaneously because message digest value length, has reduced the workload of RSA coding greatly much smaller than message data length.
Above-mentioned based on (the Message Digest of the eap-message digest in the digital signature scheme of eap-message digest, abbreviate MD as) be a kind of coding method, the message of the random length that its employing one-way hash function (Hash) function will be encrypted forms the message digest value of a string regular length, and the message digest value that different message forms is difference as a result, and the message digest value that same message forms must be consistent.An important attribute of eap-message digest is exactly irreversibility (irreversibility), a promptly given message digest value, and it should be extremely difficult wanting to calculate its pairing message.Another important attribute of eap-message digest is exactly that to want to produce two message M and M ' with identical message digest value be difficult, and this attribute is known as anti-collision (collision resistance).In fact, any intensity of resisting the eap-message digest that conflict takes place has only half of message digest value, and therefore one 128 the message digest value intensity avoiding clashing has only 64, and that is to say needs about 2
64Inferior operation just can produce once conflict, promptly produces to have another message of identical message digest value, thereby has guaranteed the integrality of message.
The message digest value length difference that algorithms of different draws, the security intensity difference.As: the message digest value length that MD5 draws is 128, and the message digest value length that SHA-1 draws is 160, therefore, needs 2
64Inferior operation just can be found the once conflict of MD5, then is 2 for SHA-1
80Inferior operation.
The defective that prior art exists is: through existing digital signature scheme institute information encrypted based on eap-message digest, suffer downgrade attacks when transmitting in network easily, the assailant replaces the purpose that level message digest algorithm reaches attack by using other Message Digest 5 of low level security.
The schematic diagram that Figure 11 suffers downgrade attacks for the message that adopts existing digital signature technology.As shown in figure 11, transmitting terminal upgrades to the SHA-1 algorithm for improving safety of data transmission with original Message Digest 5 MD5 algorithm that adopts.When carrying out transfer of data, transmitting terminal at first obtains message digest value h=SHA-1 (A) with message A to be sent through the SHA-1 algorithm computation, calculate digital signature RSA (h) again, with form be then: the data of message A+ digital signature RSA (h) send to the recipient.
The assailant has obtained message A1 and the digital signature RSA (h1) through checking before transmitting terminal upgrading message digest algorithm, h1 wherein calculates with the preceding rudimentary Message Digest 5 MD5 of upgrading for message A1, be h1=MD5 (A1), the assailant collides computing according to this message digest value, obtain the message B of a forgery, make MD5 (B)=MD5 (A1).
The assailant intercepts and captures the data that transmitting terminal sends, digital signature RSA in these data (h) is replaced with RSA (h1), again its message A is replaced with message B, the data format after distorting is: message B+ digital signature RSA (h1), the assailant sends to receiving terminal with these data then.
Receiving terminal receives through after the data of distorting, earlier RSA (h1) is decrypted and obtains message digest value h1, again message B is calculated with the MD5 algorithm that it carries, obtain MD5 (B), because MD5 (B)=MD5 (A1)=h1, so receiving terminal can't judge that message is distorted.Therefore, adopt existing digital signature method institute information encrypted, suffer downgrade attacks easily based on eap-message digest.
Summary of the invention
At the defective of prior art, the invention provides verification method, the Apparatus and system of a kind of digital signature method, digital signature, can effectively prevent downgrade attacks.
The invention provides a kind of digital signature method, comprising:
Message waiting for transmission is handled, obtained first message digest value;
From described message, choose at least one message fragment;
Described message fragment is handled respectively, obtained at least one corresponding second message digest value;
Adopt Digital Signature Algorithm that described first message digest value and described at least one second message digest value are encrypted, obtain final digital signature.
The present invention provides a kind of verification method of digital signature again, comprising:
According to the message that receives being chosen at least one message fragment with the mode of message transmitting party agreement;
According to manner of decryption and Digital Signature Algorithm the final digital signature that receives is decrypted with the message transmitting party agreement, obtain first message digest value and at least one second message digest value, described first message digest value is corresponding with the described message that receives, and described at least one second message digest value is corresponding with described at least one message fragment;
The described message that receives is handled, obtained the 3rd message digest value;
Described message fragment is handled respectively, obtained at least one corresponding the 4th message digest value;
Described first message digest value and described the 3rd message digest value are compared;
Described at least one second message digest value and described at least one the 4th message digest value are compared;
Equate with described the 3rd message digest value in described first message digest value, and under described at least one second message digest value and the situation that described at least one the 4th message digest value all equates, judge that the described message that receives is not subjected to downgrade attacks;
Otherwise, judge that the described message that receives is subjected to downgrade attacks.
