CN102685121A - Digital signature method and digital signature device - Google Patents
Digital signature method and digital signature device Download PDFInfo
- Publication number
- CN102685121A CN102685121A CN201210135512XA CN201210135512A CN102685121A CN 102685121 A CN102685121 A CN 102685121A CN 201210135512X A CN201210135512X A CN 201210135512XA CN 201210135512 A CN201210135512 A CN 201210135512A CN 102685121 A CN102685121 A CN 102685121A
- Authority
- CN
- China
- Prior art keywords
- user
- message
- input information
- usb key
- confirm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The embodiment of the invention discloses a digital signature method and a digital signature device. The method comprises the following steps of receiving a message from a host computer by utilizing a universal serial bus (USB) key, and acquiring user input information, wherein the user input information is the way for a user to input a personal identification code (PIN) and/or the PIN code inputted by the user; judging whether the user input information is matched with the message received by the USB key or not by utilizing the USB key; utilizing the USB key to perform digital signature on the message if the acquired user input information is matched with the message received by the USB key; and utilizing the USB key to return the error information or the authentication failure information if the acquired user input information is not matched with the message received by the USB key. Due to the adoption of the technical scheme provided by the embodiment, the security of the PIN code authentication and the digital signature can be improved.
Description
Technical field
The present invention relates to information security field, particularly relate to a kind of digital signature method and device.
Background technology
Along with the continuous generation of Net silver security incident in recent years, safety problem becomes the focus of Net silver system.In the present Net silver system, use USB (Universal Serial BUS, USB) Key to improve the safety precaution grade usually.
USB Key is a kind of hardware device with USB interface, and built-in single-chip microcomputer or intelligent card chip have certain memory space, can store user's private key and digital certificate.When the user uses USB Key login Net silver system; USB Key understands PIN (Personal Identification Number, the individual identification password) sign indicating number of earlier user being imported and verify, and when checking is passed through; Use private key that data are encrypted, and then accomplish digital signature.
The inventor finds that there is following defective at least in prior art in realizing process of the present invention:
USB Key of the prior art has unique PIN code usually, and the private key among the USB Key also is unique, when PIN code is revealed; Can cause huge threat to the safety of Net silver; Therefore, the fail safe of existing digital signature method is lower, can't ensure the safety of Net silver system.
Summary of the invention
The embodiment of the invention provides a kind of digital signature method and device, is used to improve the fail safe of PIN code authentication and digital signature.
The embodiment of the invention provides a kind of digital signature method, may further comprise the steps:
General-purpose serial bus USB Key receives the message from main frame, obtains user's input information, and said user's input information is the mode that said user inputs individual identification password PIN code, and/or, the PIN code of said user's input;
Said USB Key judges the message the coupling whether user's input information that obtains receives with said USB Key;
If the message that said user's input information that obtains and said USB Key receive coupling, said USB Key carries out digital signature to said message;
If the message that said user's input information that obtains and said USB Key receive does not match, said USB Key returns error message or authentication failure message.
The embodiment of the invention provides a kind of digital signature method; Be applied to comprise in the system of general-purpose serial bus USB Key and main frame that said USB Key stores user's input information set, and the user's input information that uses when recording last authentication; Said user's input information is the mode that said user inputs individual identification password PIN code; And/or the PIN code of said user's input said method comprising the steps of:
1., said USB Key obtains user's input information;
2., said USB Key judges whether the user's input information that obtains is included in the said user's input information set, if be included in the said user's input information set, then execution in step 4.; Otherwise execution in step 3.;
3., said USB Key returns error message or authentication failure message, process ends;
4., the user's input information that uses when judging the said user's input information that obtains whether with last authentication of said USB Key is identical, if identical, then execution in step is 3.; Otherwise execution in step 5.;
5., said USB Key carries out digital signature to the message that receives.
The embodiment of the invention provides a kind of digital signature method, may further comprise the steps:
1., general-purpose serial bus USB Key receives the message from main frame, confirms the quantity of corresponding PIN code according to said message;
2., said USB Key obtains user's input information; The count value of counter is added 1, and the initial count value of said counter is zero, and said user's input information is the mode that said user inputs individual identification password PIN code; And/or, the PIN code of said user's input;
3., that said USB Key judges whether the user's input information obtain satisfies is pre-conditioned, if satisfy, then execution in step is 5.; Otherwise execution in step 4.;
4., said USB Key returns error message or authentication failure message, process ends;
5., said USB Key judge counter count value whether less than the quantity of the PIN code corresponding with said message, if less than, then return step 2.; Otherwise execution in step 6.;
6., said USB Key carries out digital signature to said message.
The embodiment of the invention provides a kind of digital signature method, may further comprise the steps:
1., general-purpose serial bus USB Key obtains first user's input information, it is pre-conditioned to judge whether said first user's input information satisfies, if do not satisfy, then execution in step 2.; If satisfy, execution in step 3.; Said first user's input information is the mode that said user imports first people's recognition code PIN code, and/or, first PIN code of said user's input;
2., said USB Key returns error message or authentication failure message, process ends;
3., said USB Key receives the message from main frame, obtains second user's input information, judges the message coupling whether said second user's input information receives with said USB Key, if do not match, then execution in step is 2.; If coupling, then execution in step 4.; Said second user's input information is the mode that said user imports second PIN code, and/or, second PIN code of said user's input;
4., said USB Key carries out digital signature to said message.
The embodiment of the invention provides a kind of general-purpose serial bus USB Key, comprising:
Receiver module is used to receive the message from main frame;
Acquisition module is used to obtain user's input information, and said user's input information is the mode that said user inputs individual identification password PIN code, and/or, the PIN code of said user's input;
Judge module is used to judge the message coupling whether user's input information that said acquisition module obtains receives with said receiver module;
The digital signature module is used for when said judge module is judged said user's input information and said message coupling, said message being carried out digital signature;
Sending module is used for when said judge module judges that said user's input information and said message do not match, returning error message or authentication failure message.
The embodiment of the invention provides a kind of general-purpose serial bus USB Key, comprising:
Memory module is used to store the user's input information set, and said user's input information is the mode that said user inputs individual identification password PIN code, and/or, the PIN code of said user's input;
Logging modle, the user's input information that uses when writing down last authentication;
Receiver module is used to receive the message from main frame;
Acquisition module is used to obtain user's input information;
First judge module is used for judging whether the user's input information that said acquisition module obtains is included in said user's input information set;
Second judge module; Be used for when said first judge module judges that user's input information that said acquisition module obtains is included in said user's input information set, the user's input information that uses when judging the said user's input information that obtains whether with last authentication is identical;
The digital signature module, be used for said second judge module judge the said user's input information that obtains whether with on the user's input information that once uses during authentication not simultaneously, said message is carried out digital signature;
Sending module; Be used for when said first judge module judges that user's input information that said acquisition module obtains is not included in said user's input information set; Perhaps; Said second judge module judge the said user's input information that obtains whether with on the user's input information that once uses during authentication when identical, return error message or authentication failure message.
The embodiment of the invention provides a kind of general-purpose serial bus USB Key, comprising:
Receiver module is used to receive the message from main frame;
Determination module is used for the quantity according to the individual identification password PIN code of the definite correspondence of said message;
Acquisition module is used to obtain user's input information, and said user's input information is the mode that said user imports PIN code, and/or, the PIN code of said user's input;
Counter module is used for after said acquisition module obtains user's input information, count value being added 1, and the initial value of said count value is zero;
First judge module is used to judge whether the user's input information that said acquisition module obtains satisfies pre-conditioned;
Sending module is used for judging that at said first judge module user's input information that said acquisition module obtains does not satisfy when pre-conditioned, returns error message or authentication failure message;
Whether second judge module, the count value that is used to judge said timer module equal the quantity of the PIN code corresponding with said message;
The digital signature module is used for when said second judge module judges that the count value of said timer module equals the quantity of the PIN code corresponding with said message, said message being carried out digital signature.
