CN101980471A - Digital signature method, digital signature verification method, device and system - Google Patents

Digital signature method, digital signature verification method, device and system Download PDF

Info

Publication number
CN101980471A
CN101980471A CN 201010505308 CN201010505308A CN101980471A CN 101980471 A CN101980471 A CN 101980471A CN 201010505308 CN201010505308 CN 201010505308 CN 201010505308 A CN201010505308 A CN 201010505308A CN 101980471 A CN101980471 A CN 101980471A
Authority
CN
China
Prior art keywords
message
digital signature
digest value
message digest
fragment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 201010505308
Other languages
Chinese (zh)
Other versions
CN101980471B (en
Inventor
毛伟
李晓东
沈烁
王妍
刘瑾
卢文哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Internet Network Information Center
Original Assignee
Knet Co ltd
Computer Network Information Center of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Knet Co ltd, Computer Network Information Center of CAS filed Critical Knet Co ltd
Priority to CN201010505308A priority Critical patent/CN101980471B/en
Publication of CN101980471A publication Critical patent/CN101980471A/en
Application granted granted Critical
Publication of CN101980471B publication Critical patent/CN101980471B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明涉及一种数字签名方法、数字签名的验证方法、装置及系统。数字签名方法包括:对待传输的报文进行处理,获得第一消息摘要值;从所述报文中选取至少一个报文片段;对所述报文片段分别进行处理,获得对应的至少一个第二消息摘要值;采用数字签名算法对所述第一消息摘要值及所述至少一个第二消息摘要值进行加密,获得最终数字签名。本发明通过从报文中选取至少一个报文片段,并分别计算报文及报文片段的消息摘要值,使得攻击者必须同时找到至少两个具有内在联系的匹配消息分别指向报文的消息摘要值及至少一个报文片段的消息摘要值,从而增加了降级攻击的难度,进而提高了数字签名的安全性。

Figure 201010505308

The invention relates to a digital signature method, a digital signature verification method, a device and a system. The digital signature method includes: processing the message to be transmitted to obtain a first message digest value; selecting at least one message fragment from the message; processing the message fragments respectively to obtain at least one corresponding second A message digest value: using a digital signature algorithm to encrypt the first message digest value and the at least one second message digest value to obtain a final digital signature. The present invention selects at least one message segment from the message, and calculates the message digest value of the message and the message segment respectively, so that the attacker must find at least two matching messages with intrinsic relations at the same time, respectively pointing to the message digest of the message value and the message digest value of at least one message segment, thereby increasing the difficulty of downgrade attacks, thereby improving the security of digital signatures.

Figure 201010505308

Description

数字签名方法、数字签名的验证方法、装置及系统 Digital signature method, digital signature verification method, device and system

技术领域technical field

本发明涉及一种网络信息加密技术,尤其涉及一种可有效防止降级攻击的数字签名方法、数字签名的验证方法、装置及系统。The invention relates to a network information encryption technology, in particular to a digital signature method capable of effectively preventing downgrade attacks, a digital signature verification method, device and system.

背景技术Background technique

随着网络技术的飞速发展,网络安全问题日益重要,而信息加密技术则是网络安全技术中的核心技术。数字签名(Digital Signatures)是众多信息加密技术中使用较为广泛的技术,它是保证信息传输的保密性、数据交换的完整性、发送信息的不可否认性、交易者身份的确定性的一种有效的解决方案,是电子商务安全性的重要部分。With the rapid development of network technology, network security issues are becoming more and more important, and information encryption technology is the core technology of network security technology. Digital Signatures (Digital Signatures) are widely used among many information encryption technologies. The solution is an important part of e-commerce security.

现有技术中,数字签名方案有多种,例如RSA(Ron Rivest、Adi Shamir&Leonard Adleman)签名、基于数字信封的数字签名、基于消息摘要的数字签名方案等。其中,基于消息摘要的数字签名方案包括:先采用消息摘要的算法为需加密的报文形成消息摘要值,再用RSA编码法对该消息摘要值计算形成数字签名。该方法通过消息摘要值保证了报文数据的完整性,通过RSA编码法保证了报文数据的保密性,同时由于消息摘要值长度远小于报文数据长度,大大减小了RSA编码的工作量。In the prior art, there are many digital signature schemes, such as RSA (Ron Rivest, Adi Shamir&Leonard Adleman) signature, digital signature based on digital envelope, digital signature scheme based on message digest, etc. Among them, the digital signature scheme based on the message digest includes: first using the message digest algorithm to form a message digest value for the message to be encrypted, and then using the RSA encoding method to calculate the message digest value to form a digital signature. This method ensures the integrity of the message data through the message digest value, and ensures the confidentiality of the message data through the RSA encoding method. At the same time, because the length of the message digest value is much smaller than the length of the message data, the workload of RSA encoding is greatly reduced. .

上述基于消息摘要的数字签名方案中的消息摘要(Message Digest,简称为MD)是一种编码方法,它采用单向哈希(Hash)函数将需加密的任意长度的消息形成为一串固定长度的消息摘要值,且不同的消息形成的消息摘要值结果不同,而同样的消息形成的消息摘要值必定一致。消息摘要的一个重要属性就是不可逆性(irreversibility),即给定一个消息摘要值,要想计算出它所对应的消息应当是极其困难的。消息摘要的另一个重要属性就是要想产生具有相同消息摘要值的两条消息M和M′是困难的,该属性被称作抗冲突性(collision resistance)。实际上,任何抵御冲突发生的消息摘要的强度只有消息摘要值的一半,因此一个128位的消息摘要值避免发生冲突的强度只有64位,也就是说需要大约264次操作才会产生一次冲突,即产生具有相同消息摘要值的另一条消息,从而保证了消息的完整性。Message Digest (MD) in the above-mentioned message digest-based digital signature scheme is an encoding method, which uses a one-way hash (Hash) function to form a message of any length to be encrypted into a string of fixed length The message digest value of different messages is different, but the message digest value of the same message must be the same. An important property of message digests is irreversibility (irreversibility), that is, given a message digest value, it should be extremely difficult to calculate its corresponding message. Another important property of message digests is that it is difficult to generate two messages M and M' with the same message digest value, which is called collision resistance. In fact, the strength of any message digest against collisions is only half of the message digest value, so a 128-bit message digest value is only 64 bits strong to avoid collisions, which means that it takes about 2 64 operations to generate a collision , which produces another message with the same message digest value, thus ensuring the integrity of the message.

不同算法得出的消息摘要值长度不同,安全强度不同。如:MD5得出的消息摘要值长度为128位,SHA-1得出的消息摘要值长度为160位,因此,需要264次操作才能找到MD5的一次冲突,而对于SHA-1则是280次操作。The message digest values obtained by different algorithms have different lengths and different security strengths. For example: the length of the message digest value obtained by MD5 is 128 bits, and the length of the message digest value obtained by SHA-1 is 160 bits. Therefore, it takes 2 64 operations to find a collision of MD5, while for SHA-1 it is 2 80 operations.

现有技术存在的缺陷在于:经过现有的基于消息摘要的数字签名方案所加密的信息,在网络中传输时容易遭受降级攻击,攻击者通过使用低安全级别的消息摘要算法替换高级消息摘要算法来达到攻击的目的。The defect of the existing technology is that the information encrypted by the existing message digest-based digital signature scheme is vulnerable to downgrade attacks when transmitted in the network, and the attacker replaces the advanced message digest algorithm with a low security level message digest algorithm to achieve the purpose of the attack.