The present invention also provides a kind of digital signature device, comprising:
The first eap-message digest processing module is used for message waiting for transmission is handled, and obtains first message digest value;
Fragment is chosen module, is used for choosing at least one message fragment from described message;
The second eap-message digest processing module is used for described message fragment is handled, and obtains at least one corresponding second message digest value;
The digital signature module is used to adopt Digital Signature Algorithm that described first message digest value and described at least one second message digest value are encrypted, and obtains final digital signature.
The present invention provides a kind of demo plant of digital signature again, comprising:
The fragment acquisition module is used for according to the mode of message transmitting party agreement the message that receives being chosen at least one message fragment;
Deciphering module, be used for the final digital signature that receives being decrypted according to manner of decryption and Digital Signature Algorithm with the message transmitting party agreement, obtain first message digest value and at least one second message digest value, described first message digest value is corresponding with the described message that receives, and described at least one second message digest value is corresponding with described at least one message fragment;
The 3rd eap-message digest processing module is used for the described message that receives is handled, and obtains the 3rd message digest value;
The 4th eap-message digest processing module is used for described message fragment is handled respectively, obtains at least one corresponding the 4th message digest value;
First comparison module is used for described first message digest value and described the 3rd message digest value are compared;
Second comparison module is used for described at least one second message digest value and described at least one the 4th message digest value are compared;
Determination module, be used for equating with described the 3rd message digest value in described first message digest value, and under described at least one second message digest value and the situation that described at least one the 4th message digest value all equates, judge that the described message that receives is not subjected to downgrade attacks; Otherwise, judge that the described message that receives is subjected to downgrade attacks.
The present invention also provides a kind of digital signature system, comprising: the demo plant of above-mentioned digital signature device and above-mentioned digital signature.
As shown from the above technical solution, the present invention is by choosing at least one message fragment from message, and calculate the message digest value of message and message fragment respectively, make the assailant must find at least two coupling message to point to the message digest value of message and the message digest value of at least one message fragment respectively simultaneously with inner link, thereby increased the difficulty of downgrade attacks, and then improved the fail safe of digital signature.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of drawings
The flow chart of the digital signature method that Fig. 1 provides for one embodiment of the invention;
The message format schematic diagram that Fig. 2 provides for one embodiment of the invention;
The schematic diagram of the final digital signature form that Fig. 3 provides for one embodiment of the invention;
The flow chart of the verification method of the digital signature that Fig. 4 provides for one embodiment of the invention;
The schematic diagram of the final digital signature form that Fig. 5 provides for another embodiment of the present invention;
The block diagram of the digital signature device that Fig. 6 provides for one embodiment of the invention;
The block diagram of the demo plant of the digital signature that Fig. 7 provides for one embodiment of the invention;
The block diagram of the digital signature system that Fig. 8 provides for one embodiment of the invention;
The block diagram of the digital signature module that Fig. 9 provides for one embodiment of the invention;
The block diagram of the digital signature module that Figure 10 provides for another embodiment of the present invention;
The schematic diagram that Figure 11 suffers downgrade attacks for the message that adopts existing digital signature technology.
Embodiment
The flow chart of the digital signature method that Fig. 1 provides for one embodiment of the invention.
As shown in Figure 1, digital signature method comprises:
Step 101: message waiting for transmission is handled, obtained first message digest value;
Particularly, message transmitting party at first needs according to this message algorithm message integral body to be calculated first message digest value according to demand for security specify message digest algorithm.
Step 102: from message, choose at least one message fragment;
Particularly, can choose a message fragment or a plurality of message fragment from message, each message fragment can be message transmitting party and good certain field or a few position of message recipient as offered.
The message fragment of choosing should reduce conflict as far as possible, makes when the assailant carries out downgrade attacks to message, is not easy to find the Message-text that mates former message fragment and obtains identical message digest value.
The message fragment can be chosen the field of expression message temporal information, form digital signature, this digital signature that comprises the message temporal information is called Digital Time-stamp (digitaltime-stamp), it is formed by the Digital Time-stamp service that mechanism provided special on the network (digital time-stamp service abbreviates DTS as).The assailant will find the Message-text that is complementary with Digital Time-stamp and obtain identical eap-message digest is very difficult, need satisfy time format feature and scope (may only be one minute) simultaneously, and the probability of Man Zuing is very low like this.
When choosing a plurality of message fragment, each message fragment can comprise same field or identical bits, and promptly each message fragment has overlapped part, also can be that certain the several message fragment in a plurality of message fragments have overlapped part.