The embodiment of the invention provides a kind of general-purpose serial bus USB Key, comprising:
Acquisition module is used to obtain first user's input information and second user's input information, and said first user's input information is the mode that said user imports first people's recognition code PIN code, and/or, first PIN code of said user's input; Said second user's input information is the mode that said user imports second PIN code, and/or, second PIN code of said user's input;
First judge module is used to judge whether said first user's input information satisfies pre-conditioned;
Receiver module is used for judging that at said first judge module said first user's input information satisfies when pre-conditioned, receives the message from main frame;
Second judge module is used to judge the message coupling whether said second user's input information receives with said receiver module;
Sending module; Be used for judging that at said first judge module said first user's input information does not satisfy pre-conditioned; Perhaps, said second judge module is judged when message that said second user's input information and said receiver module receive does not match, is returned error message or authentication failure message;
The digital signature module is used for when said second judge module is judged the message coupling that said second user's input information and said receiver module receive, said message being carried out digital signature.
In the technical scheme that the embodiment of the invention provides, in verification process, use a plurality of PIN codes to carry out authentication, perhaps, in twice adjacent digital signature procedure, use different private keys to carry out digital signature; And according to the message that receives; Use corresponding private key to carry out digital signature, when a PIN code is revealed, can the authentication and the digital signature of other PIN codes do not impacted; Can reduce effectively because PIN code is revealed the loss that brings, the fail safe that has improved digital signature.
Description of drawings
A kind of digital signature method flow chart that Fig. 1 provides for the embodiment of the invention one;
A kind of message format sketch map that Fig. 2 provides for the embodiment of the invention one;
A kind of digital signature method flow chart that Fig. 3 provides for the embodiment of the invention two;
A kind of digital signature method flow chart that Fig. 4 provides for the embodiment of the invention three;
A kind of digital signature method flow chart that Fig. 5 provides for the embodiment of the invention four;
A kind of digital signature method flow chart that Fig. 6 provides for the embodiment of the invention five;
The structural representation of a kind of USB Key that Fig. 7 provides for the embodiment of the invention six;
The structural representation of a kind of USB Key that Fig. 8 provides for the embodiment of the invention seven;
The structural representation of a kind of USB Key that Fig. 9 provides for the embodiment of the invention eight;
The structural representation of a kind of USB Key that Figure 10 provides for the embodiment of the invention nine.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
Embodiment one
The embodiment of the invention one provides a kind of digital signature method, referring to Fig. 1, may further comprise the steps:
Step 101, main frame are obtained the data of user's input, carry out the message encapsulation according to these data, and the message that encapsulation obtains is sent to USB Key.
Wherein, the data of user's input can comprise instruction and/or parameter, and instruction comprises query statement, payment instruction and transfers accounts instruction etc.; Parameter comprises account number, account name and the amount of money etc. of transferring accounts.Operation system in the main frame is according to the data of user's input, and the function that provides through the control that calls in the main frame adds content to message, and content, keyword and the content-length information corresponding with content are encapsulated as the message segment in the message.When needs repeatedly when message adds content, need message segment be arranged according to the numbering of the corresponding message segment of different content.
The message that encapsulation obtains is the message of TLV form, and as shown in Figure 2, wherein, the content of Tag (label) is " 00 " of ACSII sign indicating number, takies 2 bytes; Length (length) takies 16 bytes, shows as the character of ten's digit; Value (value) comprises one or more message segments.Each message segment comprises keyword, numbering, length information and content, and keyword comprises show label and NV sign.
Wherein, show label is used to represent whether to show the content of this message segment, takies 1 byte, and its content can be " S " or " D ", and " S " expression shows the content of this message segment, and " D " expression does not show the content of this message segment.NV (Name-Value, name-value) sign is used to represent the display mode of the content of this message segment, takies 1 byte; Its content can be " N " or " V "; " N " expression promptly, shows at first half in the content with this message segment with the content of this message segment of form demonstration of name; " V " expression promptly, shows at latter half in the content with this message segment with the content of this message segment of form demonstration of value.Numbering is used to represent the numbering of this message segment, takies 2 bytes, and its content can be the numerical value from " 00 " to " 99 ".Content-length information is used to represent the length of the content of this message segment, takies 4 bytes.
For example; " Value " in the message that encapsulation obtains comprises 10 message segments; Content is respectively " SN010016 changes account number over to: ", " SV010015222222222222221 ", " SN020019 changes the account name over to: ", " SV020006 Li Si ", " SN030032 transfer accounts the amount of money (small letter): ", " SV03000810000.00 ", " DN010016 produces account number: ", " DV010015222222222222222 ", " DN020019 produces the account name: " and " DV020006 Zhang San ", and then content displayed is " change over to account number: 222222222222221 ", " change over to account name: Li Si " and " amount of money of transferring accounts (small letter): 10000.00 ".
Step 102, USB Key prompting user imports PIN code, and obtains the PIN code of user's input.
Particularly, USB Key can import PIN code through the display unit prompting user of self, also can through with main frame that self is connected on display unit point out the user to import PIN code.USB Key can obtain the PIN code of user input through the input unit of self, also can through with main frame that self is connected on input unit obtain the PIN code that the user imports.
For example, USB Key can import PIN code with screen display or voice prompting mode prompting user through the main frame that is connected with self; Also can be through liquid crystal display, lamp flicker or auditory tone cues, the prompting user imports PIN code.
The message coupling whether step 103, the mode of USB Key judges input PIN code receive with USB Key, if coupling, then execution in step 105; Otherwise, execution in step 104.
Particularly; USB Key can be according to the value of the content in the message segment that message comprised that receives; Confirm the data interval at this content place; And further confirm the mode of the input PIN code that this data interval is corresponding, if the mode of the input PIN code of confirming is identical with the mode that the user imports PIN code, confirm that then the user imports the mode of PIN code and message that USB Key receives matees; Otherwise, confirm that then the user imports the mode of PIN code and message that USB Key receives does not match.
For example; The message that receives as USB Key is during for " SV03000810000.00 "; The value of the content in the message segment that this message comprises is " 10000.00 "; USB Key can confirm that the data interval at this content place is (5000,15000), and confirms that further the mode of the input PIN code that this digital data is corresponding is the input mode that virtual desktop cooperates soft keyboard; If it is the input mode that virtual desktop cooperates soft keyboard that the user imports the mode of PIN code, confirm that then the user imports the mode of PIN code and matees with the message that USB Key receives; Otherwise, confirm that then the user imports the mode of PIN code and message that USB Key receives does not match.
USB Key also can import the mode of PIN code according to the user; Confirm the data interval that this mode is corresponding; If the value of the content in the message segment that message comprised that USB Key receives in this data interval, confirms then that the user imports the mode of PIN code and matees with the message that USB Key receives; Otherwise, confirm that then the user imports the mode of PIN code and message that USB Key receives does not match.
USB Key can also be according to the value of the keyword in the message segment that message comprised that receives; Confirm the mode of the input PIN code that this value is corresponding; If the mode of the input PIN code of confirming is identical with the mode that the user imports PIN code, confirm that then the user imports the mode of PIN code and message that USB Key receives matees; Otherwise, confirm that then the user imports the mode of PIN code and message that USB Key receives does not match.
For example; The message that receives as USB Key is during for " SN010016 changes account number over to: "; The value of the keyword in the message segment that this message comprises is " SN "; USB Key can confirm that the mode of the input PIN code that this value is corresponding is the common keyboard input mode, is the common keyboard input mode if the user imports the mode of PIN code, confirms that then the user imports the mode of PIN code and matees with the message that USB Key receives; Otherwise, confirm that then the user imports the mode of PIN code and message that USB Key receives does not match.
USB Key can also import the mode of PIN code according to the user; Confirm the value of the keyword that this mode is corresponding; If the value of the keyword in the value of the keyword of determining and the message segment that message comprised that USB Key receives is identical, confirm that then the user imports the mode of PIN code and matees with the message that USB Key receives; Otherwise, confirm that then the user imports the mode of PIN code and message that USB Key receives does not match.
Wherein, The mode of input PIN code can comprise that common keyboard input mode, soft keyboard input mode, virtual desktop cooperate the input mode of common keyboard, input mode that virtual desktop cooperates soft keyboard, having on the USB Key of input unit the directly mode of input, and the combination of above input mode.The mode of the input PIN code that different data intervals is can be corresponding different, the value of the data in the data interval is big more, and the mode of the input PIN code that this data interval is corresponding is more complicated.The mode of the input PIN code that the different values of keyword are also can be corresponding different.