图11为采用现有数字签名技术的报文遭受降级攻击的原理图。如图11所示,发送端为提高数据传输的安全性,将原先所采用消息摘要算法MD5算法升级为SHA-1算法。在进行数据传输时,发送端首先将待发送的报文A经SHA-1算法计算获得消息摘要值h=SHA-1(A),再计算数字签名RSA(h),然后将格式为:报文A+数字签名RSA(h)的数据发送给接收方。FIG. 11 is a schematic diagram of a downgrade attack on a message using an existing digital signature technology. As shown in Figure 11, in order to improve the security of data transmission, the sender upgrades the original message digest algorithm MD5 algorithm to SHA-1 algorithm. During data transmission, the sender first calculates the message A to be sent through the SHA-1 algorithm to obtain the message digest value h=SHA-1(A), then calculates the digital signature RSA(h), and then sends the message in the format: The data of text A+digital signature RSA(h) is sent to the receiver.

攻击者在发送端升级消息摘要算法前已获得了经过验证的报文A1及数字签名RSA(h1),其中的h1为报文A1用升级前的低级消息摘要算法MD5进行计算得到的,即h1=MD5(A1),攻击者根据此消息摘要值进行碰撞运算,得到一个伪造的报文B,使得MD5(B)=MD5(A1)。The attacker has obtained the verified message A1 and the digital signature RSA(h1) before the message digest algorithm is upgraded at the sender, where h1 is obtained by calculating the message A1 with the low-level message digest algorithm MD5 before the upgrade, that is, h1 =MD5(A1), the attacker performs a collision operation according to the message digest value, and obtains a forged message B, so that MD5(B)=MD5(A1).

攻击者截获发送端所发送的数据,将该数据中的数字签名RSA(h)替换为RSA(h1),再将其报文A替换为报文B,篡改后的数据格式为:报文B+数字签名RSA(h1),然后攻击者将此数据发送给接收端。The attacker intercepts the data sent by the sender, replaces the digital signature RSA(h) in the data with RSA(h1), and then replaces its message A with message B. The tampered data format is: message B+ Digitally sign RSA(h1), then the attacker sends this data to the receiver.

接收端接收到经过篡改的数据后,先对RSA(h1)进行解密得到消息摘要值h1,再将报文B用其携带的MD5算法进行计算,获得MD5(B),因为MD5(B)=MD5(A1)=h1,所以接收端无法判断报文已遭篡改。因此,采用现有的基于消息摘要的数字签名方法所加密的信息,容易遭受降级攻击。After receiving the falsified data, the receiving end first decrypts RSA(h1) to obtain the message digest value h1, and then calculates the message B with the MD5 algorithm carried in it to obtain MD5(B), because MD5(B)= MD5(A1)=h1, so the receiving end cannot judge that the message has been tampered with. Therefore, the information encrypted by the existing message digest-based digital signature method is vulnerable to downgrade attacks.

发明内容Contents of the invention

针对现有技术的缺陷,本发明提供一种数字签名方法、数字签名的验证方法、装置及系统,可有效防止降级攻击。Aiming at the defects of the prior art, the present invention provides a digital signature method, a digital signature verification method, device and system, which can effectively prevent downgrade attacks.

本发明提供了一种数字签名方法,包括:The invention provides a digital signature method, comprising:

对待传输的报文进行处理,获得第一消息摘要值;Process the message to be transmitted to obtain the first message digest value;

从所述报文中选取至少一个报文片段;selecting at least one message segment from the message;

对所述报文片段分别进行处理,获得对应的至少一个第二消息摘要值;Process the message fragments respectively to obtain at least one corresponding second message digest value;

采用数字签名算法对所述第一消息摘要值及所述至少一个第二消息摘要值进行加密,获得最终数字签名。Encrypting the first message digest value and the at least one second message digest value using a digital signature algorithm to obtain a final digital signature.

本发明又提供了一种数字签名的验证方法,包括:The present invention also provides a verification method of a digital signature, comprising:

根据与报文发送方约定的方式对接收到的报文选取至少一个报文片段;Select at least one message segment from the received message according to the method agreed with the message sender;

根据与报文发送方约定的解密方式及数字签名算法对接收到的最终数字签名进行解密,获得第一消息摘要值及至少一个第二消息摘要值,所述第一消息摘要值与所述接收到的报文对应,所述至少一个第二消息摘要值与所述至少一个报文片段对应;Decrypt the received final digital signature according to the decryption method and digital signature algorithm agreed with the message sender, and obtain a first message digest value and at least one second message digest value, the first message digest value and the received Corresponding to the received message, the at least one second message digest value corresponds to the at least one message fragment;

对所述接收到的报文进行处理,获得第三消息摘要值;Process the received message to obtain a third message digest value;

对所述报文片段分别进行处理,获得对应的至少一个第四消息摘要值;Process the message fragments respectively to obtain at least one corresponding fourth message digest value;

对所述第一消息摘要值与所述第三消息摘要值进行比较;comparing the first message digest value with the third message digest value;

对所述至少一个第二消息摘要值与所述至少一个第四消息摘要值进行比较;comparing the at least one second message digest value with the at least one fourth message digest value;

在所述第一消息摘要值与所述第三消息摘要值相等,且所述至少一个第二消息摘要值与所述至少一个第四消息摘要值全部相等的情况下,判定所述接收到的报文未受到降级攻击;When the first message digest value is equal to the third message digest value, and the at least one second message digest value is equal to the at least one fourth message digest value, it is determined that the received The packet is not subject to a downgrade attack;

否则,判定所述接收到的报文受到降级攻击。Otherwise, it is determined that the received packet is subject to a downgrade attack.

本发明还提供了一种数字签名装置,包括:The present invention also provides a digital signature device, comprising:

第一消息摘要处理模块,用于对待传输的报文进行处理,获得第一消息摘要值;The first message digest processing module is configured to process the message to be transmitted to obtain the first message digest value;

片段选取模块,用于从所述报文中选取至少一个报文片段;A segment selection module, configured to select at least one message segment from the message;

第二消息摘要处理模块,用于对所述报文片段进行处理,获得对应的至少一个第二消息摘要值;A second message digest processing module, configured to process the message fragments to obtain at least one corresponding second message digest value;

数字签名模块,用于采用数字签名算法对所述第一消息摘要值及所述至少一个第二消息摘要值进行加密,获得最终数字签名。A digital signature module, configured to use a digital signature algorithm to encrypt the first message digest value and the at least one second message digest value to obtain a final digital signature.