Need to prove, the message fragment is not limited to the field of described certain field of present embodiment or a few position or expression message temporal information, overlapped mode between a plurality of message fragments also is not limited to aforesaid way, and the mode of choosing of the message fragment known to any those skilled in the art all can be used for realizing the present invention.
Step 103: the message fragment is handled respectively, obtained at least one corresponding second message digest value;
Particularly, when having chosen a message fragment, transmit leg calculates one second message digest value to selected message fragment; When having chosen a plurality of message fragment, transmit leg then calculates respectively each message fragment, obtains corresponding a plurality of second message digest value.
The algorithm that message digest value adopted that calculates each message fragment can be the same or different, and when adopting identical algorithms that all message fragments are calculated, and the algorithm that this algorithm is adopted in the time of also can be with the message digest value of calculating message is different.
The information of the algorithm that adopts was inserted in the message before message sends when prior art will be calculated each eap-message digest usually, therefore, when the recipient receives message and digital signature, had also received the pairing Message Digest 5 of each message digest value.
Step 104: adopt Digital Signature Algorithm that described first message digest value and described at least one second message digest value are encrypted, obtain final digital signature.
Concrete, this Digital Signature Algorithm is the algorithm of transmit leg and the common agreement of recipient, when adopting this algorithm that first message digest value and at least one second message digest value are encrypted, can encrypt respectively first message digest value and at least one second message digest value, obtain corresponding first digital signature and at least one second digital signature, with first digital signature and the combination of at least one second digital signature, obtain final digital signature again.Wherein, at least one second digital signature is connected the back of first digital signature, and the sequence consensus of the message fragment that puts in order and choose of at least one second digital signature.
When adopting this algorithm that first message digest value and at least one second message digest value are encrypted, also first message digest value and at least one second message digest value can be made up earlier, again first message digest value and at least one the second message digest value integral body of this combination are encrypted, obtain final digital signature.Wherein, at least one second message digest value is connected the back of first message digest value, and the sequence consensus of the message fragment that puts in order and choose of at least one second message digest value.
Need to prove, the mode that first message digest value and at least one second message digest value are encrypted is not limited to above-mentioned dual mode, can also be with the bulk encryption of part message digest value and other message digest value is encrypted respectively, each digital signature combination that will obtain then is to obtain final digital signature.Except that aforesaid way, any mode that first message digest value and at least one second message digest value are encrypted all can be used for realizing the present invention.
In the digital signature method of present embodiment, not only message integral body has been carried out message digest computation, obtained first message digest value, also a certain or some fragment in the message has been carried out message digest computation, obtained at least one second message digest value, made the assailant must find at least two coupling message to point to first message digest value and at least one second message digest value respectively simultaneously with inner link.Because the part of the ad-hoc location in the corresponding message of second message digest value, make the coupling message that the assailant found also will meet this point, just can attack, increased assailant's attack difficulty, reduced the danger that message is attacked, effectively stop downgrade attacks, satisfied the demand of the greater security of message and digital signature.
In addition, in the digital signature method of present embodiment, the mode that message digest value is encrypted has multiple, and transmit leg and recipient can arrange a kind of mode, the fail safe that has further improved digital signature as required.
The schematic diagram of the message format that Fig. 2 provides for one embodiment of the invention.The schematic diagram of the final digital signature form that Fig. 3 provides for one embodiment of the invention, final digital signature as shown in Figure 3 is to obtain under the situation of choosing a message fragment, wherein comprises corresponding to first digital signature of message and corresponding to one second digital signature of message fragment.As shown in Figure 2, message 201 constitutes complete data with final digital signature 202.
The flow chart of the verification method of the digital signature that Fig. 4 provides for one embodiment of the invention.Referring to Fig. 4, the verification method of digital signature comprises:
Step 401: according to the message that receives being chosen at least one message fragment with the mode of message transmitting party agreement.
Particularly, reciever to the message that receives according to transmit leg and recipient jointly the agreement method choose one or more message fragments.
Step 402: according to manner of decryption and Digital Signature Algorithm the final digital signature that receives is decrypted, obtains corresponding to first message digest value of message and corresponding at least one second message digest value of message fragment with message transmitting party agreement.