Step 104, USB Key returns error message.
Need to prove, execute this step after, return step 102.
The message coupling whether step 105, the PIN code of USB Key judges input receive with USB Key, if coupling, then execution in step 106; Otherwise, return step 104.
Particularly; USB Key can be according to the value of the content in the message segment that message comprised that receives; Confirm the data interval at this content place; And further confirm the PIN code that this data interval is corresponding, if the PIN code of confirming is identical with the PIN code of user's input, then confirm the PIN code of user's input and the message coupling that USB Key receives; Otherwise, confirm that then the PIN code of user's input and the message that USB Key receives do not match.
USB Key also can be according to the PIN code of user's input; Confirm the data interval that this PIN code is corresponding; If the value of the content in the message segment that message comprised that USB Key receives in this data interval, is then confirmed the PIN code of user's input and the message coupling that USB Key receives; Otherwise, confirm that then the PIN code of user's input and the message that USB Key receives do not match.
USB Key can also be according to the value of the keyword in the message segment that message comprised that receives; Confirm the PIN code that this value is corresponding; If the PIN code of confirming is identical with the PIN code of user's input, then confirm the PIN code of user's input and the message coupling that USB Key receives; Otherwise, confirm that then the PIN code of user's input and the message that USB Key receives do not match.
USB Key can also be according to the PIN code of user's input; Confirm the value of the keyword that this PIN code is corresponding; If the value of the keyword in the value of the keyword of determining and the message segment that message comprised that USB Key receives is identical, confirm that then the PIN code of user's input and the message that USB Key receives mate; Otherwise, confirm that then the PIN code of user's input and the message that USB Key receives do not match.
Wherein, the value of the data in the PIN code that different data intervals is corresponding different, data interval is big more, and corresponding PIN code is more complicated.For example, the first interval interior data are less than or equal to 500, corresponding first PIN code; Second the size of data in interval in the scope of 501-2000, corresponding second PIN code; The 3rd data in interval are greater than 2000, corresponding the 3rd PIN code.The 3rd PIN code is more complicated than second PIN code, and second PIN code is more complicated than first PIN code.The different values of keyword also can corresponding different PIN codes.
Step 106, USB Key uses the one or more private keys corresponding with the message that receives, and this message is carried out digital signature.
Particularly; USB Key can confirm the data interval at this content place according to the value of the content in the message segment that message comprised that receives, and then confirms one or more private keys that this data interval is corresponding; That is one or more private keys corresponding, with the message that receives; Also can confirm one or more private keys that this value is corresponding according to the value of the keyword in the message segment that message comprised that receives, that is, and the one or more private keys corresponding with the message that receives.
Further; USB Key can use hash function to generate the message digest corresponding with the message that receives; And with one or more private keys of determining message digest is encrypted, the message digest after encrypting is sent to the recipient together as the digital signature and the message of message.The recipient can use identical hash function to generate the message digest corresponding with the message that receives, and with corresponding PKI the digital signature of COM Continuation of Message is deciphered, and obtains the decrypted message summary.When the message digest that uses hash function to generate with decipher the message digest that obtains when identical, the recipient can confirm that the digital signature that receives is a legitimate signature.
Wherein, different data intervals can corresponding different private key, and the value of the data in the data interval is big more, and the intensity of corresponding private key is big more.For example, the first interval interior data are less than or equal to 500, corresponding first private key; Second the size of data in interval in the scope of 501-2000, corresponding second private key; The 3rd data in interval are greater than 2000, corresponding the 3rd private key.The intensity of the 3rd private key is greater than the intensity of second private key, and the intensity of second private key is greater than the intensity of first private key.
In addition, the private key that different data intervals also can corresponding varying number, the value of the data in the data interval is big more, and the quantity of corresponding private key is more, intensity is big more.For example, the first interval interior data are less than or equal to 500, corresponding first private key; Second the size of data in interval in the scope of 501-2000, corresponding second private key and the 3rd private key; The 3rd data in interval are greater than 2000, corresponding second private key, the 3rd private key and the 4th key.
In addition, the different values of keyword can corresponding different private key, private key that also can corresponding varying number.
The message that the embodiment of the invention receives to USB Key; Use corresponding PIN code and PIN code input mode to carry out authentication; And use corresponding private key to carry out digital signature, when a PIN code is revealed, can authentication and digital signature that use other PIN codes do not impacted; Can reduce effectively because PIN code is revealed the loss that brings, the fail safe that has improved digital signature.
In the embodiment of the invention one, if the message the coupling whether mode of first judges input PIN code receives with USB Key is coupling, the message coupling that whether receives with USB Key of the PIN code of judges input again.In other embodiments of the invention; Also can be first the message coupling that whether receives with USB Key of the PIN code of judges input; If coupling, the message coupling that whether receives with USB Key of the mode of judges input PIN code again, idiographic flow is seen embodiment two.
Embodiment two
The embodiment of the invention two provides a kind of digital signature method, is applied to comprise the system of main frame and USB Key, referring to Fig. 3, may further comprise the steps:
Wherein, the data of user's input can comprise instruction and/or parameter.
Need to prove that above-mentioned steps 202 is the preferred steps of present embodiment.In other execution modes of the present invention, USB Key can not send information to main frame yet, and main frame directly points out the user to import PIN code after the data of obtaining user's input, obtains the PIN code of user's input, and this PIN code is sent to USB Key.
The message coupling whether step 204, the PIN code of USB Key judges input receive with USB Key, if coupling, then execution in step 206; Otherwise, execution in step 205.
Need to prove, the detailed process of the message the coupling whether PIN code of USB Key judges input receives with USB Key is identical with step 105 among the embodiment one.
Wherein, the initial value of authentification failure number of times is 0.
The message coupling whether step 208, the mode of USB Key judges input PIN code receive with USB Key, if coupling, then execution in step 209; Otherwise, return step 205.
Need to prove, the detailed process of the message the coupling whether mode of USB Key judges input PIN code receives with USB Key is identical with step 103 among the embodiment one.
Need to prove that USB Key carries out the detailed process of digital signature to message, identical with step 106 among the embodiment one.
The message that the embodiment of the invention receives to USB Key; Use corresponding PIN code and PIN code input mode to carry out authentication; And use corresponding private key to carry out digital signature, when a PIN code is revealed, can authentication and digital signature that use other PIN codes do not impacted; Can reduce effectively because PIN code is revealed the loss that brings, the fail safe that has improved digital signature.
Need to prove; In other execution modes of the present invention, USB Key can judges the message coupling that whether receives with USB Key of the PIN code of input, if coupling; Then use the private key corresponding, this message is carried out digital signature with the message that receives; Otherwise, return error message or authentication failure message; USB Key also can judges the message coupling that whether receives with USB Key of the mode of input PIN code, if coupling is then used the private key corresponding with the message that receives, this message is carried out digital signature; Otherwise, return error message or authentication failure message; Above-mentioned two kinds of execution modes can be realized goal of the invention of the present invention equally.
In other execution modes of the present invention, USB Key also can store the PIN code set, and the PIN code set comprises that a plurality of PIN codes, USB Key can also write down the PIN code that last authentication is used.In adjacent double probate process, USB Key uses different PIN codes to carry out authentication; USB Key can also store the private key set, and the private key set comprises a plurality of private keys, and in twice adjacent digital signature, USB Key uses different private keys to sign.Idiographic flow is seen embodiment three.
Embodiment three
The embodiment of the invention three provides a kind of digital signature method, referring to Fig. 4, may further comprise the steps:
The PIN code whether step 304, the PIN code of USB Key judges input are used during with the last time authentication is identical, if identical, then execution in step 305; Otherwise, execution in step 308.
Wherein, the initial value of authentification failure number of times is 0.
The message coupling whether step 308, the mode of USB Key judges input PIN code receive with USB Key, if coupling, then execution in step 309; Otherwise, return step 305.
Need to prove, the detailed process of the message the coupling whether mode of USB Key judges input PIN code receives with USB Key is identical with step 103 among the embodiment one.