本发明再提供了一种数字签名的验证装置,包括:The present invention further provides a digital signature verification device, comprising:

片段获取模块,用于根据与报文发送方约定的方式对接收到的报文选取至少一个报文片段;A fragment acquisition module, configured to select at least one message fragment from the received message according to the method agreed with the message sender;

解密模块,用于根据与报文发送方约定的解密方式及数字签名算法对接收到的最终数字签名进行解密,获得第一消息摘要值及至少一个第二消息摘要值,所述第一消息摘要值与所述接收到的报文对应,所述至少一个第二消息摘要值与所述至少一个报文片段对应;A decryption module, configured to decrypt the received final digital signature according to the decryption method and digital signature algorithm agreed with the message sender, and obtain a first message digest value and at least one second message digest value, the first message digest value The value corresponds to the received message, and the at least one second message digest value corresponds to the at least one message fragment;

第三消息摘要处理模块,用于对所述接收到的报文进行处理,获得第三消息摘要值;A third message digest processing module, configured to process the received message to obtain a third message digest value;

第四消息摘要处理模块,用于对所述报文片段分别进行处理,获得对应的至少一个第四消息摘要值;A fourth message digest processing module, configured to process the message fragments respectively to obtain at least one corresponding fourth message digest value;

第一比较模块,用于对所述第一消息摘要值与所述第三消息摘要值进行比较;a first comparison module, configured to compare the first message digest value with the third message digest value;

第二比较模块,用于对所述至少一个第二消息摘要值与所述至少一个第四消息摘要值进行比较;a second comparison module, configured to compare the at least one second message digest value with the at least one fourth message digest value;

判定模块,用于在所述第一消息摘要值与所述第三消息摘要值相等,且所述至少一个第二消息摘要值与所述至少一个第四消息摘要值全部相等的情况下,判定所述接收到的报文未受到降级攻击;否则,判定所述接收到的报文受到降级攻击。A judging module, configured to judge when the first message digest value is equal to the third message digest value, and the at least one second message digest value is all equal to the at least one fourth message digest value The received message is not subject to a downgrade attack; otherwise, it is determined that the received message is subject to a downgrade attack.

本发明还提供了一种数字签名系统,包括:上述数字签名装置与上述数字签名的验证装置。The present invention also provides a digital signature system, including: the above-mentioned digital signature device and the above-mentioned digital signature verification device.

由上述技术方案可知,本发明通过从报文中选取至少一个报文片段,并分别计算报文及报文片段的消息摘要值,使得攻击者必须同时找到至少两个具有内在联系的匹配消息分别指向报文的消息摘要值及至少一个报文片段的消息摘要值,从而增加了降级攻击的难度,进而提高了数字签名的安全性。As can be seen from the above technical solution, the present invention selects at least one message segment from the message, and calculates the message digest values of the message and the message segment respectively, so that the attacker must simultaneously find at least two matching messages with intrinsic connections, respectively Pointing to the message digest value of the message and the message digest value of at least one message fragment, thereby increasing the difficulty of downgrade attacks, thereby improving the security of the digital signature.

下面通过附图和实施例,对本发明的技术方案做进一步的详细描述。The technical solutions of the present invention will be described in further detail below with reference to the accompanying drawings and embodiments.

附图说明Description of drawings

图1为本发明一实施例提供的数字签名方法的流程图;Fig. 1 is a flowchart of a digital signature method provided by an embodiment of the present invention;

图2为本发明一实施例提供的报文格式示意图;FIG. 2 is a schematic diagram of a message format provided by an embodiment of the present invention;

图3为本发明一实施例提供的最终数字签名格式的示意图;Fig. 3 is a schematic diagram of the final digital signature format provided by an embodiment of the present invention;

图4为本发明一实施例提供的数字签名的验证方法的流程图;FIG. 4 is a flowchart of a digital signature verification method provided by an embodiment of the present invention;

图5为本发明另一实施例提供的最终数字签名格式的示意图;Fig. 5 is a schematic diagram of the final digital signature format provided by another embodiment of the present invention;

图6为本发明一实施例提供的数字签名装置的方框图;FIG. 6 is a block diagram of a digital signature device provided by an embodiment of the present invention;

图7为本发明一实施例提供的数字签名的验证装置的方框图;FIG. 7 is a block diagram of a digital signature verification device provided by an embodiment of the present invention;

图8为本发明一实施例提供的数字签名系统的方框图;FIG. 8 is a block diagram of a digital signature system provided by an embodiment of the present invention;

图9为本发明一实施例提供的数字签名模块的方框图;Fig. 9 is a block diagram of a digital signature module provided by an embodiment of the present invention;

图10为本发明另一实施例提供的数字签名模块的方框图;Fig. 10 is a block diagram of a digital signature module provided by another embodiment of the present invention;

图11为采用现有数字签名技术的报文遭受降级攻击的原理图。FIG. 11 is a schematic diagram of a downgrade attack on a message using an existing digital signature technology.

具体实施方式Detailed ways

图1为本发明一实施例提供的数字签名方法的流程图。Fig. 1 is a flowchart of a digital signature method provided by an embodiment of the present invention.

如图1所示,数字签名方法包括:As shown in Figure 1, digital signature methods include:

步骤101:对待传输的报文进行处理,获得第一消息摘要值;Step 101: Process the message to be transmitted to obtain the first message digest value;

具体地,报文发送方首先需要根据安全需求指定消息摘要算法,根据该消息算法对报文整体进行计算得到第一消息摘要值。Specifically, the message sender first needs to specify a message digest algorithm according to security requirements, and calculate the entire message according to the message algorithm to obtain the first message digest value.

步骤102:从报文中选取至少一个报文片段;Step 102: Select at least one message segment from the message;

具体地,可从报文中选取一个报文片段或多个报文片段,每一个报文片段可以为报文发送方和报文接收方事先协商好的某字段或某几位。Specifically, one message segment or multiple message segments may be selected from the message, and each message segment may be a certain field or several bits negotiated in advance between the message sender and the message receiver.

选取的报文片段应尽可能减少冲突,使得当攻击者对报文进行降级攻击时,不容易找到匹配原报文片段的消息文本而得到相同的消息摘要值。The selected message fragments should minimize conflicts, so that when an attacker performs a downgrade attack on the message, it is not easy to find the message text that matches the original message fragment and obtain the same message digest value.

报文片段可以选取表示报文时间信息的字段,形成数字签名,这种包含报文时间信息的数字签名称为数字时间戳(digitaltime-stamp),它由网络上专门的机构所提供的数字时间戳服务(digital time-stamp service,简称为DTS)来形成。攻击者要找到与数字时间戳相匹配的消息文本而得到相同的消息摘要是非常困难的,需要同时满足时间格式特征和范围(可能仅为一分钟),这样满足的几率非常低。The message fragment can select the field representing the time information of the message to form a digital signature. This digital signature containing the time information of the message is called a digital time stamp (digital time-stamp), which is provided by a special organization on the network. stamp service (digital time-stamp service, referred to as DTS) to form. It is very difficult for an attacker to find the message text that matches the digital timestamp to get the same message digest. It needs to satisfy the time format characteristics and range (maybe only one minute), so the probability of meeting is very low.

当选取多个报文片段时,各报文片段可包含相同字段或相同位,即各报文片段具有相互重叠的部分,也可以是多个报文片段中的某几个报文片段具有相互重叠的部分。When multiple message segments are selected, each message segment can contain the same field or the same bit, that is, each message segment has overlapping parts, or some message segments in multiple message segments have mutual overlapping parts.

需要说明的是,报文片段并不局限于本实施例所描述的某字段或某几位或表示报文时间信息的字段,多个报文片段之间的相互重叠方式也不限于上述方式,任何本领域技术人员所知的报文片段的选取方式都可用于实现本发明。It should be noted that the message fragments are not limited to a certain field or a certain number of bits or the field representing the time information of the message described in this embodiment, and the overlapping manner of multiple message fragments is not limited to the above-mentioned manner. Any method of selecting message segments known to those skilled in the art can be used to implement the present invention.

步骤103:对报文片段分别进行处理,获得对应的至少一个第二消息摘要值;Step 103: Process the message fragments respectively to obtain at least one corresponding second message digest value;

具体地,当选取了一个报文片段时,发送方对所选取的报文片段进行计算得到一个第二消息摘要值;当选取了多个报文片段时,发送方则对每一个报文片段分别进行计算,得到对应的多个第二消息摘要值。Specifically, when a message segment is selected, the sender calculates the selected message segment to obtain a second message digest value; when multiple message segments are selected, the sender calculates each message segment Calculations are performed respectively to obtain a plurality of corresponding second message digest values.