Particularly, reciever is decrypted by Digital Signature Algorithm according to the manner of decryption with the message transmitting party agreement the final digital signature that receives, this Digital Signature Algorithm is arranged jointly by transmit leg and recipient, this manner of decryption is corresponding with the cipher mode among the aforementioned digital signature method embodiment, be that transmit leg adopts a kind of cipher mode, then the recipient then adopts this mode that the final digital signature that receives is decrypted.When the message fragment of choosing in the step 401 is one, is decrypted the back and obtains corresponding to one first message digest value of message and corresponding to one second message digest value of message fragment; When the message fragment of choosing in the step 401 when being a plurality of, be decrypted the back and obtain corresponding to one first message digest value of message and corresponding to a plurality of second message digest value of a plurality of message fragments.
Step 403: message is handled, obtained the 3rd message digest value, and at least one message fragment is handled respectively, obtain at least one the 4th message digest value.
Particularly, message is calculated, obtain the 3rd message digest value, and the message fragment of choosing is calculated, when choosing a message fragment, calculate the back and obtain one the 4th message digest value; When choosing a plurality of message fragment, calculate the back and obtain a plurality of the 4th message digest value.
When calculating the message digest value of message or a certain message fragment, will by deciphering in the step 402 obtain to should message or the Message Digest 5 of this message fragment take out, with this algorithm this message or this message fragment are calculated.
Step 404: compare first message digest value and the 3rd message digest value.
Particularly, first message digest value and the 3rd message digest value are compared.As relatively result when be unequal, illustrate that the message that receives is the message of being distorted, then forward step 407 to, the judgement message is attacked.When relatively result when equating then execution in step 405.
Step 405: compare second message digest value and the 4th message digest value.
When choosing a message fragment, second message digest value and the 4th message digest value are respectively one, second message digest value and the 4th message digest value are compared, as relatively result when being unequal, illustrate that the message that receives is the message of being distorted, then forward step 407 to, judge that message is attacked.When comparative result when equating, illustrate to have received correct message that then forward step 406 to, the judgement message is not under fire.
When choosing a plurality of message fragment, second message digest value and the 4th message digest value are respectively a plurality of, by the order of choosing the message fragment, will compare with each second message digest value successively corresponding to each the 4th message digest value of message fragment.Have one when unequal when second message digest value and the 4th message digest value occurring, illustrate that the message that receives is the message of being distorted, then stop follow-up comparison, forward step 407 to, the judgement message is attacked.When comparative result is whole equating, illustrate to have received correct message, then forward step 406 to, judge message not under fire.
Can make by above-mentioned verification method the recipient is correct to judge whether the message that receives suffers downgrade attacks, thereby guarantee to receive the integrality and the reliability of data.
Need to prove, do not limit the order of carrying out between above-mentioned steps 404 and the step 405, promptly compare first message digest value and the 3rd message digest value earlier, perhaps relatively second message digest value and the 4th message digest value all can suitably be selected according to actual needs earlier.
The block diagram of the digital signature device that Fig. 6 provides for one embodiment of the invention.Referring to Fig. 6, digital signature device 601 comprises: the first eap-message digest processing module 603, fragment are chosen module 602, the second eap-message digest processing module 604, digital signature module 605.
Wherein, the first eap-message digest processing module 603 is used for message waiting for transmission is calculated, and obtains first message digest value.Fragment is chosen module 602 and is used for choosing at least one message fragment from message waiting for transmission.The second eap-message digest processing module 604 is used at least one message fragment is calculated, and obtains at least one second message digest value.Digital signature module 605 is used to adopt Digital Signature Algorithm that first message digest value and at least one second message digest value are encrypted, and obtains final digital signature.The choosing method of message fragment is seen for details explanation in the foregoing description, in this no longer repeat specification.
The block diagram of the digital signature module that Fig. 9 provides for one embodiment of the invention, as shown in Figure 9, digital signature module 605 comprises the first digital signature unit 6051, the second digital signature unit 6052 and first assembled unit 6053.Wherein, the first digital signature unit 6051 is used for adopting Digital Signature Algorithm to encrypt to first message digest value, obtains first digital signature; The second digital signature unit 6052 is used for adopting Digital Signature Algorithm to encrypt respectively at least one second message digest value, obtains at least one second digital signature; First assembled unit 6053 is used for first digital signature and at least one second digital signature are made up, and obtains final digital signature.At least one second digital signature is connected in the back of first digital signature, and the sequence consensus of the message fragment that puts in order and choose of at least one second digital signature.