Step 309, USB Key chooses and the different private key of the employed private key of last digital signature from the private key set, uses the private key of choosing that the message that receives is carried out digital signature, and writes down the employed PIN code of this authentication.
In the technical scheme that the embodiment of the invention provides, in adjacent double probate process, USB Key uses different PIN codes to carry out authentication; In twice adjacent digital signature procedure, USB Key uses different private keys to carry out digital signature; And to the message in the corresponding different pieces of information interval; USB Key uses different PIN code input modes to carry out authentication; And use different private keys to carry out digital signature, when the PIN code of certain authentication use is revealed, can not impact authentication next time and digital signature; Can reduce effectively because PIN code is revealed the loss that brings, the fail safe that has improved digital signature.
Need to prove that in other execution modes of the present invention, USB Key also can store PIN code input mode set, this set comprises multiple PIN code input mode, the PIN code input mode that USB Key uses in the time of can also writing down last authentication.USB Key obtains after the PIN code of user's input, and whether the mode of judges input PIN code is included in the PIN code input mode set of USB Key storage, if be not included in the set of PIN code input mode, then returns error message or authentication failure message; If be included in the PIN code input mode set, then the PIN code input mode whether used during with the last time authentication of the mode of judges input PIN code is identical, if identical, then returns error message or authentication failure message; If different, the message coupling that whether receives with USB Key of the PIN code of judges input then is if coupling is then carried out digital signature to the message that receives; Otherwise, return error message or authentication failure message.Above-mentioned execution mode can be realized goal of the invention of the present invention equally.
USB Key can also store PIN code input mode set simultaneously and gather with PIN code, and PIN code and the PIN code input mode used when writing down last authentication.USB Key obtains after the PIN code of user's input, and whether the mode of judges input PIN code is included in the PIN code input mode set of USB Key storage, if be not included in the set of PIN code input mode, then returns error message or authentication failure message; If be included in the PIN code input mode set, then the PIN code input mode whether used during with the last time authentication of the mode of judges input PIN code is identical, if identical, then returns error message or authentication failure message; If different, whether the PIN code of judges input is included in the PIN code set of USB Key storage, if be not included in the PIN code set, then returns error message or authentication failure message; If be included in the PIN code set, then the PIN code that whether uses during with the last time authentication of the PIN code of judges input is identical, if identical, then returns error message or authentication failure message; If different, the message coupling that whether receives with USB Key of the PIN code of judges input then is if coupling is then carried out digital signature to the message that receives; Otherwise, return error message or authentication failure message.Above-mentioned execution mode can be realized goal of the invention of the present invention equally.
In other execution modes of the present invention, USB Key also can store a plurality of PIN codes.In verification process, USB Key can use a plurality of PIN codes to carry out authentication, and idiographic flow is seen embodiment four.
Embodiment four
The embodiment of the invention four provides a kind of digital signature method, referring to Fig. 5, may further comprise the steps:
Step 401, USB Key receives the message from main frame.
Step 402, USB Key confirms the quantity of the PIN code corresponding with this message according to the message that receives.
Particularly; USB Key can be according to the value of the content in the message segment that message comprised; Confirm the data interval at this content place, confirm the quantity of corresponding PIN code according to this data interval, the quantity of the PIN code quantity of determining as the PIN code corresponding with message.USB Key also can confirm the quantity of the PIN code that this value is corresponding, with the quantity of the PIN code quantity of determining as the PIN code corresponding with message according to the value of the keyword in the message segment that message comprised.
Wherein, user's input information is imported the mode of PIN code for the user, and/or, the PIN code of user's input; The initial count value of counter is zero.
Wherein, pre-conditioned can be that user's input information and said message mate; Also can be included in the user's input information set that USB Key stores in advance for user's input information.
Wherein, the initial value of authentification failure number of times is 0.
Whether step 408, the count value that USB Key judges counter less than the quantity of the corresponding PIN code of the message that receives with USB Key, if less than, then return step 403; Otherwise, execution in step 409.
Need to prove that USB Key carries out the detailed process of digital signature to message, identical with step 106 among the embodiment one.
In the technical scheme that the embodiment of the invention provides, USB Key uses a plurality of PIN codes to carry out authentication in verification process; And according to the message that receives; USB Key uses corresponding private key to carry out digital signature, when a PIN code is revealed, can the authentication and the digital signature of other PIN codes not impacted; Can reduce effectively because PIN code is revealed the loss that brings, the fail safe that has improved digital signature.
Embodiment five
The embodiment of the invention five provides a kind of digital signature method, referring to Fig. 6, may further comprise the steps:
Wherein, first user's input information is imported the mode of first PIN code for the user, and/or, first PIN code of user's input.
Wherein, pre-conditioned can being specially: first user's input information is a presupposed information; Perhaps, first user's input information is included in the user's input information set that USB Key stores in advance.
Wherein, second user's input information is imported the mode of second PIN code for the user, and/or, second PIN code of user's input.
Need to prove that USB Key carries out the detailed process of digital signature to message, identical with step 106 among the embodiment one.
In the technical scheme that the embodiment of the invention provides, USB Key uses two PIN codes to carry out authentication in verification process; And according to the message that receives; USB Key uses corresponding PIN code to carry out authentication; And use corresponding private key to carry out digital signature, when a PIN code is revealed, can the authentication and the digital signature of other PIN codes do not impacted; Can reduce effectively because PIN code is revealed the loss that brings, the fail safe that has improved digital signature.
Embodiment six
The embodiment of the invention six provides a kind of USB Key, and is as shown in Figure 7, comprising:
Particularly, judge module 630 specifically is used for:
According to the value of the content in the message segment that said message comprised, confirm the data interval at said content place; According to said data interval, confirm the user's input information that said data interval is corresponding; Judge that the user's input information determine is whether identical with the user's input information that said acquisition module obtains, if identical, confirms that then the message that said user's input information that obtains and said receiver module receive matees; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match;
Perhaps,
Value according to the keyword in the message segment that said message comprised; Confirm the user's input information that said value is corresponding; Judge that the user's input information determine is whether identical with the user's input information that said acquisition module obtains; If identical, then confirm the message coupling that said user's input information that obtains and said receiver module receive; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match;
Perhaps,
According to the said user's input information that obtains; Confirm the data interval that said user's input information is corresponding; Whether the value of judging the content in the message segment that said message comprises is in the data interval of determining; If in the said data interval of determining, then confirm the message coupling that said user's input information that obtains and said receiver module receive; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match;
Perhaps,
According to the said user's input information that obtains; Confirm the value of the keyword that said user's input information is corresponding; The value of judging the said keyword of determining whether with message segment that said message is comprised in the value of keyword identical; If identical, then confirm the message coupling that said user's input information that obtains and said receiver module receive; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match.
Particularly, digital signature module 640 specifically is used to use the one or more private keys corresponding with said message, and said message is carried out digital signature;
Perhaps,
From the private key set of presetting, choose and the different private key of the employed private key of last digital signature, use the private key of choosing that said message is carried out digital signature.
Sending module 650 is used for when judge module 630 judges that said user's input information and said message do not match, returning error message or authentication failure message.
The message that the embodiment of the invention receives to USB Key; Use corresponding PIN code and PIN code input mode to carry out authentication; And use corresponding private key to carry out digital signature, when a PIN code is revealed, can authentication and digital signature that use other PIN codes do not impacted; Can reduce effectively because PIN code is revealed the loss that brings, the fail safe that has improved digital signature.
Embodiment seven
The embodiment of the invention seven provides a kind of USB Key, and is as shown in Figure 8, comprising:
Memory module 710 is used to store the user's input information set, and said user's input information is the mode that said user imports PIN code, and/or, the PIN code of said user's input.
Logging modle 720, the user's input information that uses when writing down last authentication.
Receiver module 730 is used to receive the message from main frame.
Acquisition module 740 is used to obtain user's input information.
First judge module 750 is used for judging whether the user's input information that acquisition module 740 obtains is included in said user's input information set.