计算每个报文片段的消息摘要值所采用的算法可以相同也可以不同,且当采用相同算法对所有的报文片段进行计算时,这个算法也可以与计算报文的消息摘要值时所采用的算法不同。The algorithm used to calculate the message digest value of each message fragment can be the same or different, and when the same algorithm is used to calculate all message fragments, this algorithm can also be used when calculating the message digest value of the message algorithm is different.

现有技术通常将计算每个消息摘要时所采用算法的信息在报文发送前插入到报文中,因此,接收方收到报文及数字签名的同时,也接收到了每个消息摘要值所对应的消息摘要算法。In the existing technology, information about the algorithm used to calculate the digest of each message is usually inserted into the message before the message is sent. Therefore, when the receiver receives the message and the digital signature, it also receives the information contained in the digest value of each message. The corresponding message digest algorithm.

步骤104:采用数字签名算法对所述第一消息摘要值及所述至少一个第二消息摘要值进行加密,获得最终数字签名。Step 104: Encrypt the first message digest value and the at least one second message digest value using a digital signature algorithm to obtain a final digital signature.

具体的,该数字签名算法是发送方与接收方共同约定的算法,采用该算法对第一消息摘要值及至少一个第二消息摘要值进行加密时,可以对第一消息摘要值及至少一个第二消息摘要值分别加密,得到对应的第一数字签名及至少一个第二数字签名,再将第一数字签名和至少一个第二数字签名组合,获得最终数字签名。其中,至少一个第二数字签名连接在第一数字签名的后面,而至少一个第二数字签名的排列顺序与选取的报文片段的顺序一致。Specifically, the digital signature algorithm is an algorithm agreed upon by the sender and the receiver. When this algorithm is used to encrypt the first message digest value and at least one second message digest value, the first message digest value and at least one second message digest value can be encrypted. The two message digest values are respectively encrypted to obtain a corresponding first digital signature and at least one second digital signature, and then the first digital signature and at least one second digital signature are combined to obtain a final digital signature. Wherein, at least one second digital signature is connected behind the first digital signature, and the arrangement order of the at least one second digital signature is consistent with the order of the selected message segments.

采用该算法对第一消息摘要值及至少一个第二消息摘要值进行加密时,还可将第一消息摘要值及至少一个第二消息摘要值先进行组合,再对该组合的第一消息摘要值及至少一个第二消息摘要值整体进行加密,获得最终数字签名。其中,至少一个第二消息摘要值连接在第一消息摘要值的后面,而至少一个第二消息摘要值的排列顺序与选取的报文片段的顺序一致。When using this algorithm to encrypt the first message digest value and at least one second message digest value, the first message digest value and at least one second message digest value can also be combined first, and then the combined first message digest value value and at least one second message digest value are encrypted as a whole to obtain a final digital signature. Wherein, at least one second message digest value is connected behind the first message digest value, and the arrangement order of the at least one second message digest value is consistent with the order of the selected message segments.

需要说明的是,对第一消息摘要值及至少一个第二消息摘要值进行加密的方式并不限于上述两种方式,还可以将部分消息摘要值整体加密而其他的消息摘要值分别进行加密,然后将获得的各数字签名组合,以得到最终数字签名。除上述方式外,任何对第一消息摘要值及至少一个第二消息摘要值进行加密的方式都可用于实现本发明。It should be noted that the manner of encrypting the first message digest value and at least one second message digest value is not limited to the above two methods, and some message digest values may be encrypted as a whole and other message digest values may be encrypted separately, Then the obtained digital signatures are combined to obtain the final digital signature. In addition to the above methods, any method of encrypting the first message digest value and at least one second message digest value can be used to implement the present invention.

本实施例的数字签名方法中,不仅对报文整体进行了消息摘要计算,获得了第一消息摘要值,还对报文中的某一或某些片段进行了消息摘要计算,获得了至少一个第二消息摘要值,使得攻击者必须同时找到至少两个具有内在联系的匹配消息分别指向第一消息摘要值和至少一个第二消息摘要值。由于第二消息摘要值对应报文中的特定位置的一部分,使得攻击者所找到的匹配消息还要符合这一点,才能进行攻击,增加了攻击者的攻击难度,降低了报文被攻击的危险,有效阻止了降级攻击,满足了报文及数字签名的更高安全性的需求。In the digital signature method of this embodiment, not only the message digest is calculated for the whole message to obtain the first message digest value, but also the message digest is calculated for one or some fragments in the message to obtain at least one The second message digest value makes it necessary for the attacker to simultaneously find at least two matching messages with intrinsic connections pointing to the first message digest value and at least one second message digest value respectively. Since the second message digest value corresponds to a part of a specific position in the message, the matching message found by the attacker must meet this point before the attack can be carried out, which increases the attack difficulty of the attacker and reduces the risk of the message being attacked , which effectively prevents downgrade attacks and meets the higher security requirements of messages and digital signatures.

另外,本实施例的数字签名方法中,对消息摘要值进行加密的方式有多种,发送方和接收方可根据需要约定一种方式,进一步提高了数字签名的安全性。In addition, in the digital signature method of this embodiment, there are multiple ways to encrypt the message digest value, and the sender and receiver can agree on a way according to needs, which further improves the security of the digital signature.

图2为本发明一实施例提供的报文格式的示意图。图3为本发明一实施例提供的最终数字签名格式的示意图,如图3所示的最终数字签名是在选取一个报文片段的情况下获得的,其中包含对应于报文的第一数字签名及对应于报文片段的一个第二数字签名。如图2所示,报文201与最终数字签名202一起构成一个完整的数据。Fig. 2 is a schematic diagram of a message format provided by an embodiment of the present invention. Fig. 3 is a schematic diagram of the final digital signature format provided by an embodiment of the present invention. The final digital signature shown in Fig. 3 is obtained by selecting a message segment, which contains the first digital signature corresponding to the message and a second digital signature corresponding to the message segment. As shown in FIG. 2 , the message 201 and the final digital signature 202 constitute a complete data.

图4为本发明一实施例提供的数字签名的验证方法的流程图。参见图4,数字签名的验证方法包括:FIG. 4 is a flowchart of a digital signature verification method provided by an embodiment of the present invention. Referring to Figure 4, the verification methods for digital signatures include:

步骤401:根据与报文发送方约定的方式对接收到的报文选取至少一个报文片段。Step 401: Select at least one message segment from the received message according to the method agreed with the message sender.

具体地,接受方对接收到的报文根据发送方和接收方共同约定方法选取一个或多个报文片段。Specifically, the receiver selects one or more message segments from the received message according to a method agreed upon by the sender and the receiver.

步骤402:根据与报文发送方约定的解密方式及数字签名算法对接收到的最终数字签名进行解密,获得对应于报文的第一消息摘要值及对应于报文片段的至少一个第二消息摘要值。Step 402: Decrypt the received final digital signature according to the decryption method and digital signature algorithm agreed with the message sender, and obtain the first message digest value corresponding to the message and at least one second message corresponding to the message fragment summary value.