When the message fragment of choosing was n, the form of final digital signature as shown in Figure 5.Wherein, first digital signature represent to dock the message overall calculation received and encrypt after the digital signature that obtains; Second digital signature 1 is represented the 1st the message fragment computations of choosing and the digital signature that obtains after encrypting; Second digital signature 2 is represented the 2nd the message fragment computations of choosing and the digital signature that obtains after encrypting, and by that analogy, the second digital signature n represents n the message fragment computations of choosing and the digital signature that obtains after encrypting.Second digital signature 1, second digital signature 2 ..., the second digital signature n is connected to the back of first digital signature in turn by the sequencing correspondence of message fragment, constitutes final digital signature.For example, if the sequencing of the n that chooses a message fragment be: the 1st message fragment, the 2nd message fragment ... n message fragment, then final digital signature is as shown in Figure 5.
By a plurality of message fragments of choosing are calculated the generation message digest value respectively, make the assailant must find a plurality of coupling message to point to corresponding message digest value respectively simultaneously, further increased the difficulty of downgrade attacks, and the number of the message fragment of choosing is many more, message possibility under attack is just low more, thus the fail safe that has further improved digital signature method.
The block diagram of the digital signature module that Figure 10 provides for another embodiment of the present invention.As shown in figure 10, digital signature module 605 comprises second assembled unit 6054 and the 3rd digital signature unit 6055.Wherein, second assembled unit 6054 is used for first message digest value and at least one second message digest value are made up; The 3rd digital signature unit 6055 is used to adopt Digital Signature Algorithm that first message digest value and at least one the second message digest value integral body of combination are encrypted, and obtains described final digital signature.At least one second message digest value is connected in the back of first message digest value, and the sequence consensus of the message fragment that puts in order and choose of at least one second message digest value.
The block diagram of the demo plant of the digital signature that Fig. 7 provides for one embodiment of the invention.Referring to Fig. 7, the demo plant 701 of digital signature comprises: fragment acquisition module 702, deciphering module 703, the 3rd eap-message digest processing module 704, the 4th eap-message digest processing module 705, first comparison module 706, second comparison module 707 and determination module 708.
Wherein, fragment acquisition module 702 is according to the mode of message transmitting party agreement the message that receives being chosen at least one message fragment; Deciphering module 703 adopts Digital Signature Algorithm that the final digital signature that receives is decrypted according to the manner of decryption with the message transmitting party agreement, obtain first message digest value and at least one second message digest value, this Digital Signature Algorithm is the algorithm of arranging with message transmitting party, first message digest value is corresponding with the message that receives, and at least one second message digest value is corresponding with at least one message fragment.This manner of decryption is corresponding with the cipher mode that transmit leg is adopted.
704 pairs of messages that receive of the 3rd eap-message digest processing module calculate, and obtain the 3rd message digest value; The 4th eap-message digest processing module 705 is calculated respectively at least one message fragment, obtains at least one the 4th message digest value.
The 3rd eap-message digest processing module 704 is when calculating the message digest value of message, perhaps the 4th eap-message digest processing module 705 is when calculating the message digest value of a certain message fragment, earlier will by deciphering in the deciphering module 703 obtain to should message or the Message Digest 5 of this message fragment take out, with this algorithm this message or this message fragment are calculated.
706 pairs first message digest value of first comparison module and the 3rd message digest value compare; Second comparison module 707 compares at least one second message digest value and at least one the 4th message digest value; Determination module 708 judges according to the comparative result of first comparison module 706 and second comparison module 707 whether the message that receives is subjected to downgrade attacks.
In the present embodiment, determination module 708 specifically is used for equating with the 3rd message digest value in first message digest value, and under at least one second message digest value and the situation that at least one the 4th message digest value all equates, judge that the message that receives is not subjected to downgrade attacks; Otherwise, judge that the message that receives is subjected to downgrade attacks.
The block diagram of the digital signature system that Fig. 8 provides for one embodiment of the invention.Referring to Fig. 8, digital signature system 801 comprises the demo plant 803 of digital signature device 802 and digital signature.Wherein, digital signature device 802 is described in detail in the above-described embodiments with the demo plant 803 of digital signature, no longer is repeated in this description at this.
Need to prove that the Message Digest 5 of the various embodiments described above and Digital Signature Algorithm are not limited to algorithm cited among the embodiment, Message Digest 5 and Digital Signature Algorithm known to any those skilled in the art all can be used for realizing the present invention.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment is only in order to technical scheme of the present invention to be described but not limit it, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that: it still can make amendment or be equal to replacement technical scheme of the present invention, and these modifications or be equal to replacement and also can not make amended technical scheme break away from the spirit and scope of technical solution of the present invention.