Second judge module 760; Be used for when first judge module 750 judges that user's input information that acquisition modules 740 obtain is included in said user's input information set, the user's input information that uses when judging the said user's input information that obtains whether with last authentication is identical;
Digital signature module 770, be used for second judge module 760 judge the said user's input information that obtains whether with on the user's input information that once uses during authentication not simultaneously, said message is carried out digital signature;
Particularly, digital signature module 770 specifically is used to use the one or more private keys corresponding with said message, and said message is carried out digital signature;
Perhaps,
From the private key set of presetting, choose and the different private key of the employed private key of last digital signature, use the private key of choosing that said message is carried out digital signature.
Sending module 780; Be used for when first judge module 760 judges that user's input information that acquisition modules 740 obtain is not included in said user's input information set; Perhaps; Second judge module 760 judge the said user's input information that obtains whether with on the user's input information that once uses during authentication when identical, return error message or authentication failure message.
In the technical scheme that the embodiment of the invention provides, in adjacent double probate process, use different PIN codes to carry out authentication; In twice adjacent digital signature procedure, use different private keys to carry out digital signature; And to the message in the corresponding different pieces of information interval; Use different PIN code input modes to carry out authentication; And use different private keys to carry out digital signature, when the PIN code of certain authentication use is revealed, can not impact authentication next time and digital signature; Can reduce effectively because PIN code is revealed the loss that brings, the fail safe that has improved digital signature.
Embodiment eight
The embodiment of the invention eight provides a kind of USB Key, and is as shown in Figure 9, comprising:
Particularly, determination module 820, the value of the content of the message segment that specifically is used for comprising according to said message is confirmed the data interval at said content place; According to said data interval, confirm the quantity of the PIN code that said data interval is corresponding, with the quantity of the PIN code quantity of determining as the PIN code corresponding with said message;
Perhaps,
According to the value of the keyword in the message segment that said message comprised, confirm the quantity of the PIN code that said value is corresponding, with the quantity of the PIN code quantity of determining as the PIN code corresponding with said message.
Wherein, pre-conditioned, be specially: user's input information and said message coupling; Perhaps, user's input information is included in the user's input information set that said USB Key stores in advance.
When pre-conditioned when being user's input information and said message coupling,
According to the value of the content in the message segment that said message comprised, confirm the data interval at said content place; According to said data interval, confirm the user's input information that said data interval is corresponding; Judge that the user's input information determine is whether identical with the user's input information that said acquisition module obtains, if identical, confirms that then the message that said user's input information that obtains and said receiver module receive matees; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match;
Perhaps,
Value according to the keyword in the message segment that said message comprised; Confirm the user's input information that said value is corresponding; Judge that the user's input information determine is whether identical with the user's input information that said acquisition module obtains; If identical, then confirm the message coupling that said user's input information that obtains and said receiver module receive; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match;
Perhaps,
According to the said user's input information that obtains; Confirm the data interval that said user's input information is corresponding; Whether the value of judging the content in the message segment that said message comprises is in the data interval of determining; If in the said data interval of determining, then confirm the message coupling that said user's input information that obtains and said receiver module receive; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match;
Perhaps,
According to the said user's input information that obtains; Confirm the value of the keyword that said user's input information is corresponding; The value of judging the said keyword of determining whether with message segment that said message is comprised in the value of keyword identical; If identical, then confirm the message coupling that said user's input information that obtains and said receiver module receive; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match.
Sending module 860 is used for judging that at first judge module 850 user's input information that acquisition modules 830 obtain does not satisfy when pre-conditioned, returns error message or authentication failure message.
Whether second judge module 870, the count value that is used to judge timer module 840 equal the quantity of the PIN code corresponding with said message.
In the technical scheme that the embodiment of the invention provides, in verification process, use a plurality of PIN codes to carry out authentication; And according to the message that receives; Use corresponding private key to carry out digital signature, when a PIN code is revealed, can the authentication and the digital signature of other PIN codes do not impacted; Can reduce effectively because PIN code is revealed the loss that brings, the fail safe that has improved digital signature.
Embodiment nine
The embodiment of the invention nine provides a kind of USB Key, and is shown in figure 10, comprising:
Wherein, pre-conditioned being specially: first user's input information is a presupposed information; Perhaps, first user's input information is included in the user's input information set that USB Key stores in advance.
Particularly, second judge module 940 specifically is used for:
According to the value of the content in the message segment that said message comprised, confirm the data interval at said content place; According to said data interval, confirm the user's input information that said data interval is corresponding; Judge whether the user's input information of determining is identical with said second user's input information,, then confirm said second user's input information and said message coupling if identical; Otherwise, confirm that then said second user's input information and said message do not match;
Perhaps,
Value according to the keyword in the message segment that said message comprised; Confirm the user's input information that said value is corresponding; Judge whether the user's input information of determining is identical with said second user's input information; If identical, then confirm said second user's input information and said message coupling; Otherwise, confirm that then said second user's input information and said message do not match;
Perhaps,
According to said second user's input information; Confirm the data interval that said second user's input information is corresponding; Whether the value of judging the content in the message segment that said message comprises is in the data interval of determining; If in the said data interval of determining, then confirm said second user's input information and said message coupling; Otherwise, confirm that then said second user's input information and said message do not match;
Perhaps,
According to said second user's input information; Confirm the value of the keyword that said second user's input information is corresponding; The value of judging the said keyword of determining whether with message segment that said message is comprised in the value of keyword identical; If identical, then confirm said second user's input information and said message coupling; Otherwise, confirm that then said second user's input information and said message do not match.
Sending module 950; Be used for judging that at said first judge module 920 said first user's input information does not satisfy pre-conditioned; Perhaps; When the message that said second judge module, 940 said second user's input informations of judgement and said USB Key receive does not match, return error message or authentication failure message.
Particularly, digital signature module 960 specifically is used to use the one or more private keys corresponding with said message, and said message is carried out digital signature;
Perhaps,
From the private key set of presetting, choose and the different private key of the employed private key of last digital signature, use the private key of choosing that said message is carried out digital signature.
In the technical scheme that the embodiment of the invention provides, in verification process, use two PIN codes to carry out authentication; And according to the message that receives; Use corresponding PIN code to carry out authentication; And use corresponding private key to carry out digital signature, when a PIN code is revealed, can the authentication and the digital signature of other PIN codes do not impacted; Can reduce effectively because PIN code is revealed the loss that brings, the fail safe that has improved digital signature.
In conjunction with the software module that the step in the method for embodiment description disclosed herein can directly be carried out with hardware, processor, perhaps the combination of the two is implemented.Software module can place the storage medium of any other form known in random asccess memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or the technical field.
The above; Be merely embodiment of the present invention, but protection scope of the present invention is not limited thereto, any technical staff who is familiar with the present technique field is in the technical scope that the present invention discloses; Can expect easily changing or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by said protection range with claim.
Claims (26)
1. a digital signature method is characterized in that, may further comprise the steps:
General-purpose serial bus USB Key receives the message from main frame, obtains user's input information, and said user's input information is the mode that said user inputs individual identification password PIN code, and/or, the PIN code of said user's input;
Said USB Key judges the message the coupling whether user's input information that obtains receives with said USB Key;
If the message that said user's input information that obtains and said USB Key receive coupling, said USB Key carries out digital signature to said message;
If the message that said user's input information that obtains and said USB Key receive does not match, said USB Key returns error message or authentication failure message.
2. the method for claim 1 is characterized in that, the message coupling whether said USB Key judges input information receives with said USB Key specifically comprises:
Said USB Key confirms the data interval at said content place according to the value of the content in the message segment that said message comprised; Said USB Key confirms the user's input information that said data interval is corresponding according to said data interval; Said USB Key judges that the user's input information determined is whether identical with the user's input information that said USB Key obtains, if identical, confirms that then the message that said user's input information that obtains and said USB Key receive matees; Otherwise, confirm that then the message that said user's input information that obtains and said USB Key receive does not match;
Perhaps,
Said USB Key is according to the value of the keyword in the message segment that said message comprised; Confirm the user's input information that said value is corresponding; Judge that the user's input information determine is whether identical with the user's input information that said USB Key obtains; If identical, then confirm the message coupling that said user's input information that obtains and said USB Key receive; Otherwise, confirm that then the message that said user's input information that obtains and said USB Key receive does not match;
Perhaps,
Said USB Key is according to the said user's input information that obtains; Confirm the data interval that said user's input information is corresponding; Whether the value of judging the content in the message segment that said message comprises is in the data interval of determining; If in the said data interval of determining, then confirm the message coupling that said user's input information that obtains and said USB Key receive; Otherwise, confirm that then the message that said user's input information that obtains and said USB Key receive does not match;
Perhaps,
Said USB Key is according to the said user's input information that obtains; Confirm the value of the keyword that said user's input information is corresponding; The value of judging the said keyword of determining whether with message segment that said message is comprised in the value of keyword identical; If identical, then confirm the message coupling that said user's input information that obtains and said USB Key receive; Otherwise, confirm that then the message that said user's input information that obtains and said USB Key receive does not match.