具体地,接受方对接收到的最终数字签名根据与报文发送方约定的解密方式通过数字签名算法进行解密,该数字签名算法由发送方和接收方共同约定,该解密方式与前述数字签名方法实施例中的加密方式相对应,即发送方采用一种加密方式,则接收方则采用此方式对接收到的最终数字签名进行解密。当步骤401中选取的报文片段是一个时,进行解密后获得对应于报文的一个第一消息摘要值及对应于报文片段的一个第二消息摘要值;当步骤401中选取的报文片段是多个时,进行解密后获得对应于报文的一个第一消息摘要值及对应于多个报文片段的多个第二消息摘要值。Specifically, the receiver decrypts the received final digital signature through the digital signature algorithm according to the decryption method agreed with the message sender. The digital signature algorithm is agreed by the sender and the receiver. The encryption methods in the embodiments correspond, that is, the sender adopts one encryption method, and the receiver uses this method to decrypt the received final digital signature. When the selected message segment in step 401 is one, obtain a first message digest value corresponding to the message and a second message digest value corresponding to the message segment after deciphering; when the selected message in step 401 When there are multiple fragments, one first message digest value corresponding to the message and multiple second message digest values corresponding to multiple message fragments are obtained after decryption.

步骤403:对报文进行处理,获得第三消息摘要值,并对至少一个报文片段分别进行处理,获得至少一个第四消息摘要值。Step 403: Process the message to obtain a third message digest value, and respectively process at least one message fragment to obtain at least one fourth message digest value.

具体地,对报文进行计算,获得第三消息摘要值,并对选取的报文片段进行计算,当选取一个报文片段时,计算后获得一个第四消息摘要值;当选取多个报文片段时,计算后获得多个第四消息摘要值。Specifically, the message is calculated to obtain the third message digest value, and the selected message segment is calculated. When a message segment is selected, a fourth message digest value is obtained after calculation; when multiple messages are selected When fragments are used, multiple fourth message digest values are obtained after calculation.

计算报文或某一报文片段的消息摘要值时,将由步骤402中解密得到的对应该报文或该报文片段的消息摘要算法取出,用该算法对该报文或该报文片段进行计算。When calculating the message digest value of a message or a certain message fragment, the message digest algorithm corresponding to the message or the message fragment obtained by deciphering in step 402 is taken out, and the message or the message fragment is processed with the algorithm calculate.

步骤404:比较第一消息摘要值与第三消息摘要值。Step 404: Compare the first message digest value with the third message digest value.

具体地,将第一消息摘要值与第三消息摘要值进行比较。当比较的结果为不相等时,说明接收到的报文为受到篡改的报文,则转到步骤407,判定报文遭受攻击。当比较的结果为相等时转而执行步骤405。Specifically, the first message digest value is compared with the third message digest value. When the comparison result is not equal, it means that the received message is a message that has been tampered with, and then go to step 407 to determine that the message has been attacked. When the comparison result is equal, go to step 405 .

步骤405:比较第二消息摘要值与第四消息摘要值。Step 405: Compare the second message digest value with the fourth message digest value.

当选取一个报文片段时,第二消息摘要值与第四消息摘要值分别为一个,将第二消息摘要值与第四消息摘要值进行比较,当比较的结果为不相等时,说明接收到的报文为受到篡改的报文,则转到步骤407,判定报文遭受攻击。当比较结果为相等时,说明接收到了正确的报文,则转到步骤406,判定报文未受攻击。When a message fragment is selected, the second message digest value and the fourth message digest value are respectively one, and the second message digest value and the fourth message digest value are compared. When the comparison result is not equal, it means that the If the message is a tampered message, go to step 407 to determine that the message has been attacked. When the comparison results are equal, it means that the correct message has been received, and then go to step 406 to determine that the message has not been attacked.

当选取多个报文片段时,第二消息摘要值与第四消息摘要值分别为多个,按选取报文片段的顺序,将对应于报文片段的每个第四消息摘要值依次与每个第二消息摘要值进行比较。当出现第二消息摘要值与第四消息摘要值有一个不相等时,说明接收到的报文为受到篡改的报文,则停止后续比较,转到步骤407,判定报文遭受攻击。当比较结果为全部相等时,说明接收到了正确的报文,则转到步骤406,判定报文未受攻击。When a plurality of message fragments are selected, the second message digest value and the fourth message digest value are multiple respectively, and according to the order of selecting message fragments, each fourth message digest value corresponding to the message fragments is sequentially compared with each A second message digest value is compared. When there is an inequality between the second message digest value and the fourth message digest value, it means that the received message is a tampered message, then stop the subsequent comparison, go to step 407, and determine that the message has been attacked. When the comparison results are all equal, it means that the correct message has been received, and then go to step 406 to determine that the message has not been attacked.

通过上述验证方法可使接收方正确判定接收到的报文是否遭受降级攻击,从而保证了接收到数据的完整性和可靠性。Through the above verification method, the receiver can correctly determine whether the received message is subjected to a downgrade attack, thereby ensuring the integrity and reliability of the received data.

需要说明的是,上述步骤404与步骤405之间并没有限定执行的顺序,即先比较第一消息摘要值与第三消息摘要值,或者先比较第二消息摘要值与第四消息摘要值均可根据实际需要进行适当选择。It should be noted that there is no limitation on the order of execution between the above step 404 and step 405, that is, first compare the first message digest value and the third message digest value, or first compare the second message digest value and the fourth message digest value. Appropriate selection can be made according to actual needs.

图6为本发明一实施例提供的数字签名装置的方框图。参见图6,数字签名装置601包括:第一消息摘要处理模块603、片段选取模块602、第二消息摘要处理模块604、数字签名模块605。Fig. 6 is a block diagram of a digital signature device provided by an embodiment of the present invention. Referring to FIG. 6 , the digital signature device 601 includes: a first message digest processing module 603 , a fragment selection module 602 , a second message digest processing module 604 , and a digital signature module 605 .

其中,第一消息摘要处理模块603用于对待传输的报文进行计算,获得第一消息摘要值。片段选取模块602用于从待传输的报文中选取至少一个报文片段。第二消息摘要处理模块604用于对至少一个报文片段进行计算,获得至少一个第二消息摘要值。数字签名模块605用于采用数字签名算法对第一消息摘要值及至少一个第二消息摘要值进行加密,获得最终数字签名。对报文片段的选取方法详见上述实施例中的说明,在此不再重复说明。Wherein, the first message digest processing module 603 is configured to calculate the message to be transmitted to obtain the first message digest value. The segment selection module 602 is used for selecting at least one message segment from the message to be transmitted. The second message digest processing module 604 is configured to calculate at least one message segment to obtain at least one second message digest value. The digital signature module 605 is configured to use a digital signature algorithm to encrypt the first message digest value and at least one second message digest value to obtain a final digital signature. For the method of selecting message segments, refer to the descriptions in the above embodiments for details, and will not be repeated here.

图9为本发明一实施例提供的数字签名模块的方框图,如图9所示,数字签名模块605包括第一数字签名单元6051、第二数字签名单元6052及第一组合单元6053。其中,第一数字签名单元6051用于对第一消息摘要值采用数字签名算法进行加密,获得第一数字签名;第二数字签名单元6052用于对至少一个第二消息摘要值采用数字签名算法分别进行加密,获得至少一个第二数字签名;第一组合单元6053,用于将第一数字签名和至少一个第二数字签名进行组合,获得最终数字签名。至少一个第二数字签名连接于第一数字签名的后面,且至少一个第二数字签名的排列顺序与选取的报文片段的顺序一致。FIG. 9 is a block diagram of a digital signature module provided by an embodiment of the present invention. As shown in FIG. 9 , the digital signature module 605 includes a first digital signature unit 6051 , a second digital signature unit 6052 and a first combination unit 6053 . Wherein, the first digital signature unit 6051 is used to encrypt the first message digest value using a digital signature algorithm to obtain the first digital signature; the second digital signature unit 6052 is used to use a digital signature algorithm to at least one second message digest value respectively Perform encryption to obtain at least one second digital signature; the first combining unit 6053 is configured to combine the first digital signature and at least one second digital signature to obtain a final digital signature. At least one second digital signature is connected behind the first digital signature, and the sequence of the at least one second digital signature is consistent with the sequence of the selected message segments.