Claims (15)
1. a digital signature method is characterized in that, comprising:
Message waiting for transmission is handled, obtained first message digest value;
From described message, choose at least one message fragment;
Described message fragment is handled respectively, obtained at least one corresponding second message digest value;
Adopt Digital Signature Algorithm that described first message digest value and described at least one second message digest value are encrypted, obtain final digital signature.
2. digital signature method according to claim 1 is characterized in that, adopts Digital Signature Algorithm that described first message digest value and described at least one second message digest value are encrypted, and obtains final digital signature and comprises:
Adopt described Digital Signature Algorithm that described first message digest value is encrypted, obtain first digital signature;
Adopt described Digital Signature Algorithm that described at least one second message digest value is encrypted respectively, obtain at least one second digital signature;
Described first digital signature and described at least one second digital signature are made up.
3. digital signature method according to claim 1 is characterized in that, adopts Digital Signature Algorithm that described first message digest value and described at least one second message digest value are encrypted, and obtains final digital signature and comprises:
Described first message digest value and described at least one second message digest value are made up;
Adopt described Digital Signature Algorithm that described first message digest value and described at least one second message digest value integral body of combination are encrypted, obtain described final digital signature.
4. according to each described digital signature method of claim 1-3, it is characterized in that, from described message, choose at least one message fragment and comprise:
From described message, choose at least one field or at least one position.
5. according to each described digital signature method of claim 1-3, it is characterized in that, from described message, choose at least one message fragment and comprise:
From described message, choose a plurality of message fragments that comprise same field or identical bits.
6. digital signature method according to claim 4 is characterized in that, chooses at least one field and comprise from described message:
From described message, choose the field that at least one is used to represent the temporal information of described message.
7. the verification method of a digital signature is characterized in that, comprising:
According to the message that receives being chosen at least one message fragment with the mode of message transmitting party agreement;
According to manner of decryption and Digital Signature Algorithm the final digital signature that receives is decrypted with the message transmitting party agreement, obtain first message digest value and at least one second message digest value, described first message digest value is corresponding with the described message that receives, and described at least one second message digest value is corresponding with described at least one message fragment;
The described message that receives is handled, obtained the 3rd message digest value;
Described message fragment is handled respectively, obtained at least one corresponding the 4th message digest value;
Described first message digest value and described the 3rd message digest value are compared;
Described at least one second message digest value and described at least one the 4th message digest value are compared;
Equate with described the 3rd message digest value in described first message digest value, and under described at least one second message digest value and the situation that described at least one the 4th message digest value all equates, judge that the described message that receives is not subjected to downgrade attacks;
Otherwise, judge that the described message that receives is subjected to downgrade attacks.
8. a digital signature device is characterized in that, comprising:
The first eap-message digest processing module is used for message waiting for transmission is handled, and obtains first message digest value;
Fragment is chosen module, is used for choosing at least one message fragment from described message;
The second eap-message digest processing module is used for described message fragment is handled, and obtains at least one corresponding second message digest value;
The digital signature module is used to adopt Digital Signature Algorithm that described first message digest value and described at least one second message digest value are encrypted, and obtains final digital signature.
9. digital signature device according to claim 8 is characterized in that, described digital signature module comprises:
The first digital signature unit is used for adopting described Digital Signature Algorithm to encrypt to described first message digest value, obtains first digital signature;
The second digital signature unit is used for adopting described Digital Signature Algorithm to encrypt respectively to described at least one second message digest value, obtains at least one second digital signature;
First assembled unit is used for described first digital signature and described at least one second digital signature are made up, and obtains final digital signature.
10. digital signature device according to claim 8 is characterized in that, described digital signature module comprises:
Second assembled unit is used for described first message digest value and described at least one second message digest value are made up;
The 3rd digital signature unit is used to adopt described Digital Signature Algorithm that described first message digest value and described at least one second message digest value integral body of combination are encrypted, and obtains described final digital signature.
11. each described digital signature device is characterized in that according to Claim 8-10, described fragment is chosen module and is used for choosing at least one field or at least one position from described message.
12. each described digital signature device is characterized in that according to Claim 8-10, described fragment is chosen module and is used for choosing a plurality of message fragments that comprise same field or identical bits from described message.
13. each described digital signature device is characterized in that according to Claim 8-10, described fragment is chosen module and is used for choosing the field that at least one is used to represent the temporal information of described message from described message.
14. the demo plant of a digital signature is characterized in that, comprising:
The fragment acquisition module is used for according to the mode of message transmitting party agreement the message that receives being chosen at least one message fragment;
Deciphering module, be used for the final digital signature that receives being decrypted according to manner of decryption and Digital Signature Algorithm with the message transmitting party agreement, obtain first message digest value and at least one second message digest value, described first message digest value is corresponding with the described message that receives, and described at least one second message digest value is corresponding with described at least one message fragment;
The 3rd eap-message digest processing module is used for the described message that receives is handled, and obtains the 3rd message digest value;
The 4th eap-message digest processing module is used for described message fragment is handled respectively, obtains at least one corresponding the 4th message digest value;
First comparison module is used for described first message digest value and described the 3rd message digest value are compared;
Second comparison module is used for described at least one second message digest value and described at least one the 4th message digest value are compared;
Determination module, be used for equating with described the 3rd message digest value in described first message digest value, and under described at least one second message digest value and the situation that described at least one the 4th message digest value all equates, judge that the described message that receives is not subjected to downgrade attacks; Otherwise, judge that the described message that receives is subjected to downgrade attacks.
15. a digital signature system is characterized in that, comprising: aforesaid right requires each described digital signature device of 8-13 and aforesaid right to require the demo plant of 14 described digital signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010505308A CN101980471B (en) | 2010-10-08 | 2010-10-08 | Digital signature method, and method, device and system for verifying digital signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010505308A CN101980471B (en) | 2010-10-08 | 2010-10-08 | Digital signature method, and method, device and system for verifying digital signature |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101980471A true CN101980471A (en) | 2011-02-23 |
| CN101980471B CN101980471B (en) | 2012-08-29 |
Family
ID=43600955
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010505308A Active CN101980471B (en) | 2010-10-08 | 2010-10-08 | Digital signature method, and method, device and system for verifying digital signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101980471B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103430507A (en) * | 2011-03-08 | 2013-12-04 | 惠普发展公司,有限责任合伙企业 | Methods and systems for full pattern matching in hardware |
| CN104243161A (en) * | 2014-07-24 | 2014-12-24 | 无锡天公瑞丰科技有限公司 | Distribution automation dual security communication method and device based on TG-Inwicos |
| CN104519054A (en) * | 2014-12-12 | 2015-04-15 | 中金金融认证中心有限公司 | Digital signature method, device and system |
| CN106936594A (en) * | 2017-05-17 | 2017-07-07 | 浪潮通信信息系统有限公司 | A kind of chain type Self-certified safety interacting method |
| CN110311784A (en) * | 2019-06-10 | 2019-10-08 | 北京信安世纪科技股份有限公司 | A kind of JSON message endorsement method, sign test method and device |
| CN113297633A (en) * | 2021-07-26 | 2021-08-24 | 南京大学 | Quantum digital signature method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020099948A1 (en) * | 1999-09-02 | 2002-07-25 | Cryptography Research, Inc. | Digital Content Protection Method and Apparatus |
| CN1729647A (en) * | 2002-12-21 | 2006-02-01 | 国际商业机器公司 | Methods, apparatus and computer programs for generating and/or using conditional electronic signatures for reporting status changes |
| CN1794631A (en) * | 2005-12-26 | 2006-06-28 | 李代甫 | Sign device and method of digital sign |
| CN101203025A (en) * | 2006-12-15 | 2008-06-18 | 上海晨兴电子科技有限公司 | Method for transmitting and receiving safe mobile message |
| CN101631022A (en) * | 2009-08-04 | 2010-01-20 | 北京飞天诚信科技有限公司 | Signing method and system thereof |
-
2010
- 2010-10-08 CN CN201010505308A patent/CN101980471B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020099948A1 (en) * | 1999-09-02 | 2002-07-25 | Cryptography Research, Inc. | Digital Content Protection Method and Apparatus |
| CN1729647A (en) * | 2002-12-21 | 2006-02-01 | 国际商业机器公司 | Methods, apparatus and computer programs for generating and/or using conditional electronic signatures for reporting status changes |
| CN1794631A (en) * | 2005-12-26 | 2006-06-28 | 李代甫 | Sign device and method of digital sign |
| CN101203025A (en) * | 2006-12-15 | 2008-06-18 | 上海晨兴电子科技有限公司 | Method for transmitting and receiving safe mobile message |
| CN101631022A (en) * | 2009-08-04 | 2010-01-20 | 北京飞天诚信科技有限公司 | Signing method and system thereof |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103430507A (en) * | 2011-03-08 | 2013-12-04 | 惠普发展公司,有限责任合伙企业 | Methods and systems for full pattern matching in hardware |
| US9602522B2 (en) | 2011-03-08 | 2017-03-21 | Trend Micro Incorporated | Methods and systems for full pattern matching in hardware |
| CN104243161A (en) * | 2014-07-24 | 2014-12-24 | 无锡天公瑞丰科技有限公司 | Distribution automation dual security communication method and device based on TG-Inwicos |
| CN104519054A (en) * | 2014-12-12 | 2015-04-15 | 中金金融认证中心有限公司 | Digital signature method, device and system |
| CN106936594A (en) * | 2017-05-17 | 2017-07-07 | 浪潮通信信息系统有限公司 | A kind of chain type Self-certified safety interacting method |
| CN106936594B (en) * | 2017-05-17 | 2020-03-17 | 浪潮天元通信信息系统有限公司 | Chain type self-authentication security interaction method |
| CN110311784A (en) * | 2019-06-10 | 2019-10-08 | 北京信安世纪科技股份有限公司 | A kind of JSON message endorsement method, sign test method and device |
| CN110311784B (en) * | 2019-06-10 | 2022-10-21 | 北京信安世纪科技股份有限公司 | JSON message signature method, signature verification method and device |
| CN113297633A (en) * | 2021-07-26 | 2021-08-24 | 南京大学 | Quantum digital signature method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101980471B (en) | 2012-08-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109194466B (en) | Block chain-based cloud data integrity detection method and system | |
| US7127067B1 (en) | Secure patch system | |
| US9166793B2 (en) | Efficient authentication for mobile and pervasive computing | |
| CN101980471B (en) | Digital signature method, and method, device and system for verifying digital signature | |
| US10057071B2 (en) | Component for connecting to a data bus, and methods for implementing a cryptographic functionality in such a component | |
| US20120096564A1 (en) | Data integrity protecting and verifying methods, apparatuses and systems | |
| US20130195266A1 (en) | Apparatus and Method for Producing a Message Authentication Code | |
| CN112491549B (en) | Data information encryption verification method, system and computer readable storage medium | |
| JP6190404B2 (en) | Receiving node, message receiving method and computer program | |
| CN111555872A (en) | Communication data processing method, device, computer system and storage medium | |
| CN107566360B (en) | A kind of generation method of data authentication code | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| CN110381055A (en) | RFID system privacy-protection certification protocol method in healthcare supply chain | |
| CN112311718A (en) | Method, device and equipment for detecting hardware and storage medium | |
| CN117640256B (en) | Data encryption method, recommendation device and storage medium of wireless network card | |
| KR101731645B1 (en) | Method of processing data protected against fault injection attacks and associated device | |
| CN104995866A (en) | Message authentication using a universal hash function computed with carryless multiplication | |
| US20190132119A1 (en) | Method for exchanging messages between security-relevant devices | |
| US11341217B1 (en) | Enhancing obfuscation of digital content through use of linear error correction codes | |
| CN102781005A (en) | Transponder, reader and methods for operating the same | |
| CN116861461A (en) | Data processing method, system, device, storage medium and electronic equipment | |
| CN106203579A (en) | A kind of safe RFID label tag random number automatic update method | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| CN116781265A (en) | Data encryption method and device | |
| CN116455892B (en) | File transmission method, file transmission device and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Free format text: FORMER OWNER: KNET CO., LTD. |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| C53 | Correction of patent for invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Mao Wei Inventor after: Li Xiaodong Inventor after: Shen Shuo Inventor after: Wang Yan Inventor after: Liu Jin Inventor before: Mao Wei Inventor before: Li Xiaodong Inventor before: Shen Shuo Inventor before: Wang Yan Inventor before: Liu Jin Inventor before: Lu Wenzhe |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: MAO WEI LI XIAODONG SHEN SHUO WANG YAN LIU JIN LU WENZHE TO: MAO WEI LI XIAODONG SHEN SHUO WANG YAN LIU JIN |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20110419 Address after: 100190 Beijing, Zhongguancun, South Street, No. four, No. four, No. Applicant after: Computer Network Information Center, Chinese Academy of Sciences Address before: 100190 Beijing, Zhongguancun, South Street, No. four, No. four, No. Applicant before: Computer Network Information Center, Chinese Academy of Sciences Co-applicant before: Beilong Knet (Beijing) Technology Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210210 Address after: 100190 room 506, building 2, courtyard 4, South 4th Street, Zhongguancun, Haidian District, Beijing Patentee after: CHINA INTERNET NETWORK INFORMATION CENTER Address before: 100190 No. four, four South Street, Haidian District, Beijing, Zhongguancun Patentee before: Computer Network Information Center, Chinese Academy of Sciences |