3. the method for claim 1 is characterized in that, said USB Key carries out digital signature to said message, is specially:
Said USB Key uses the one or more private keys corresponding with said message, and said message is carried out digital signature;
Perhaps,
Said USB Key chooses and the different private key of the employed private key of last digital signature from the private key set of presetting, and uses the private key of choosing that said message is carried out digital signature.
4. a digital signature method is applied to comprise in the system of general-purpose serial bus USB Key and main frame, it is characterized in that; Said USB Key stores the user's input information set; And the user's input information that uses when recording last authentication, said user's input information is the mode that said user inputs individual identification password PIN code, and/or; The PIN code of said user's input said method comprising the steps of:
1., said USB Key obtains user's input information;
2., said USB Key judges whether the user's input information that obtains is included in the said user's input information set, if be included in the said user's input information set, then execution in step 4.; Otherwise execution in step 3.;
3., said USB Key returns error message or authentication failure message, process ends;
4., the user's input information that uses when judging the said user's input information that obtains whether with last authentication of said USB Key is identical, if identical, then execution in step is 3.; Otherwise execution in step 5.;
5., said USB Key carries out digital signature to the message that receives.
5. method as claimed in claim 4 is characterized in that, said USB Key carries out digital signature to the message that receives, and is specially:
Said USB Key uses the one or more private keys corresponding with said message, and said message is carried out digital signature;
Perhaps,
Said USB Key chooses and the different private key of the employed private key of last digital signature from the private key set of presetting, and uses the private key of choosing that said message is carried out digital signature.
6. a digital signature method is characterized in that, may further comprise the steps:
1., general-purpose serial bus USB Key receives the message from main frame, confirms the quantity of corresponding PIN code according to said message;
2., said USB Key obtains user's input information; The count value of counter is added 1, and the initial count value of said counter is zero, and said user's input information is the mode that said user inputs individual identification password PIN code; And/or, the PIN code of said user's input;
3., that said USB Key judges whether the user's input information obtain satisfies is pre-conditioned, if satisfy, then execution in step is 5.; Otherwise execution in step 4.;
4., said USB Key returns error message or authentication failure message, process ends;
5., said USB Key judge counter count value whether less than the quantity of the PIN code corresponding with said message, if less than, then return step 2.; Otherwise execution in step 6.;
6., said USB Key carries out digital signature to said message.
7. method as claimed in claim 6 is characterized in that, said USB Key specifically comprises according to the quantity of the PIN code of the definite correspondence of said message:
Said USB Key confirms the data interval at said content place according to the value of the content in the message segment that said message comprised; Said USB Key confirms the quantity of the PIN code that said data interval is corresponding, with the quantity of the PIN code quantity of determining as the PIN code corresponding with said message according to said data interval;
Perhaps,
Said USB Key confirms the quantity of the PIN code that said value is corresponding, with the quantity of the PIN code quantity of determining as the PIN code corresponding with said message according to the value of the keyword in the message segment that said message comprised.
8. method as claimed in claim 6 is characterized in that, and is said pre-conditioned, is specially:
Said user's input information and said message coupling;
Perhaps,
Said user's input information is included in the user's input information set that said USB Key stores in advance.
9. method as claimed in claim 6 is characterized in that, said pre-conditioned when being said user's input information and said message coupling, it is pre-conditioned that said USB Key judges whether the user's input information that obtains satisfies, and specifically comprises:
Said USB Key confirms the data interval at said content place according to the value of the content in the message segment that said message comprised; Said USB Key confirms the user's input information that said data interval is corresponding according to said data interval; Said USB Key judges that the user's input information determined is whether identical with the user's input information that said USB Key obtains, if identical, confirms that then the said user's input information that obtains satisfies pre-conditioned; Otherwise, confirm that then the said user's input information that obtains does not satisfy pre-conditioned;
Perhaps,
Said USB Key is according to the value of the keyword in the message segment that said message comprised; Confirm the user's input information that said value is corresponding; Judge that the user's input information determine is whether identical with the user's input information that said USB Key obtains; If identical, confirm that then the said user's input information that obtains satisfies pre-conditioned; Otherwise, confirm that then the said user's input information that obtains does not satisfy pre-conditioned;
Perhaps,
Said USB Key is according to the said user's input information that obtains; Confirm the data interval that said user's input information is corresponding; Whether the value of judging the content in the message segment that said message comprises is in the data interval of determining; If in the said data interval of determining, confirm that then the said user's input information that obtains satisfies pre-conditioned; Otherwise, confirm that then the said user's input information that obtains does not satisfy pre-conditioned;
Perhaps,
Said USB Key is according to the said user's input information that obtains; Confirm the value of the keyword that said user's input information is corresponding; The value of judging the said keyword of determining whether with message segment that said message is comprised in the value of keyword identical; If identical, confirm that then the said user's input information that obtains satisfies pre-conditioned; Otherwise, confirm that then the said user's input information that obtains does not satisfy pre-conditioned.
10. a digital signature method is characterized in that, may further comprise the steps:
1., general-purpose serial bus USB Key obtains first user's input information, it is pre-conditioned to judge whether said first user's input information satisfies, if do not satisfy, then execution in step 2.; If satisfy, execution in step 3.; Said first user's input information is the mode that said user imports first people's recognition code PIN code, and/or, first PIN code of said user's input;
2., said USB Key returns error message or authentication failure message, process ends;
3., said USB Key receives the message from main frame, obtains second user's input information, judges the message coupling whether said second user's input information receives with said USB Key, if do not match, then execution in step is 2.; If coupling, then execution in step 4.; Said second user's input information is the mode that said user imports second PIN code, and/or, second PIN code of said user's input;
4., said USB Key carries out digital signature to said message.
11. method as claimed in claim 10 is characterized in that, said pre-conditioned being specially:
Said first user's input information is a presupposed information;
Perhaps,
Said first user's input information is included in the user's input information set that said USB Key stores in advance.
12. method as claimed in claim 10 is characterized in that, said USB Key judges the message coupling whether second user's input information receives with said USB Key, specifically comprises:
Said USB Key confirms the data interval at said content place according to the value of the content in the message segment that said message comprised; Said USB Key confirms the user's input information that said data interval is corresponding according to said data interval; Said USB Key judges whether the user's input information of determining is identical with said second user's input information, if identical, then confirms the message coupling that said second user's input information and said USB Key receive; Otherwise, confirm that then the message that said second user's input information and said USB Key receive does not match;
Perhaps,
Said USB Key is according to the value of the keyword in the message segment that said message comprised; Confirm the user's input information that said value is corresponding; Judge whether the user's input information of determining is identical with said second user's input information; If identical, then confirm the message coupling that said second user's input information and said USB Key receive; Otherwise, confirm that then the message that said second user's input information and said USB Key receive does not match;
Perhaps,
Said USB Key is according to said second user's input information; Confirm the data interval that said second user's input information is corresponding; Whether the value of judging the content in the message segment that said message comprises is in the data interval of determining; If in the said data interval of determining, then confirm the message coupling that said second user's input information and said USB Key receive; Otherwise, confirm that then the message that said second user's input information and said USB Key receive does not match;
Perhaps,
Said USB Key is according to said second user's input information; Confirm the value of the keyword that said second user's input information is corresponding; The value of judging the said keyword of determining whether with message segment that said message is comprised in the value of keyword identical; If identical, then confirm the message coupling that said second user's input information and said USB Key receive; Otherwise, confirm that then the message that said second user's input information and said USB Key receive does not match.