当选取的报文片段为n个时,最终数字签名的格式如图5所示。其中,第一数字签名表示对接收到的报文整体计算及加密后得到的数字签名;第二数字签名1表示对选取的第1个报文片段计算及加密后得到的数字签名;第二数字签名2表示对选取的第2个报文片段计算及加密后得到的数字签名,以此类推,第二数字签名n表示对选取的第n个报文片段计算及加密后得到的数字签名。第二数字签名1、第二数字签名2、......、第二数字签名n按报文片段的先后顺序对应依次连接在第一数字签名的后面,构成最终数字签名。例如,如果选取的n个报文片段的先后顺序为:第1个报文片段、第2个报文片段、...第n个报文片段,则最终数字签名如图5所示。When n message segments are selected, the format of the final digital signature is shown in FIG. 5 . Among them, the first digital signature represents the digital signature obtained after calculating and encrypting the received message as a whole; the second digital signature 1 represents the digital signature obtained after calculating and encrypting the selected first message segment; the second digital signature Signature 2 represents the digital signature obtained after calculation and encryption of the second selected message segment, and so on, and the second digital signature n represents the digital signature obtained after calculation and encryption of the selected nth message segment. The second digital signature 1, the second digital signature 2, . For example, if the order of the selected n message fragments is: the first message fragment, the second message fragment, ... the nth message fragment, the final digital signature is shown in FIG. 5 .

通过对选取的多个报文片段分别进行计算生成消息摘要值,使得攻击者必须同时找到多个匹配消息分别指向对应的消息摘要值,进一步增加了降级攻击的难度,且选取的报文片段的个数越多,报文受到攻击的可能性就越低,从而进一步提高了数字签名方法的安全性。The message digest value is generated by calculating the selected message fragments separately, so that the attacker must find multiple matching messages to point to the corresponding message digest value at the same time, which further increases the difficulty of the downgrade attack, and the selected message fragments The larger the number, the lower the possibility of the message being attacked, thereby further improving the security of the digital signature method.

图10为本发明另一实施例提供的数字签名模块的方框图。如图10所示,数字签名模块605包括第二组合单元6054及第三数字签名单元6055。其中,第二组合单元6054用于将第一消息摘要值与至少一个第二消息摘要值进行组合;第三数字签名单元6055用于采用数字签名算法对组合的第一消息摘要值与至少一个第二消息摘要值整体进行加密,获得所述最终数字签名。至少一个第二消息摘要值连接于第一消息摘要值的后面,且至少一个第二消息摘要值的排列顺序与选取的报文片段的顺序一致。Fig. 10 is a block diagram of a digital signature module provided by another embodiment of the present invention. As shown in FIG. 10 , the digital signature module 605 includes a second combination unit 6054 and a third digital signature unit 6055 . Wherein, the second combination unit 6054 is used to combine the first message digest value with at least one second message digest value; the third digital signature unit 6055 is used to use a digital signature algorithm to combine the first message digest value and at least one second message digest value The two message digest values are encrypted as a whole to obtain the final digital signature. At least one second message digest value is connected behind the first message digest value, and the sequence of the at least one second message digest value is consistent with the sequence of the selected message segments.

图7为本发明一实施例提供的数字签名的验证装置的方框图。参见图7,数字签名的验证装置701包括:片段获取模块702、解密模块703、第三消息摘要处理模块704、第四消息摘要处理模块705、第一比较模块706、第二比较模块707及判定模块708。Fig. 7 is a block diagram of a digital signature verification device provided by an embodiment of the present invention. Referring to Fig. 7, the verification device 701 of the digital signature includes: a segment acquisition module 702, a decryption module 703, a third message digest processing module 704, a fourth message digest processing module 705, a first comparison module 706, a second comparison module 707 and a judgment Module 708.

其中,片段获取模块702根据与报文发送方约定的方式对接收到的报文选取至少一个报文片段;解密模块703根据与报文发送方约定的解密方式采用数字签名算法对接收到的最终数字签名进行解密,获得第一消息摘要值及至少一个第二消息摘要值,该数字签名算法为与报文发送方约定的算法,第一消息摘要值与接收到的报文相对应,至少一个第二消息摘要值与至少一个报文片段对应。该解密方式与发送方所采用的加密方式相对应。Among them, the fragment acquisition module 702 selects at least one message fragment from the received message according to the method agreed with the message sender; the decryption module 703 adopts a digital signature algorithm to decrypt the received final message according to the decryption method agreed with the message sender. The digital signature is decrypted to obtain the first message digest value and at least one second message digest value. The digital signature algorithm is an algorithm agreed with the message sender. The first message digest value corresponds to the received message. At least one The second message digest value corresponds to at least one packet fragment. The decryption method corresponds to the encryption method used by the sender.

第三消息摘要处理模块704对接收到的报文进行计算,获得第三消息摘要值;第四消息摘要处理模块705对至少一个报文片段分别进行计算,获得至少一个第四消息摘要值。The third message digest processing module 704 calculates the received message to obtain a third message digest value; the fourth message digest processing module 705 separately calculates at least one message fragment to obtain at least one fourth message digest value.

第三消息摘要处理模块704在计算报文的消息摘要值时,或者第四消息摘要处理模块705在计算某一报文片段的消息摘要值时,先将由解密模块703中解密得到的对应该报文或该报文片段的消息摘要算法取出,用该算法对该报文或该报文片段进行计算。When the third message digest processing module 704 calculates the message digest value of a message, or when the fourth message digest processing module 705 calculates the message digest value of a certain message segment, it first decrypts the corresponding message obtained by decrypting the decryption module 703. The message digest algorithm of the text or the message fragment is taken out, and the algorithm is used to calculate the message or the message fragment.

第一比较模块706对第一消息摘要值与第三消息摘要值进行比较;第二比较模块707对至少一个第二消息摘要值与至少一个第四消息摘要值进行比较;判定模块708根据第一比较模块706和第二比较模块707的比较结果判定接收到的报文是否受到降级攻击。The first comparison module 706 compares the first message digest value with the third message digest value; the second comparison module 707 compares at least one second message digest value with at least one fourth message digest value; the judging module 708 according to the first The comparison result of the comparison module 706 and the second comparison module 707 determines whether the received packet is subject to a downgrade attack.

本实施例中,判定模块708具体用于在第一消息摘要值与第三消息摘要值相等,且至少一个第二消息摘要值与至少一个第四消息摘要值全部相等的情况下,判定接收到的报文未受到降级攻击;否则,判定接收到的报文受到降级攻击。In this embodiment, the judging module 708 is specifically configured to determine that the received The packets received are not subjected to downgrade attacks; otherwise, it is determined that the received packets are subjected to downgrade attacks.

图8为本发明一实施例提供的数字签名系统的方框图。参见图8,数字签名系统801包括数字签名装置802与数字签名的验证装置803。其中,数字签名装置802与数字签名的验证装置803已在上述实施例中详细描述,在此不再重复描述。Fig. 8 is a block diagram of a digital signature system provided by an embodiment of the present invention. Referring to FIG. 8 , a digital signature system 801 includes a digital signature device 802 and a digital signature verification device 803 . Wherein, the digital signature device 802 and the digital signature verification device 803 have been described in detail in the above embodiments, and will not be repeated here.