13. method as claimed in claim 10 is characterized in that, said USB Key carries out digital signature to said message, is specially:
Said USB Key uses the one or more private keys corresponding with said message, and said message is carried out digital signature;
Perhaps,
Said USB Key chooses and the different private key of the employed private key of last digital signature from the private key set of presetting, and uses the private key of choosing that said message is carried out digital signature.
14. a general-purpose serial bus USB Key is characterized in that, comprising:
Receiver module is used to receive the message from main frame;
Acquisition module is used to obtain user's input information, and said user's input information is the mode that said user inputs individual identification password PIN code, and/or, the PIN code of said user's input;
Judge module is used to judge the message coupling whether user's input information that said acquisition module obtains receives with said receiver module;
The digital signature module is used for when said judge module is judged said user's input information and said message coupling, said message being carried out digital signature;
Sending module is used for when said judge module judges that said user's input information and said message do not match, returning error message or authentication failure message.
15. USB Key as claimed in claim 14 is characterized in that, said judge module specifically is used for:
According to the value of the content in the message segment that said message comprised, confirm the data interval at said content place; According to said data interval, confirm the user's input information that said data interval is corresponding; Judge that the user's input information determine is whether identical with the user's input information that said acquisition module obtains, if identical, confirms that then the message that said user's input information that obtains and said receiver module receive matees; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match;
Perhaps,
Value according to the keyword in the message segment that said message comprised; Confirm the user's input information that said value is corresponding; Judge that the user's input information determine is whether identical with the user's input information that said acquisition module obtains; If identical, then confirm the message coupling that said user's input information that obtains and said receiver module receive; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match;
Perhaps,
According to the said user's input information that obtains; Confirm the data interval that said user's input information is corresponding; Whether the value of judging the content in the message segment that said message comprises is in the data interval of determining; If in the said data interval of determining, then confirm the message coupling that said user's input information that obtains and said receiver module receive; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match;
Perhaps,
According to the said user's input information that obtains; Confirm the value of the keyword that said user's input information is corresponding; The value of judging the said keyword of determining whether with message segment that said message is comprised in the value of keyword identical; If identical, then confirm the message coupling that said user's input information that obtains and said receiver module receive; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match.
16. USB Key as claimed in claim 14 is characterized in that,
Said digital signature module specifically is used to use the one or more private keys corresponding with said message, and said message is carried out digital signature;
Perhaps,
From the private key set of presetting, choose and the different private key of the employed private key of last digital signature, use the private key of choosing that said message is carried out digital signature.
17. a general-purpose serial bus USB Key is characterized in that, comprising:
Memory module is used to store the user's input information set, and said user's input information is the mode that said user inputs individual identification password PIN code, and/or, the PIN code of said user's input;
Logging modle, the user's input information that uses when writing down last authentication;
Receiver module is used to receive the message from main frame;
Acquisition module is used to obtain user's input information;
First judge module is used for judging whether the user's input information that said acquisition module obtains is included in said user's input information set;
Second judge module; Be used for when said first judge module judges that user's input information that said acquisition module obtains is included in said user's input information set, the user's input information that uses when judging the said user's input information that obtains whether with last authentication is identical;
The digital signature module, be used for said second judge module judge the said user's input information that obtains whether with on the user's input information that once uses during authentication not simultaneously, said message is carried out digital signature;
Sending module; Be used for when said first judge module judges that user's input information that said acquisition module obtains is not included in said user's input information set; Perhaps; Said second judge module judge the said user's input information that obtains whether with on the user's input information that once uses during authentication when identical, return error message or authentication failure message.
18. USB Key as claimed in claim 17 is characterized in that,
Said digital signature module specifically is used to use the one or more private keys corresponding with said message, and said message is carried out digital signature;
Perhaps,
From the private key set of presetting, choose and the different private key of the employed private key of last digital signature, use the private key of choosing that said message is carried out digital signature.
19. a general-purpose serial bus USB Key is characterized in that, comprising:
Receiver module is used to receive the message from main frame;
Determination module is used for the quantity according to the individual identification password PIN code of the definite correspondence of said message;
Acquisition module is used to obtain user's input information, and said user's input information is the mode that said user imports PIN code, and/or, the PIN code of said user's input;
Counter module is used for after said acquisition module obtains user's input information, count value being added 1, and the initial value of said count value is zero;
First judge module is used to judge whether the user's input information that said acquisition module obtains satisfies pre-conditioned;
Sending module is used for judging that at said first judge module user's input information that said acquisition module obtains does not satisfy when pre-conditioned, returns error message or authentication failure message;
Whether second judge module, the count value that is used to judge said timer module equal the quantity of the PIN code corresponding with said message;
The digital signature module is used for when said second judge module judges that the count value of said timer module equals the quantity of the PIN code corresponding with said message, said message being carried out digital signature.
20. USB Key as claimed in claim 19 is characterized in that,
Said determination module, the value of the content of the message segment that specifically is used for comprising according to said message is confirmed the data interval at said content place; According to said data interval, confirm the quantity of the PIN code that said data interval is corresponding, with the quantity of the PIN code quantity of determining as the PIN code corresponding with said message;
Perhaps,
According to the value of the keyword in the message segment that said message comprised, confirm the quantity of the PIN code that said value is corresponding, with the quantity of the PIN code quantity of determining as the PIN code corresponding with said message.
21. USB Key as claimed in claim 19 is characterized in that, and is said pre-conditioned, is specially:
Said user's input information and said message coupling;
Perhaps,
Said user's input information is included in the user's input information set that said USB Key stores in advance.
22. USB Key as claimed in claim 19 is characterized in that, and is said pre-conditioned when being said user's input information and said message coupling,
Said first judge module specifically is used for:
According to the value of the content in the message segment that said message comprised, confirm the data interval at said content place; According to said data interval, confirm the user's input information that said data interval is corresponding; Judge that the user's input information determine is whether identical with the user's input information that said acquisition module obtains, if identical, confirms that then the message that said user's input information that obtains and said receiver module receive matees; Otherwise, confirm that the message that said user's input information that obtains and said receiver module receive does not match;
Perhaps,
Value according to the keyword in the message segment that said message comprised; Confirm the user's input information that said value is corresponding; Judge that the user's input information determine is whether identical with the user's input information that said acquisition module obtains; If identical, then confirm the message coupling that said user's input information that obtains and said receiver module receive; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match;
Perhaps,
According to the said user's input information that obtains; Confirm the data interval that said user's input information is corresponding; Whether the value of judging the content in the message segment that said message comprises is in the data interval of determining; If in the said data interval of determining, then confirm the message coupling that said user's input information that obtains and said receiver module receive; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match;
Perhaps,
According to the said user's input information that obtains; Confirm the value of the keyword that said user's input information is corresponding; The value of judging the said keyword of determining whether with message segment that said message is comprised in the value of keyword identical; If identical, then confirm the message coupling that said user's input information that obtains and said receiver module receive; Otherwise, confirm that then the message that said user's input information that obtains and said receiver module receive does not match.
23. a general-purpose serial bus USB Key is characterized in that, comprising:
Acquisition module is used to obtain first user's input information and second user's input information, and said first user's input information is the mode that said user imports first people's recognition code PIN code, and/or, first PIN code of said user's input; Said second user's input information is the mode that said user imports second PIN code, and/or, second PIN code of said user's input;
First judge module is used to judge whether said first user's input information satisfies pre-conditioned;
Receiver module is used for judging that at said first judge module said first user's input information satisfies when pre-conditioned, receives the message from main frame;
Second judge module is used to judge the message coupling whether said second user's input information receives with said receiver module;
Sending module; Be used for judging that at said first judge module said first user's input information does not satisfy pre-conditioned; Perhaps, said second judge module is judged when message that said second user's input information and said receiver module receive does not match, is returned error message or authentication failure message;
The digital signature module is used for when said second judge module is judged the message coupling that said second user's input information and said receiver module receive, said message being carried out digital signature.
24. USB Key as claimed in claim 23 is characterized in that, said pre-conditioned being specially:
Said first user's input information is a presupposed information;
Perhaps,
Said first user's input information is included in the user's input information set that said USB Key stores in advance.