需要说明的是,上述各实施例的消息摘要算法及数字签名算法并不限于实施例中所列举的算法,任何本领域技术人员所知的消息摘要算法及数字签名算法,都可用于实现本发明。It should be noted that the message digest algorithm and digital signature algorithm of the above-mentioned embodiments are not limited to the algorithms listed in the embodiments, and any message digest algorithm and digital signature algorithm known to those skilled in the art can be used to implement the present invention .

本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps for realizing the above-mentioned method embodiments can be completed by hardware related to program instructions, and the aforementioned program can be stored in a computer-readable storage medium. When the program is executed, the It includes the steps of the above method embodiments; and the aforementioned storage medium includes: ROM, RAM, magnetic disk or optical disk and other various media that can store program codes.

最后应说明的是:以上实施例仅用以说明本发明的技术方案而非对其进行限制,尽管参照较佳实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对本发明的技术方案进行修改或者等同替换,而这些修改或者等同替换亦不能使修改后的技术方案脱离本发明技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit them. Although the present invention has been described in detail with reference to the preferred embodiments, those of ordinary skill in the art should understand that: it still Modifications or equivalent replacements can be made to the technical solutions of the present invention, and these modifications or equivalent replacements cannot make the modified technical solutions deviate from the spirit and scope of the technical solutions of the present invention.

Claims (15)

1. a digital signature method is characterized in that, comprising:
Message waiting for transmission is handled, obtained first message digest value;
From described message, choose at least one message fragment;
Described message fragment is handled respectively, obtained at least one corresponding second message digest value;
Adopt Digital Signature Algorithm that described first message digest value and described at least one second message digest value are encrypted, obtain final digital signature.
2. digital signature method according to claim 1 is characterized in that, adopts Digital Signature Algorithm that described first message digest value and described at least one second message digest value are encrypted, and obtains final digital signature and comprises:
Adopt described Digital Signature Algorithm that described first message digest value is encrypted, obtain first digital signature;
Adopt described Digital Signature Algorithm that described at least one second message digest value is encrypted respectively, obtain at least one second digital signature;
Described first digital signature and described at least one second digital signature are made up.
3. digital signature method according to claim 1 is characterized in that, adopts Digital Signature Algorithm that described first message digest value and described at least one second message digest value are encrypted, and obtains final digital signature and comprises:
Described first message digest value and described at least one second message digest value are made up;
Adopt described Digital Signature Algorithm that described first message digest value and described at least one second message digest value integral body of combination are encrypted, obtain described final digital signature.
4. according to each described digital signature method of claim 1-3, it is characterized in that, from described message, choose at least one message fragment and comprise:
From described message, choose at least one field or at least one position.
5. according to each described digital signature method of claim 1-3, it is characterized in that, from described message, choose at least one message fragment and comprise:
From described message, choose a plurality of message fragments that comprise same field or identical bits.
6. digital signature method according to claim 4 is characterized in that, chooses at least one field and comprise from described message:
From described message, choose the field that at least one is used to represent the temporal information of described message.
7. the verification method of a digital signature is characterized in that, comprising:
According to the message that receives being chosen at least one message fragment with the mode of message transmitting party agreement;
According to manner of decryption and Digital Signature Algorithm the final digital signature that receives is decrypted with the message transmitting party agreement, obtain first message digest value and at least one second message digest value, described first message digest value is corresponding with the described message that receives, and described at least one second message digest value is corresponding with described at least one message fragment;
The described message that receives is handled, obtained the 3rd message digest value;
Described message fragment is handled respectively, obtained at least one corresponding the 4th message digest value;
Described first message digest value and described the 3rd message digest value are compared;
Described at least one second message digest value and described at least one the 4th message digest value are compared;
Equate with described the 3rd message digest value in described first message digest value, and under described at least one second message digest value and the situation that described at least one the 4th message digest value all equates, judge that the described message that receives is not subjected to downgrade attacks;
Otherwise, judge that the described message that receives is subjected to downgrade attacks.
8. a digital signature device is characterized in that, comprising:
The first eap-message digest processing module is used for message waiting for transmission is handled, and obtains first message digest value;
Fragment is chosen module, is used for choosing at least one message fragment from described message;
The second eap-message digest processing module is used for described message fragment is handled, and obtains at least one corresponding second message digest value;
The digital signature module is used to adopt Digital Signature Algorithm that described first message digest value and described at least one second message digest value are encrypted, and obtains final digital signature.
9. digital signature device according to claim 8 is characterized in that, described digital signature module comprises:
The first digital signature unit is used for adopting described Digital Signature Algorithm to encrypt to described first message digest value, obtains first digital signature;
The second digital signature unit is used for adopting described Digital Signature Algorithm to encrypt respectively to described at least one second message digest value, obtains at least one second digital signature;
First assembled unit is used for described first digital signature and described at least one second digital signature are made up, and obtains final digital signature.
10. digital signature device according to claim 8 is characterized in that, described digital signature module comprises:
Second assembled unit is used for described first message digest value and described at least one second message digest value are made up;
The 3rd digital signature unit is used to adopt described Digital Signature Algorithm that described first message digest value and described at least one second message digest value integral body of combination are encrypted, and obtains described final digital signature.
11. each described digital signature device is characterized in that according to Claim 8-10, described fragment is chosen module and is used for choosing at least one field or at least one position from described message.
12. each described digital signature device is characterized in that according to Claim 8-10, described fragment is chosen module and is used for choosing a plurality of message fragments that comprise same field or identical bits from described message.
13. each described digital signature device is characterized in that according to Claim 8-10, described fragment is chosen module and is used for choosing the field that at least one is used to represent the temporal information of described message from described message.
14. the demo plant of a digital signature is characterized in that, comprising:
The fragment acquisition module is used for according to the mode of message transmitting party agreement the message that receives being chosen at least one message fragment;
Deciphering module, be used for the final digital signature that receives being decrypted according to manner of decryption and Digital Signature Algorithm with the message transmitting party agreement, obtain first message digest value and at least one second message digest value, described first message digest value is corresponding with the described message that receives, and described at least one second message digest value is corresponding with described at least one message fragment;
The 3rd eap-message digest processing module is used for the described message that receives is handled, and obtains the 3rd message digest value;
The 4th eap-message digest processing module is used for described message fragment is handled respectively, obtains at least one corresponding the 4th message digest value;
First comparison module is used for described first message digest value and described the 3rd message digest value are compared;
Second comparison module is used for described at least one second message digest value and described at least one the 4th message digest value are compared;
Determination module, be used for equating with described the 3rd message digest value in described first message digest value, and under described at least one second message digest value and the situation that described at least one the 4th message digest value all equates, judge that the described message that receives is not subjected to downgrade attacks; Otherwise, judge that the described message that receives is subjected to downgrade attacks.
15. a digital signature system is characterized in that, comprising: aforesaid right requires each described digital signature device of 8-13 and aforesaid right to require the demo plant of 14 described digital signature.
CN201010505308A 2010-10-08 2010-10-08 Digital signature method, and method, device and system for verifying digital signature Active CN101980471B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010505308A CN101980471B (en) 2010-10-08 2010-10-08 Digital signature method, and method, device and system for verifying digital signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010505308A CN101980471B (en) 2010-10-08 2010-10-08 Digital signature method, and method, device and system for verifying digital signature

Publications (2)

Publication Number Publication Date
CN101980471A true CN101980471A (en) 2011-02-23
CN101980471B CN101980471B (en) 2012-08-29

Family

ID=43600955

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010505308A Active CN101980471B (en) 2010-10-08 2010-10-08 Digital signature method, and method, device and system for verifying digital signature

Country Status (1)

Country Link
CN (1) CN101980471B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103430507A (en) * 2011-03-08 2013-12-04 惠普发展公司,有限责任合伙企业 Methods and systems for full pattern matching in hardware
CN104243161A (en) * 2014-07-24 2014-12-24 无锡天公瑞丰科技有限公司 Distribution automation dual security communication method and device based on TG-Inwicos
CN104519054A (en) * 2014-12-12 2015-04-15 中金金融认证中心有限公司 Digital signature method, device and system
CN106936594A (en) * 2017-05-17 2017-07-07 浪潮通信信息系统有限公司 A kind of chain type Self-certified safety interacting method
CN110311784A (en) * 2019-06-10 2019-10-08 北京信安世纪科技股份有限公司 A kind of JSON message endorsement method, sign test method and device
CN113297633A (en) * 2021-07-26 2021-08-24 南京大学 Quantum digital signature method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020099948A1 (en) * 1999-09-02 2002-07-25 Cryptography Research, Inc. Digital Content Protection Method and Apparatus
CN1729647A (en) * 2002-12-21 2006-02-01 国际商业机器公司 Methods, apparatus and computer programs for generating and/or using conditional electronic signatures for reporting status changes
CN1794631A (en) * 2005-12-26 2006-06-28 李代甫 Sign device and method of digital sign
CN101203025A (en) * 2006-12-15 2008-06-18 上海晨兴电子科技有限公司 Method for transmitting and receiving safe mobile message
CN101631022A (en) * 2009-08-04 2010-01-20 北京飞天诚信科技有限公司 Signing method and system thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020099948A1 (en) * 1999-09-02 2002-07-25 Cryptography Research, Inc. Digital Content Protection Method and Apparatus
CN1729647A (en) * 2002-12-21 2006-02-01 国际商业机器公司 Methods, apparatus and computer programs for generating and/or using conditional electronic signatures for reporting status changes
CN1794631A (en) * 2005-12-26 2006-06-28 李代甫 Sign device and method of digital sign
CN101203025A (en) * 2006-12-15 2008-06-18 上海晨兴电子科技有限公司 Method for transmitting and receiving safe mobile message
CN101631022A (en) * 2009-08-04 2010-01-20 北京飞天诚信科技有限公司 Signing method and system thereof

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103430507A (en) * 2011-03-08 2013-12-04 惠普发展公司,有限责任合伙企业 Methods and systems for full pattern matching in hardware
US9602522B2 (en) 2011-03-08 2017-03-21 Trend Micro Incorporated Methods and systems for full pattern matching in hardware
CN104243161A (en) * 2014-07-24 2014-12-24 无锡天公瑞丰科技有限公司 Distribution automation dual security communication method and device based on TG-Inwicos
CN104519054A (en) * 2014-12-12 2015-04-15 中金金融认证中心有限公司 Digital signature method, device and system
CN106936594A (en) * 2017-05-17 2017-07-07 浪潮通信信息系统有限公司 A kind of chain type Self-certified safety interacting method
CN106936594B (en) * 2017-05-17 2020-03-17 浪潮天元通信信息系统有限公司 Chain type self-authentication security interaction method
CN110311784A (en) * 2019-06-10 2019-10-08 北京信安世纪科技股份有限公司 A kind of JSON message endorsement method, sign test method and device
CN110311784B (en) * 2019-06-10 2022-10-21 北京信安世纪科技股份有限公司 JSON message signature method, signature verification method and device
CN113297633A (en) * 2021-07-26 2021-08-24 南京大学 Quantum digital signature method

Also Published As

Publication number Publication date
CN101980471B (en) 2012-08-29

Similar Documents

Publication Publication Date Title
CN110493197B (en) Login processing method and related equipment
US9537657B1 (en) Multipart authenticated encryption
US9847880B2 (en) Techniques for ensuring authentication and integrity of communications
Schaad et al. Secure/multipurpose internet mail extensions (s/mime) version 4.0 message specification
US20030078058A1 (en) Method for transmission of secure messages in a telecommunications network
CN113268715A (en) Software encryption method, device, equipment and storage medium
CN101980471B (en) Digital signature method, and method, device and system for verifying digital signature
CN104836784B (en) A kind of information processing method, client and server
JP6289680B2 (en) Packet transmission device, packet reception device, packet transmission program, and packet reception program
US11552781B2 (en) Using error detection bits for cryptographic integrity and authentication
KR101365603B1 (en) Method for conditional inserting authentication code and apparatus therefor, Method for conditional using data through authenticating and apparatus therefor
CN113811874A (en) Encrypted data verification method
CN105791258A (en) A data transmission method, terminal and open platform
CN108141353B (en) Method and device for upgrading cryptographic algorithm
CN114003970A (en) Hash chain-based low-overhead message integrity protection method
KR102008670B1 (en) Apparatus of monitoring multicast group
CN111131311A (en) Blockchain-based data transmission method and blockchain node
CN106453430A (en) Method and device for verifying encrypted data transmission paths
CN113302961B (en) Safety beacon
CN113489589A (en) Data encryption and decryption method and device and electronic equipment
CN108242997B (en) Method and apparatus for secure communication
CN115549910A (en) Data transmission method, equipment and storage medium
CN116455892B (en) File transmission method, file transmission device and terminal equipment
KR20200043018A (en) Communication method inside automotive
CN118869221B (en) An ECC digital signature method to prevent unauthorized verification

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Free format text: FORMER OWNER: KNET CO., LTD.

C41 Transfer of patent application or patent right or utility model
C53 Correction of patent for invention or patent application
CB03 Change of inventor or designer information

Inventor after: Mao Wei

Inventor after: Li Xiaodong

Inventor after: Shen Shuo

Inventor after: Wang Yan

Inventor after: Liu Jin

Inventor before: Mao Wei

Inventor before: Li Xiaodong

Inventor before: Shen Shuo

Inventor before: Wang Yan

Inventor before: Liu Jin

Inventor before: Lu Wenzhe

COR Change of bibliographic data

Free format text: CORRECT: INVENTOR; FROM: MAO WEI LI XIAODONG SHEN SHUO WANG YAN LIU JIN LU WENZHE TO: MAO WEI LI XIAODONG SHEN SHUO WANG YAN LIU JIN

TA01 Transfer of patent application right

Effective date of registration: 20110419

Address after: 100190 Beijing, Zhongguancun, South Street, No. four, No. four, No.

Applicant after: Computer Network Information Center, Chinese Academy of Sciences

Address before: 100190 Beijing, Zhongguancun, South Street, No. four, No. four, No.

Applicant before: Computer Network Information Center, Chinese Academy of Sciences

Co-applicant before: Beilong Knet (Beijing) Technology Co., Ltd.

C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20210210

Address after: 100190 room 506, building 2, courtyard 4, South 4th Street, Zhongguancun, Haidian District, Beijing

Patentee after: CHINA INTERNET NETWORK INFORMATION CENTER

Address before: 100190 No. four, four South Street, Haidian District, Beijing, Zhongguancun

Patentee before: Computer Network Information Center, Chinese Academy of Sciences

TR01 Transfer of patent right