25. USB Key as claimed in claim 23 is characterized in that, said second judge module specifically is used for:
According to the value of the content in the message segment that said message comprised, confirm the data interval at said content place; According to said data interval, confirm the user's input information that said data interval is corresponding; Judge whether the user's input information of determining is identical with said second user's input information,, then confirm said second user's input information and said message coupling if identical; Otherwise, confirm that then said second user's input information and said message do not match;
Perhaps,
Value according to the keyword in the message segment that said message comprised; Confirm the user's input information that said value is corresponding; Judge whether the user's input information of determining is identical with said second user's input information; If identical, then confirm said second user's input information and said message coupling; Otherwise, confirm that then said second user's input information and said message do not match;
Perhaps,
According to said second user's input information; Confirm the data interval that said second user's input information is corresponding; Whether the value of judging the content in the message segment that said message comprises is in the data interval of determining; If in the said data interval of determining, then confirm said second user's input information and said message coupling; Otherwise, confirm that then said second user's input information and said message do not match;
Perhaps,
According to said second user's input information; Confirm the value of the keyword that said second user's input information is corresponding; The value of judging the said keyword of determining whether with message segment that said message is comprised in the value of keyword identical; If identical, then confirm said second user's input information and said message coupling; Otherwise, confirm that then said second user's input information and said message do not match.
26. USB Key as claimed in claim 23 is characterized in that,
Said digital signature module specifically is used to use the one or more private keys corresponding with said message, and said message is carried out digital signature;
Perhaps,
From the private key set of presetting, choose and the different private key of the employed private key of last digital signature, use the private key of choosing that said message is carried out digital signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210135512.XA CN102685121B (en) | 2012-05-03 | 2012-05-03 | A kind of digital signature method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210135512.XA CN102685121B (en) | 2012-05-03 | 2012-05-03 | A kind of digital signature method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102685121A true CN102685121A (en) | 2012-09-19 |
| CN102685121B CN102685121B (en) | 2016-05-25 |
Family
ID=46816484
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210135512.XA Active CN102685121B (en) | 2012-05-03 | 2012-05-03 | A kind of digital signature method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102685121B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102938034A (en) * | 2012-10-26 | 2013-02-20 | 飞天诚信科技股份有限公司 | Working method for conversion device |
| CN106936594A (en) * | 2017-05-17 | 2017-07-07 | 浪潮通信信息系统有限公司 | A kind of chain type Self-certified safety interacting method |
| CN108011719A (en) * | 2017-11-16 | 2018-05-08 | 深圳市文鼎创数据科技有限公司 | A kind of endorsement method, device and digital signature system |
| CN110737878A (en) * | 2018-07-19 | 2020-01-31 | 深圳市鸿合创新信息技术有限责任公司 | Method and system for automatically configuring digital signature of application software and electronic equipment |
| CN111126973A (en) * | 2019-11-20 | 2020-05-08 | 北京锐格信安技术有限公司 | Encrypted digital currency wallet signature device and signature method |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127137A (en) * | 2007-09-13 | 2008-02-20 | 王昌荣 | Multiple cipher circulated validation method in electronic transaction process |
| CN101163012A (en) * | 2007-11-20 | 2008-04-16 | 江苏先安科技有限公司 | System and method of checking fine grit of digital certificate |
| CN101278538A (en) * | 2005-10-05 | 2008-10-01 | 普里瓦斯菲尔公司 | Method and devices for user authentication |
| CN101639883A (en) * | 2009-09-03 | 2010-02-03 | 北京飞天诚信科技有限公司 | Method for checking PIN code and intelligent key equipment |
| CN101800645A (en) * | 2010-02-05 | 2010-08-11 | 中国工商银行股份有限公司 | Identity authentication method, device and system |
| CN102024105A (en) * | 2010-11-16 | 2011-04-20 | 深圳市文鼎创数据科技有限公司 | Security certification method and device |
| CN102223233A (en) * | 2011-06-15 | 2011-10-19 | 刘洪利 | Biological code authentication system and biological code authentication method |
-
2012
- 2012-05-03 CN CN201210135512.XA patent/CN102685121B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101278538A (en) * | 2005-10-05 | 2008-10-01 | 普里瓦斯菲尔公司 | Method and devices for user authentication |
| CN101127137A (en) * | 2007-09-13 | 2008-02-20 | 王昌荣 | Multiple cipher circulated validation method in electronic transaction process |
| CN101163012A (en) * | 2007-11-20 | 2008-04-16 | 江苏先安科技有限公司 | System and method of checking fine grit of digital certificate |
| CN101639883A (en) * | 2009-09-03 | 2010-02-03 | 北京飞天诚信科技有限公司 | Method for checking PIN code and intelligent key equipment |
| CN101800645A (en) * | 2010-02-05 | 2010-08-11 | 中国工商银行股份有限公司 | Identity authentication method, device and system |
| CN102024105A (en) * | 2010-11-16 | 2011-04-20 | 深圳市文鼎创数据科技有限公司 | Security certification method and device |
| CN102223233A (en) * | 2011-06-15 | 2011-10-19 | 刘洪利 | Biological code authentication system and biological code authentication method |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102938034A (en) * | 2012-10-26 | 2013-02-20 | 飞天诚信科技股份有限公司 | Working method for conversion device |
| CN102938034B (en) * | 2012-10-26 | 2015-03-04 | 飞天诚信科技股份有限公司 | Working method for conversion device |
| CN106936594A (en) * | 2017-05-17 | 2017-07-07 | 浪潮通信信息系统有限公司 | A kind of chain type Self-certified safety interacting method |
| CN106936594B (en) * | 2017-05-17 | 2020-03-17 | 浪潮天元通信信息系统有限公司 | Chain type self-authentication security interaction method |
| CN108011719A (en) * | 2017-11-16 | 2018-05-08 | 深圳市文鼎创数据科技有限公司 | A kind of endorsement method, device and digital signature system |
| CN110737878A (en) * | 2018-07-19 | 2020-01-31 | 深圳市鸿合创新信息技术有限责任公司 | Method and system for automatically configuring digital signature of application software and electronic equipment |
| CN110737878B (en) * | 2018-07-19 | 2023-12-22 | 深圳市鸿合创新信息技术有限责任公司 | Method and system for automatically configuring digital signature of application software and electronic equipment |
| CN111126973A (en) * | 2019-11-20 | 2020-05-08 | 北京锐格信安技术有限公司 | Encrypted digital currency wallet signature device and signature method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102685121B (en) | 2016-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101593389B (en) | Key management method and key management system for POS terminal | |
| CN108154365B (en) | Safety equipment, method and system for generating dynamic two-dimensional code | |
| CN105491077B (en) | A kind of system of authentication | |
| CN1614924A (en) | Identity certifying system based on intelligent card and dynamic coding | |
| CN103281299B (en) | A kind of ciphering and deciphering device and information processing method and system | |
| CN112104627B (en) | Block chain-based data transmission method and device, electronic equipment and storage medium | |
| CN101739622A (en) | Trusted payment computer system | |
| CN102685121A (en) | Digital signature method and digital signature device | |
| US8984599B2 (en) | Real time password generation apparatus and method | |
| CN113822675A (en) | Block chain based message processing method, device, equipment and storage medium | |
| CN110659899B (en) | Offline payment method, device and equipment | |
| CN102238135A (en) | Security authentication server | |
| CN107733936B (en) | Encryption method for mobile data | |
| CN105989481A (en) | Data interaction method and system | |
| CN103514540A (en) | USBKEY business realization method and system | |
| CN105989477A (en) | Data interaction method | |
| CN101739623A (en) | Trusted payment computer system | |
| CN105991539A (en) | Data interaction method and system | |
| CN103475658B (en) | Dynamic password generating method and device and authentication method and system | |
| CN201742426U (en) | Sim card safety certificate server | |
| CN201378346Y (en) | Credible payment computer device | |
| CN105991530A (en) | Data interaction system | |
| CN105991527A (en) | Data interaction system | |
| CN201845350U (en) | Safety certification SIM (subscriber identity module) card with long service life | |
| CN102236818A (en) | Long-life security authentication smart card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |