CN103795546A - Generating method and authentication method of data label and system of generating method and authentication method - Google Patents
Generating method and authentication method of data label and system of generating method and authentication method Download PDFInfo
- Publication number
- CN103795546A CN103795546A CN201410055101.9A CN201410055101A CN103795546A CN 103795546 A CN103795546 A CN 103795546A CN 201410055101 A CN201410055101 A CN 201410055101A CN 103795546 A CN103795546 A CN 103795546A
- Authority
- CN
- China
- Prior art keywords
- service provider
- tag service
- data label
- data
- ibc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a generating method and an authentication method of a data label and a system of the generating method and the authentication method. A label service provider firstly obtains an IBC public key which is generated by a certificate authority according to a digital certificate of the certificate authority, an application for a private key is sent to a key management center according to the IBC public key, and an IBC key pair is constituted. When the data label is generated, signing is conducted on data content of the data label according to the private key, and then a signing value, the data content of the data label and the IBC public key are embedded into the data label. Therefore, when authentication is conducted on the data label, identity validity of the label service provider can be verified according to the IBC public key, and data integrity of the data label is verified according to the signing value. In addition, as the IBC public key needs to be added in the data label only, data volume of authentication information added in the data label is greatly reduced, and the generating method and the authentication method of the data label and the system of the generating method and the authentication method can be conveniently applied to a two-dimension code and other data labels having the small data volume.
Description
Technical field
The present invention relates to the technical field of data label, particularly relate to a kind of data label generation method and system thereof, and a kind of authentication method of data label and system thereof.
Background technology
It is a basic service in digital world that user authenticates.The user authen method early occurring is the thought based on public-key cryptosystem.Public-key cryptosystem not only has the function of encryption, also has the function of authentication simultaneously.Under traditional public key system framework, the right generation of PKI and private key meets certain rule, is not what any information can be as PKI and private key information, and its form is that some seem random digital information, with user's identity without any contacting.Using certain user's PKI to be encrypted or when certifying signature, must confirm that used PKI belongs to that and declare to have its user really.This needs a reliable third party CA(Certificate Authority), claim again certificate agency, to each user's issue public key certificates in system.On public key certificate, the signature of CA can closely connect user's identity and his PKI.Under this framework, certification authority is an important department, is responsible for each link of client public key certificate life cycle: generate, sign and issue, store, safeguard, upgrade, cancel etc.We call the public-key cryptosystem (PKI) based on certificate the cryptographic system of this certificate of necessity.
Conventionally be difficult to set up a certification authority that the whole world is unified, the complexity that reaches this target is mainly to need to set up consistent certificate policy by common negotiation between certification authority, and builds a certificate chain that the whole world is unified.In order to reduce the maintenance cost of digital certificate system, propose the thought of the cryptography (IBC) based on identity, and proposed the signature algorithm based on identity (IBS) of an employing RSA Algorithm.In recent years, cryptologist has proposed more cryptographic algorithm (IBC) based on identity.
The design original intention of the cryptography (IBC) based on identity is that its basic idea is exactly that user's identity and its PKI are bundled in the most natural mode: user's identity information is user's PKI in order to simplify the management of CA to each user certificate in traditional PKI PKI architectural framework.Under the framework of the public key system based on identity, in the time that a user uses another user's PKI, only need know this user's identity information, and without the public key certificate that goes again to obtain and verify this user.If PKI does not need distribution, support so the necessary most facilities of public key cryptography will become unnecessary.For example, if a user's PKI is his identity in some reference formats, as an e-mail address, an information transmitter only needs this user's e-mail address to issue the information of an encryption of this user so, does not need other mechanism to distribute PKI.
Cryptographic system based on identity has following these advantages:
The first, do not need public key certificate, user's PKI be exactly can unique its identity of identification information.Like this, encipherer or signature verifier can not need to know other extra information of recipient in advance.
The second, not certificate of necessity mechanism, only needs a private key generating center (PKG) to each user's service.User submits to the identity public key of oneself to PKG, and PKG calculates and issue user's private key.
The 3rd, public key cryptosyst based on identity is a natural key escrow center, and user's private key can be recovered in center if desired, with the Content of Communication of monitoring users (but, from this angle of privacy of user, this advantage is also a shortcoming of the cryptographic system based on identity).
The 4th, because PKG does not need to process third-party request, IBC has reduced cost and the facility of supporting encryption.
The 5th, key revocation is simple.Picture is above-mentioned, as long as PKG embeds sufficiently long time interval and realizes Bob certificate revocation after this interval in the ID of Bob, and each time interval start generate a new private key to Bob.
The 6th, forward security can be provided.Go the conventional method of constructing non-interactive type forward secrecy cryptographic system to be by a cryptographic system based on identity: user oneself plays the part of the role of PKG, but his master key and corresponding PKI to get the nod from CA there; The PKI of every one-phase is just similar to the subscriber identity information in the system based on identity, and corresponding private key obtains from cipher key-extraction.
But the cryptographic system based on identity also has self shortcoming, mainly contains:
(1) key escrow is a shortcoming.The signature that PKG can have the ability to decipher any one user's information or forge any one user, but regrettably, from the basic premise of the cryptographic system based on identity, this shortcoming is unavoidable.Although there is the certain methods can be the risk minimization of the drawback of trustship, for example usage threshold password allows multiple entities jointly participate in the generation of private key.From the angle of privacy, this viewpoint of trustship is very unsafe.
(2) in the time that user is many, the generation of private key will become the calculating of PKG costliness.If the current date joins client's PKI ID the inside, PKG will generate a private key for each client every day so.And CA only need to issue a certificate revocation list (CRT) every day and upgrades, and CRT upgrades and may only need less calculating, because its inside only needs to comprise the user who revoked certificate the same day.
Digital signature (claiming again public key digital signature, Electronic Signature) is a kind of similar common physics signature writing on paper, but has used the technology in public key encryption field to realize, for the method for discriminating digit information.The conventionally two kinds of complementary computings of definition of a set of digital signature, one for signature, and another is for checking.There is the file of digital signature, be easy to verify its integrality (do not need seal on the perforation, the junction of the edges of two sheets of paper signature), and digital signature has non repudiation (being non-repudiation), do not need handwriting expert to verify.
Two-dimensional bar code (Quick Response Code) is a kind of data label.It is the chequered with black and white graphic recording data symbol information distributing in plane (two-dimensional directional) according to certain rules with certain specific geometric figure.On coding, utilize dexterously " 0 ", the concept of " 1 " bit stream that form computer-internal logical foundations, represent word numerical information with several geometrical bodies corresponding with binary system, automatically process to realize information by image input device or photoelectric scanning device automatically identifying and reading.The code system that two-dimensional bar code is conventional has QR Code, PDF417 etc., every kind of code system has its specific character set, each character occupies certain width, has certain verifying function, also has the feature such as information automatic identification function and processing graphics rotation variation to different rows simultaneously.Two-dimensional bar code has the characteristics such as storage capacity is large, confidentiality is high, traceability is high, anti-damage is strong, cost is cheap, is specially adapted to the aspects such as list, safe and secret, tracking, license, stock taking, data backup.
Along with e-commerce venture carries out the line lower parallel interaction of reaching the standard grade more and more, Quick Response Code has become the crucial entrance of mobile Internet and O2O, becomes the important marketing carrier that e-commerce venture lands.In conjunction with the concept of O2O, Quick Response Code can bring in electric business field consumer more convenient and consumption experience fast, become on electric business's platform connecting line with line under a new path, be conducive to realize the function such as extension, horizontal price contrast of product information.But the fail safe of Quick Response Code also enjoys challenge, just becoming the stumbling-block on the universal road of Quick Response Code with Malware and virus.In mobile Internet, apply Quick Response Code, more common tupe is from Quick Response Code, to extract internet link, and prompting download software, and some software may keep virus.Wherein a part of virus can impact mobile phone, panel computer after downloading and installing; Also have part virus be offender disguise oneself as application fee suction wooden horse, once download will cause mobile phone automatically to send information and take off a large amount of telephone expenses.Therefore the fail safe that, improves the data labels such as Quick Response Code is a problem demanding prompt solution.
In Quick Response Code, embed digital signature, realize authentication to information publisher, and whether identify the information that Quick Response Code carries complete, the fail safe that can effectively improve Quick Response Code.One method is to implant digital signature with digital envelope form at Quick Response Code in PDF417 Quick Response Code, realizes official document content is authenticated by PKI technology.Its basic process is to use RSA(rivest, shamir, adelman) technology is that official document content produces digital signature, after then in the mode of digital envelope, official document content and signature thereof being encrypted, then transmits by Quick Response Code.This technology can guarantee that official document content is not tampered on the one hand, can guarantee again on the other hand to only have specific targeted customer could decode and verify official document content.Another kind method is by the digital signature of cleartext information or the ciphertext after encrypted private key and cleartext information is embedded in Quick Response Code, user identifies after Quick Response Code, by ciphertext being decrypted to (if expressly not needing deciphering), and carry out signature verification, thereby can determine quickly and easily whether this Quick Response Code was tampered, if Quick Response Code was not distorted, credible, otherwise insincere.
Whether the basic principle of technique scheme is all that PKI digital signature is embedded in Quick Response Code, be tampered to identify Quick Response Code content.But, in the middle of practical application, except will verifying that Quick Response Code content is not tampered, also need accurately to identify the identity of signer, only effective in signer identity, and meet in the situation of particular constraints condition, just can think that Quick Response Code is credible.If can not identify signer identity, can only build the information system of sealing, verify that the information system of Quick Response Code must set up the list of credible public-key cryptography, only have the digital signature of user's signature of these public-key cryptography to be only believable.Obviously, this condition restriction the application scenario of Quick Response Code, also run in the opposite direction with the design object of PKI system simultaneously.
In order to identify signer identity, common technology means are to use the signature that meets PKCS#7 standard, embed customer digital certificate, certification authority digital certificate in digital signature.User is in the time of certifying digital signature, validity that should authentication of users digital certificate (comprise signature validity, whether in validity period of certificate, whether certificate be canceled etc.), also need authentication of users digital certificate and certification authority digital certificate whether to form effective certificate chain.
But due to the application restric-tion such as printing quality, discrimination, the available capacity of Quick Response Code is generally lower than 1KB, having the more Quick Response Code of large information capacity can propose harsh requirement to identification terminal.But the amount of information of digital certificate is generally larger, this conflict causes by unrealistic the way of PKCS#7 signature embedding Quick Response Code, unless identification terminal can read the Quick Response Code of vast capacity.
Summary of the invention
Identity and label substance integrality that cannot simultaneous verification label provider for the authentication method of the data labels such as existing Quick Response Code, or the problem that the data volume that need to embed in data label is excessive, the invention provides a kind of data label generation method and system thereof.
A kind of data label generation method, comprises the following steps: obtain the IBC PKI that certification authority generates according to tag service provider's digital certificate; Obtain the corresponding private key that KMC generates according to described IBC PKI; According to described private key, the data content of data label is carried out to digital signature, obtain signature value; Described data content, described IBC PKI and described signature value are embedded to described data label.
A kind of data label generation system, comprising: public key acquisition module, private key acquisition module, digital signature module and label generation module.The IBC PKI that described public key acquisition module generates according to tag service provider's digital certificate for obtaining certification authority; The corresponding private key that described private key acquisition module generates according to described IBC PKI for obtaining KMC; Described digital signature module, for according to described private key, the data content of data label being carried out to digital signature, obtains signature value; Described label generation module is for embedding described data label by described data content, described IBC PKI and described signature value.
In data label generation method of the present invention and system thereof, first tag service provider will obtain the significant digits certificate that certification authority is issued, prove the legitimacy of identity, then just can obtain the IBC PKI that certification authority generates according to described digital certificate, then generate corresponding private key according to described IBC PKI to KMC's application, composition IBC key pair, in the time generating described data label, data content signature according to described private key to described data label, then by signature value, the data content of described data label and described IBC PKI are embedded in described data label.Therefore in the time carrying out the authentication of data label, can be according to described IBC public key verifications tag service provider's identity legitimacy, and verify the data integrity of described data label according to described signature value.And owing to only need to adding IBC PKI in described data label, and do not need to add customer digital certificate, certification authority digital certificate.Greatly reduce the data volume of adding the authentication information in data label to, can be applied to easily in the data label that the data capacities such as Quick Response Code are less.Because without the both validity of authentication of users digital certificate, also want authentication of users digital certificate and certification authority digital certificate whether to form effective certificate chain, so also reduced the identifying procedure of data label, improved efficiency.
Identity and label substance integrality that cannot simultaneous verification label provider for the authentication method of the data labels such as existing Quick Response Code, or the problem that the data volume that need to embed in data label is excessive, the present invention also provides a kind of authentication method and system thereof of data label.
An authentication method for data label, comprises the following steps:
Tag service provider obtains the IBC PKI that certification authority generates according to tag service provider's digital certificate, and obtain KMC according to the corresponding private key of described IBC PKI generation, according to described private key, the data content of data label is carried out to digital signature, acquisition signature value, embeds described data label by described data content, described IBC PKI and described signature value;
Tag service relying party obtains described data label, resolve described data label and obtain described data content, described IBC PKI and described signature value, according to described IBC PKI, described tag service provider's identity is authenticated, verify according to described signature value whether described data content is modified.
A Verification System for data label, comprises tag service provider and tag service relying party;
The IBC PKI that described tag service provider generates according to tag service provider's digital certificate for obtaining certification authority, and obtain KMC according to the corresponding private key of described IBC PKI generation, according to described private key, the data content of data label is carried out to digital signature, acquisition signature value, embeds described data label by described data content, described IBC PKI and described signature value;
Described tag service relying party is used for obtaining described data label, resolve described data label and obtain described data content, described IBC PKI and described signature value, according to described IBC PKI, described tag service provider's identity is authenticated, verify according to described signature value whether described data content is modified.
In the authentication method and system thereof of data label of the present invention, first tag service provider will obtain the significant digits certificate that certification authority is issued, prove the legitimacy of identity, then just can obtain the IBC PKI that certification authority generates according to described digital certificate, then generate corresponding private key according to described IBC PKI to KMC's application, composition IBC key pair.In the time generating described data label, the data content signature according to described private key to described data label, is then embedded into the data content of signature value, described data label and described IBC PKI in described data label.Therefore described tag service relying party is in the time carrying out the authentication of data label, can be according to described IBC public key verifications tag service provider's identity legitimacy, and verify the data integrity of described data label according to described signature value.Owing to only need to adding IBC PKI in described data label, and do not need to add customer digital certificate, certification authority digital certificate.Greatly reduce the data volume of adding the authentication information in data label to, can be applied to easily in the data label that the data capacities such as Quick Response Code are less.Because without the both validity of authentication of users digital certificate, also want authentication of users digital certificate and certification authority digital certificate whether to form effective certificate chain, so also reduced the identifying procedure of data label, improved efficiency.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of data label generation method of the present invention;
Fig. 2 is the schematic flow sheet of the authentication method of data label of the present invention;
Fig. 3 is the schematic diagram of a kind of preferred embodiment of authentication method of data label of the present invention;
Fig. 4 is the structural representation of data label generation system of the present invention;
Fig. 5 is the structural representation of the Verification System of data label of the present invention.
Embodiment
Refer to Fig. 1, Fig. 1 is the schematic flow sheet of data label generation method of the present invention.
Described data label generation method, comprises the following steps:
S101, obtains the IBC PKI that certification authority generates according to tag service provider's digital certificate;
S102, obtains the corresponding private key that KMC generates according to described IBC PKI;
S103, carries out digital signature according to described private key to the data content of data label, obtains signature value;
S104, embeds described data label by described data content, described IBC PKI and described signature value.
In data label generation method of the present invention, first tag service provider will obtain the significant digits certificate that certification authority is issued, prove the legitimacy of identity, then just can obtain the IBC PKI that certification authority generates according to described digital certificate, then generate corresponding private key according to described IBC PKI to KMC's application, composition IBC key pair, in the time generating described data label, data content signature according to described private key to described data label, then by signature value, the data content of described data label and described IBC PKI are embedded in described data label.Therefore in the time carrying out the authentication of data label, can be according to described IBC public key verifications tag service provider's identity legitimacy, and verify the data integrity of described data label according to described signature value.And owing to only need to adding IBC PKI in described data label, and do not need to add customer digital certificate, certification authority digital certificate.Greatly reduce the data volume of adding the authentication information in data label to, can be applied to easily in the data label that the data capacities such as Quick Response Code are less.Because without the both validity of authentication of users digital certificate, also want authentication of users digital certificate and certification authority digital certificate whether to form effective certificate chain, so also reduced the identifying procedure of data label, improved efficiency.
Wherein, for step S101, obtain the IBC PKI that certification authority generates according to tag service provider's digital certificate.
Described tag service provider (TSP) can propose applying digital certificate to described certification authority (CA), described certification authority is that described tag service provider provides corresponding digital certificate, and generates described tag service provider's IBC PKI according to described digital certificate.
In one embodiment, described tag service provider can propose the application of IBC PKI to described certification authority, described certification authority is according to the application of described IBC PKI, whether the digital certificate of verifying described tag service provider is effective, if effectively, generate described tag service provider's IBC PKI according to described digital certificate, otherwise refusal generates described tag service provider's IBC PKI.
Because each described tag service provider must propose applying digital certificate to described certification authority, obtain corresponding digital certificate, then give an IBC PKI producing according to described digital certificate by certification authority, therefore tag service provider's legal identity is given by certification authority, and manage, certification authority can be by the generation of certificate or IBC PKI, upgrade, the legal identity (IBC PKI) of operation to each tag service provider such as cancelling manages, the legal identity of guaranteeing each tag service provider can be verified.
And, described certification authority is in the time generating described IBC PKI, check described tag service provider's digital certificate whether effective, whether before the deadline, certification authority is in the described tag service provider's of checking the effective situation of digital certificate, for user produces IBC PKI: CN={ user's name }, TrustID={ unique identification }, wherein the information such as placeholder " user's name " and " unique identification " is extracted from user's digital certificate; As an example, user's IBC PKI can be: CN=TSP, TrustID=0001.Can also embedded key in IBC PKI to life cycle, and guarantee issuing of key to be no more than the term of validity of digital certificate.
At step S102, obtain the corresponding private key that KMC generates according to described IBC PKI.
As a kind of embodiment, described tag service provider can directly submit private key granting application to described KMC (PKG).
Described tag service provider directly proposes private key granting application to KMC, now, KMC need to verify the legitimacy of tag service provider's identity, for this reason, KMC can confirm by proposing inquiry application to certification authority tag service provider's identity.
As another kind of embodiment, described certification authority replaces tag service provider to submit IBC PKI to KMC, applies for generating IBC private key for tag service provider., described IBC PKI is forwarded to described KMC by described certificate authority structure; KMC generates corresponding private key according to described IBC PKI, and described private key is sent to described tag service provider.
Described KMC can send to subscriber by IBC private key by trusted channels such as encrypted E-mails.In order to guarantee that IBE private key is not by unauthorized use, IBC private key can also be implanted to Intelligent key equipment (UKey).
Replacing tag service provider to propose private key granting to described KMC by described certificate authority structure applies for, now certificate authority structure has confirmed that tag service provider's identity is legal effectively, therefore KMC, can be directly for tag service provider generates IBC key pair without the identity of verifying again tag service provider.
As a kind of preferred embodiment, described certification authority further obtains system parameters and the public-key cryptography of IBC system, by open in the mode of grant a certificate to described system parameters and public-key cryptography.Be that KMC can be safeguarded and move to certification authority, comprise the system parameters SP and the public-key cryptography mPK that determine IBC system, and by these parameter external disclosures.The mode that for example can adopt grant a certificate is open by these parameters, and any subscriber can obtain these parameters, and verifies that these parameters are issued by certification authority.
At step S103, according to described private key, the data content of data label is carried out to digital signature, obtain signature value.
Tag service provider, in the time of needs generated data label, for example, while generating Quick Response Code, first adopts tag service provider's IBC private key, according to Digital Signature Algorithm, as the Digital Signature Algorithm (IBS) of signature based on mark calculates signature value.
Then in step S104, described data content, described IBC PKI and described signature value are embedded to described data label.
For example, in Quick Response Code, can produce electronic message, the effective information (being data content) transmitting comprising need, tag service provider's IBC PKI and signature value based on the XML standard of signing.Then generate the Quick Response Code of the corresponding described electronic message of record according to described electronic message.
As a kind of preferred embodiment, described tag service provider can further embed the sequence number of described tag service provider's digital certificate in described data label, and online certificate query link, as online certificate query URI;
; tag service relying party (TSR) is in the time resolving described data label; can further obtain the sequence number of described tag service provider's digital certificate; and online certificate query link, whether effective by the digital certificate sequence number of tag service provider described in described online certificate query link queries.
Further, also can in described data label, record effective signature scope, to check the validity of described digital signature.
Refer to Fig. 2, Fig. 2 is the schematic flow sheet of the authentication method of data label of the present invention.
The authentication method of described data label comprises: two parts of smart-tag authentication method that the label generating method that tag service provider carries out and tag service relying party carry out.
Wherein, tag service provider carry out above-mentioned steps S101 to S104 label generating method.; tag service provider obtains the IBC PKI that certification authority generates according to tag service provider's digital certificate; and obtain KMC according to the corresponding private key of described IBC PKI generation; according to described private key, the data content of data label is carried out to digital signature; acquisition signature value, embeds described data label by described data content, described IBC PKI and described signature value;
Because S101 to S104 is identical with above-mentioned steps, therefore, do not repeat them here.
And in the present invention, tag service relying party is after obtaining the data label of described tag service provider's generation, the smart-tag authentication method of execution comprises following concrete steps:
S201, obtains described data label, resolves described data label and obtains described data content, described IBC PKI and described signature value;
S202, authenticates described tag service provider's identity according to described IBC PKI;
S203, verifies according to described signature value whether described data content is modified.
Wherein, described data label is included as the data label of the small data capacity that Quick Response Code etc. is conventional.
Described tag service relying party can obtain described data label by number of ways, for example, for Quick Response Code, may be in one embodiment tag service provider by described Quick Response Code by network or record by other means described Quick Response Code and provide to user, and in certain object, described Quick Response Code is passed to described tag service relying party by user, in an application scenarios, be for example using Quick Response Code as consumption certificate, require described tag service relying party that specific service is provided.
And described tag service relying party is after obtaining described Quick Response Code, resolve described Quick Response Code according to specific Quick Response Code decoding process, obtain data content, IBC PKI and the signature value in described Quick Response Code, recorded.Then first by described IBC public key verifications tag service provider's identity, and then certifying signature value confirms whether this Quick Response Code is tampered.
As a kind of embodiment, described tag service provider can further embed the sequence number of described tag service provider's digital certificate in described data label, and online certificate query link, as online certificate query URI; Described tag service relying party is in the time resolving described data label, can further obtain the sequence number of described tag service provider's digital certificate, and online certificate query link, whether effective by the digital certificate sequence number of tag service provider described in described online certificate query link queries.
Described tag service relying party can further check that whether the customer identification number carrying in described tag service provider's IBC PKI is consistent with the certificate extensions information in its digital certificate.
In the application scenario that need to carry out to user identity strong authentication, tag service relying party can also pass through the means online query tag service providers' such as LDAP, OCSP digital certificate, and checks that whether the TrustID carrying in PKI is consistent with the certificate extensions information in digital certificate.
And for Intranet system, can also complete by equipment such as digital certificate gateway, sub-OCSP the examination of TrustID.
As another kind of embodiment, described tag service relying party also can obtain the IBC PKI that certification authority generates according to tag service provider's digital certificate, and obtains the corresponding private key that KMC generates according to described IBC PKI.Its IBC PKI and the corresponding adquisitiones of private key and described tag service provider's adquisitiones are similar, again repeat no more.
Therefore, in the present embodiment, described tag service relying party also holds IBC key pair, therefore described tag service relying party also can by produce data label (as Quick Response Code) to as described in tag service provider feed back any information, thereby realize interactively service promise.
Described tag service relying party is in the time producing data label, according to its private key, the data content of data label is carried out to digital signature equally, obtain corresponding signature value, then the data content of described data label, described tag service relying party's IBC PKI and corresponding signature value are embedded to described data label.
It is worthy of note, in the present embodiment, described tag service relying party is producing when data label, and its identity has in fact been converted to tag service provider, and a side who its data label providing is provided and is carried out data smart-tag authentication is converted to tag service relying party.
As a kind of preferred implementation, described tag service provider and tag service relying party can SEPARATE APPLICATION IBC keys pair, and separately according to corresponding IBC key to using method of the present invention to generate corresponding data label, and utilize described data label to realize interactively service promise.
Refer to Fig. 3, Fig. 3 is the schematic diagram of a kind of preferred embodiment of authentication method of data label of the present invention.
Data label is in the present embodiment Quick Response Code, and the identifying procedure of described Quick Response Code is as follows:
First, tag service provider TSP, tag service relying party TSR propose certificate request to certification authority (CA).
Certification authority (CA) is that tag service provider TSP, tag service relying party TSR provide RSA digital certificate.
Then, tag service provider TSP, tag service relying party TSR propose IBC key to application to certification authority (CA) respectively, certification authority (CA) is in the effective situation of checking TSR digital certificate, for tag service provider TSP and tag service relying party TSR produce respectively IBC PKI: CN={ user's name }, TrustID={ unique identification }.
Certification authority (CA) replaces TSP/TSR to submit IBC PKI to the PKG of KMC, applies for as generating IBC private key;
The PKG of KMC sends to subscriber by trusted channels such as encrypted E-mails by IBC private key.In order to guarantee that lBE private key is not by unauthorized use, IBC private key can also be implanted to UKey equipment.
Tag service provider TSP is in the time that needs generate Quick Response Code, produce electronic message based on XML signature standard, the digital certificate sequence number of the effective information (being data content) transmitting comprising need, the IBC PKI of tag service provider TSP, tag service provider TSP, online certificate query URI, effectively sign scope and signature value.Wherein, signature value is the IBC private key that adopts tag service provider TSP, calculates according to the Digital Signature Algorithm (IBS) based on mark.
Quick Response Code is provided the User to user by tag service provider TSP.
For certain object, Quick Response Code is passed to tag service relying party TSR by user User.For example, a kind of practical scene is using Quick Response Code as consumption certificate, requires tag service relying party TSR that specific service is provided.
Tag service relying party TSR, after identification Quick Response Code, first confirms the identity of tag service provider TSP by IBC PKI, then certifying signature value confirms that Quick Response Code is not tampered.
In the present embodiment, described tag service relying party also can obtain the IBC PKI that certification authority generates according to tag service provider's digital certificate, and obtains the corresponding private key that KMC generates according to described IBC PKI.
Therefore, in the present embodiment, described tag service relying party also holds IBC key pair, therefore described tag service relying party also can by produce data label (as Quick Response Code) to as described in tag service provider feed back any information, thereby realize interactively service promise.
Described tag service relying party is in the time producing data label, according to its private key, the data content of data label is carried out to digital signature equally, obtain corresponding signature value, then the data content of described data label, described tag service relying party's IBC PKI and corresponding signature value are embedded to described data label.
Should be noted that, in the present embodiment, described tag service relying party is in the time producing data label, and its identity has in fact been converted to tag service provider, and a side who its data label providing is provided and is carried out data smart-tag authentication is as tag service relying party.
Refer to Fig. 4, Fig. 4 is the structural representation of data label generation system of the present invention.
Described data label generation system, comprising:
Public key acquisition module 11, the IBC PKI generating according to tag service provider's digital certificate for obtaining certification authority;
Private key acquisition module 12, the corresponding private key generating according to described IBC PKI for obtaining KMC;
In data label generation system of the present invention, first tag service provider obtains by public key acquisition module 11 the significant digits certificate that certification authority is issued, prove the legitimacy of identity, then just can obtain the IBC PKI that certification authority generates according to described digital certificate, then described private key acquisition module 12 generates corresponding private key according to described IBC PKI to KMC's application, composition IBC key pair.In the time generating described data label, described digital signature module 13 is the data content signature to described data label according to described private key, and then described label generation module 14 is embedded into the data content of signature value, described data label and described IBC PKI in described data label.Therefore in the time carrying out the authentication of data label, can be according to described IBC public key verifications tag service provider's identity legitimacy, and verify the data integrity of described data label according to described signature value.And owing to only need to adding IBC PKI in described data label, and do not need to add customer digital certificate, certification authority digital certificate.Greatly reduce the data volume of adding the authentication information in data label to, can be applied to easily in the data label that the data capacities such as Quick Response Code are less.Because without the both validity of authentication of users digital certificate, also want authentication of users digital certificate and certification authority digital certificate whether to form effective certificate chain, so also reduced the identifying procedure of data label, improved efficiency.
Wherein, described public key acquisition module 11 is obtained the IBC PKI that certification authority generates according to tag service provider's digital certificate.
In one embodiment, the public key acquisition module 11 that described tag service provider comprises is also for proposing applying digital certificate to described certification authority; Described certification authority is that described tag service provider provides corresponding digital certificate, and generates described tag service provider's IBC PKI according to described digital certificate.
Further, the public key acquisition module 11 that described tag service provider comprises is also for proposing the application of IBC PKI to described certification authority, described certification authority is according to the application of described IBC PKI, whether the digital certificate of verifying described tag service provider is effective, if effectively, generate described tag service provider's IBC PKI according to described digital certificate, otherwise refusal generates described tag service provider's IBC PKI.
Because each described tag service provider must propose applying digital certificate to described certification authority, obtain corresponding digital certificate, then give an IBC PKI producing according to described digital certificate by certification authority, therefore tag service provider's legal identity is given by certification authority, and manage, certification authority can be by the generation of certificate or IBC PKI, upgrade, the legal identity (IBC PKI) of operation to each tag service provider such as cancelling manages, the legal identity of guaranteeing each tag service provider can be verified.
And, described certification authority is in the time generating described IBC PKI, check described tag service provider's digital certificate whether effective, whether before the deadline, certification authority is in the described tag service provider's of checking the effective situation of digital certificate, for user produces IBC PKI: CN={ user's name }, TrustID={ unique identification }.Guarantee issuing of key to be no more than the term of validity of digital certificate.
Described private key acquisition module 12 obtains the corresponding private key that KMC generates according to described IBC PKI.
As a kind of embodiment, the private key acquisition module 12 that described tag service provider comprises can directly be passed application private key to described KMC.
As another kind of embodiment, described certification authority replaces tag service provider to submit IBC PKI to KMC, applies for as generating IBC private key.
, described IBC PKI is forwarded to described KMC by described certificate authority structure; KMC generates corresponding private key according to described IBC PKI, and described private key is sent to described tag service provider.Described private key acquisition module 12 can obtain corresponding private key, composition IBC key pair.
Described KMC can send to subscriber by IBC private key by trusted channels such as encrypted E-mails.In order to guarantee that lBE private key is not by unauthorized use, IBC private key can also be implanted to UKey equipment.
As a kind of preferred embodiment, described certification authority can further obtain system parameters and the public-key cryptography of IBC system, by open in the mode of grant a certificate to described system parameters and public-key cryptography.
Be that KMC can be safeguarded and move to certification authority, comprise the system parameters SP and the public-key cryptography mPK that determine IBC system, and by these parameter external disclosures.The mode that for example can adopt grant a certificate is open by these parameters, and any subscriber can obtain these parameters, and verifies that these parameters are issued by certification authority.
Described digital signature module 13, for according to described private key, the data content of data label being carried out to digital signature, obtains signature value.
Tag service provider is in the time of needs generated data label, for example, while generating Quick Response Code, first described digital signature module 13 adopts tag service provider's IBC private key, according to Digital Signature Algorithm, as the Digital Signature Algorithm (IBS) of signature based on mark calculates signature value.
Then described data content, described IBC PKI and described signature value are embedded described data label by described label generation module 14.
For example, in Quick Response Code, can produce electronic message, the effective information (being data content) transmitting comprising need, tag service provider's IBC PKI and signature value based on the XML standard of signing.Then generate the Quick Response Code of the corresponding described electronic message of record according to described electronic message.
As a kind of preferred embodiment, described tag service provider's described label generation module 14 can further embed the sequence number of described tag service provider's digital certificate in described data label, and online certificate query link, as online certificate query URI;
; tag service relying party is in the time resolving described data label; can further obtain the sequence number of described tag service provider's digital certificate; and online certificate query link, whether effective by the digital certificate sequence number of tag service provider described in described online certificate query link queries.
Further, described tag service provider's described label generation module 14 also can be recorded effective signature scope in described data label, to check the validity of described digital signature.
Refer to Fig. 5, Fig. 5 is the structural representation of the Verification System of data label of the present invention.
The Verification System of described data label comprises: tag service provider 10 and tag service relying party 20.
Described tag service provider 10 comprises above-mentioned data label generation system, and for the label generating method of carrying out, described tag service relying party is the smart-tag authentication method for carrying out.
Wherein, tag service provider comprises above-mentioned data label generation system, comprises described public key acquisition module 11, described private key acquisition module 12, described digital signature module 13 and described label generation module 14.
The IBC PKI that described public key acquisition module 11 generates according to tag service provider's digital certificate for obtaining certification authority; The corresponding private key that described private key acquisition module 12 generates according to described IBC PKI for obtaining KMC; Described digital signature module 13, for according to described private key, the data content of data label being carried out to digital signature, obtains signature value; Described label generation module 14 is for embedding described data label by described data content, described IBC PKI and described signature value.
Because above-mentioned modules is identical with data label generation system of the present invention, therefore, do not repeat them here.
Described tag service relying party 20 comprises:
Parsing module 21, for obtaining described data label, resolves described data label and obtains described data content, described IBC PKI and described signature value;
Wherein, described data label is included as the data label of the small data capacity that Quick Response Code etc. is conventional.
Described tag service relying party can obtain described data label by number of ways, for example, for Quick Response Code, may be in one embodiment tag service provider by described Quick Response Code by network or record by other means described Quick Response Code and provide to user, and in certain object, described Quick Response Code is passed to described tag service relying party by user, in an application scenarios, be for example using Quick Response Code as consumption certificate, require described tag service relying party that specific service is provided.
And described tag service relying party is obtaining after described Quick Response Code, described parsing module 21 is wherein resolved described Quick Response Code according to specific Quick Response Code decoding process, obtains data content, IBC PKI and the signature value in described Quick Response Code, recorded.Then described authentication module 22 is first by described IBC public key verifications tag service provider's identity, and then certifying signature value confirms whether this Quick Response Code is tampered.
As a kind of embodiment, described tag service provider's 10 described label generation module 14 is also for embed the sequence number of described tag service provider's digital certificate at described data label, and online certificate query link;
Described tag service relying party's 20 described parsing module 21 also when resolving described data label, obtains the sequence number of described tag service provider's digital certificate, and online certificate query link; Whether described authentication module 22 is also for effective by the digital certificate sequence number of tag service provider described in described online certificate query link queries.
Further, whether described tag service relying party's 20 described authentication module 22 is also consistent with the certificate extensions information in its digital certificate for checking the customer identification number that described tag service provider's IBC PKI carries.
In the present embodiment, in the application scenario that need to carry out to user identity strong authentication, tag service relying party can also pass through the means online query tag service providers' such as LDAP, OCSP digital certificate, and checks that whether the TrustID carrying in PKI is consistent with the certificate extensions information in digital certificate.
And for Intranet system, can also complete by equipment such as digital certificate gateway, sub-OCSP the examination of TrustID.
Data label generation method of the present invention and system thereof, the authentication method of data label and system thereof are also compared with the prior art and have the following advantages:
The IBC PKI that has added tag service provider due to the present invention in data label replaces tag service provider's digital certificate and the digital certificate of certification authority, and tag service provider's identity is verified.And the length of IBC PKI is shorter, be suitable for being subject to representing user identity in the low capacity data labels such as the Quick Response Code of application restric-tion in information capacity, solve the low capacity data label off-capacities such as Quick Response Code, cannot effectively identify the problem of signer identity.
Certification authority can be used as trusted third party and carries out key escrow, is moved and maintenance key administrative center (PKG) by certification authority, reduces the cost of operation PKG, and the fail safe that can improve key escrow.
Replace subscriber to file an application IBC key pair to PKG by certification authority, for the subscriber who has passed through authentication and provided digital certificate, can be safely for its generation and distribute IBC key pair, and not needing to carry out extra verification process, this can solve the right problem of secure distribution IBC key effectively.
Because the create-rule of IBC PKI is determined by certification authority, produce associated with subscriber's digital certificate and TrustID according to fixing rule, the user of any dependence IBC finishing service, the identity information PKI of ad hoc rules (that is meet) that can reasonably suppose user is credible, and has uniqueness.
One of ordinary skill in the art will appreciate that all or part of flow process realizing in above-mentioned execution mode, and corresponding system, can carry out the hardware that instruction is relevant by computer program to complete, described program can be stored in a computer read/write memory medium, this program, in the time carrying out, can comprise the flow process as the respective embodiments described above.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc.
The above embodiment has only expressed several execution mode of the present invention, and it describes comparatively concrete and detailed, but can not therefore be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection range of patent of the present invention should be as the criterion with claims.
Claims (17)
1. a data label generation method, is characterized in that, comprises the following steps:
Obtain the IBC PKI that certification authority generates according to tag service provider's digital certificate;
Obtain the corresponding private key that the PKG of KMC generates according to described IBC PKI;
According to described private key, the data content of data label is carried out to digital signature, obtain signature value;
Described data content, described IBC PKI and described signature value are embedded to described data label.
2. data label generation method as claimed in claim 1, is characterized in that, described data label is Quick Response Code.
3. the data label generation method as described in claim 1 or 2, is characterized in that, further comprising the steps of:
In described data label, further embed the sequence number of described tag service provider's digital certificate, and online certificate query link.
4. a data label generation system, is characterized in that, comprising:
Public key acquisition module, the IBC PKI generating according to tag service provider's digital certificate for obtaining certification authority;
Private key acquisition module, the corresponding private key generating according to described IBC PKI for obtaining the PKG of KMC;
Digital signature module, for according to described private key, the data content of data label being carried out to digital signature, obtains signature value;
Label generation module, for embedding described data label by described data content, described IBC PKI and described signature value.
5. data label generation system as claimed in claim 4, is characterized in that, described data label is Quick Response Code.
6. the data label generation system as described in claim 4 or 5, is characterized in that:
Described label generation module is further used for embedding the sequence number of described tag service provider's digital certificate in described data label, and online certificate query link.
7. an authentication method for data label, is characterized in that, comprises the following steps:
Tag service provider obtains the IBC PKI that certification authority generates according to tag service provider's digital certificate, and obtain the PKG of KMC according to the corresponding private key of described IBC PKI generation, according to described private key, the data content of data label is carried out to digital signature, acquisition signature value, embeds described data label by described data content, described IBC PKI and described signature value;
Tag service relying party obtains described data label, resolve described data label and obtain described data content, described IBC PKI and described signature value, according to described IBC PKI, described tag service provider's identity is authenticated, verify according to described signature value whether described data content is modified.
8. the authentication method of data label as claimed in claim 7, is characterized in that, described data label is Quick Response Code.
9. the authentication method of the data label as described in claim 7 or 8, is characterized in that, tag service provider obtains certification authority and comprises according to the step of the IBC PKI of tag service provider's digital certificate generation:
Tag service provider proposes applying digital certificate to described certification authority;
Described certification authority is that described tag service provider provides corresponding digital certificate, and generates described tag service provider's IBC PKI according to described digital certificate.
10. the authentication method of data label as claimed in claim 9, is characterized in that, the step that certification authority generates described tag service provider's IBC PKI according to described digital certificate comprises:
Tag service provider proposes the application of IBC PKI to described certification authority;
Described certification authority is according to the application of described IBC PKI, whether the digital certificate of verifying described tag service provider is effective, if effectively, generate described tag service provider's IBC PKI according to described digital certificate, otherwise refusal generates described tag service provider's IBC PKI.
The authentication method of 11. data labels as described in claim 7 or 8, is characterized in that, tag service provider obtains the step that the PKG of KMC generates corresponding private key according to described IBC PKI and comprises:
Described IBC PKI is forwarded to the described PKG of KMC by certificate authority structure;
The PKG of KMC generates corresponding private key according to described IBC PKI, and described private key is sent to described tag service provider.
The authentication method of 12. data labels as described in claim 7 or 8, is characterized in that:
Described tag service provider further embeds the sequence number of described tag service provider's digital certificate in described data label, and online certificate query link;
When described tag service relying party resolves described data label, further obtain the sequence number of described tag service provider's digital certificate, and online certificate query link, whether effective by the digital certificate sequence number of tag service provider described in described online certificate query link queries.
The Verification System of 13. 1 kinds of data labels, comprises tag service provider and tag service relying party;
It is characterized in that, described tag service provider comprises:
Public key acquisition module, the IBC PKI generating according to tag service provider's digital certificate for obtaining certification authority;
Private key acquisition module, the corresponding private key generating according to described IBC PKI for obtaining the PKG of KMC;
Digital signature module, for according to described private key, the data content of data label being carried out to digital signature, obtains signature value;
Label generation module, for embedding described data label by described data content, described IBC PKI and described signature value;
Described tag service relying party comprises:
Parsing module, for obtaining described data label, resolves described data label and obtains described data content, described IBC PKI and described signature value;
Authentication module, for according to described IBC PKI, described tag service provider's identity being authenticated, verifies according to described signature value whether described data content is modified.
The Verification System of 14. data labels as claimed in claim 13, is characterized in that, described data label is Quick Response Code.
The Verification System of 15. data labels as described in claim 13 or 14, is characterized in that:
Described public key acquisition module is also for proposing applying digital certificate to described certification authority, and described certification authority is the digital certificate that described tag service provider provides, and generates described tag service provider's IBC PKI according to described digital certificate.
The Verification System of 16. data labels as claimed in claim 15, is characterized in that:
Described public key acquisition module is also for proposing the application of IBC PKI to described certification authority, described certification authority is according to the application of described IBC PKI, whether the digital certificate of verifying described tag service provider is effective, if effectively, generate described tag service provider's IBC PKI according to described digital certificate, otherwise refusal generates described tag service provider's IBC PKI.
The Verification System of 17. data labels as described in claim 13 or 14, is characterized in that:
Described tag service provider's described label generation module is also for embed the sequence number of described tag service provider's digital certificate at described data label, and online certificate query link;
Described tag service relying party's described parsing module also when resolving described data label, obtains the sequence number of described tag service provider's digital certificate, and online certificate query link; Whether described authentication module is also for effective by the digital certificate sequence number of tag service provider described in described online certificate query link queries.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410055101.9A CN103795546A (en) | 2014-02-18 | 2014-02-18 | Generating method and authentication method of data label and system of generating method and authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410055101.9A CN103795546A (en) | 2014-02-18 | 2014-02-18 | Generating method and authentication method of data label and system of generating method and authentication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103795546A true CN103795546A (en) | 2014-05-14 |
Family
ID=50670873
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410055101.9A Pending CN103795546A (en) | 2014-02-18 | 2014-02-18 | Generating method and authentication method of data label and system of generating method and authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103795546A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105024824A (en) * | 2014-11-05 | 2015-11-04 | 祝国龙 | Method for generating and verifying credible label based on asymmetrical encryption algorithm and system |
| CN105227570A (en) * | 2015-10-19 | 2016-01-06 | 成都卫士通信息产业股份有限公司 | A kind of safe e-mail system of integrated campaign |
| CN105245337A (en) * | 2015-10-30 | 2016-01-13 | 南京未来网络产业创新有限公司 | Improved file encryption and decryption method |
| CN105718820A (en) * | 2015-04-22 | 2016-06-29 | 浙江省东阳第三建筑工程有限公司 | Anti-fake electronic seal system |
| CN107835079A (en) * | 2017-11-02 | 2018-03-23 | 广州佳都数据服务有限公司 | A kind of two-dimentional code authentication method and equipment based on digital certificate |
| CN109376554A (en) * | 2018-10-16 | 2019-02-22 | 周金明 | Multiple terminals electronic document based on label and view examines label method and careful label system |
| CN109495268A (en) * | 2017-09-12 | 2019-03-19 | 中国移动通信集团公司 | A kind of two dimension code authentication method, device and computer readable storage medium |
| CN109508560A (en) * | 2018-11-20 | 2019-03-22 | 孟凡富 | Electronic tag offline authentication system and method |
| CN111092719A (en) * | 2018-10-23 | 2020-05-01 | 中国银联股份有限公司 | Label data refreshing method and system, payment method and system |
| CN112865972A (en) * | 2021-03-31 | 2021-05-28 | 深圳市巽震科技孵化器有限公司 | Initialization method, device and system based on digital certificate platform and storage device |
| CN113704742A (en) * | 2021-09-23 | 2021-11-26 | 北京国民安盾科技有限公司 | Method and system for preventing user privacy leakage through equipment verification |
-
2014
- 2014-02-18 CN CN201410055101.9A patent/CN103795546A/en active Pending
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017016318A1 (en) * | 2014-11-05 | 2017-02-02 | 祝国龙 | Credible label generation and verification method and system based on asymmetric cryptographic algorithm |
| CN105024824A (en) * | 2014-11-05 | 2015-11-04 | 祝国龙 | Method for generating and verifying credible label based on asymmetrical encryption algorithm and system |
| CN105024824B (en) * | 2014-11-05 | 2018-12-21 | 浙江码博士防伪科技有限公司 | The generation and verification method and system of credible label based on rivest, shamir, adelman |
| CN105718820A (en) * | 2015-04-22 | 2016-06-29 | 浙江省东阳第三建筑工程有限公司 | Anti-fake electronic seal system |
| CN105227570B (en) * | 2015-10-19 | 2019-02-15 | 成都卫士通信息产业股份有限公司 | A kind of safe e-mail system of integrated campaign |
| CN105227570A (en) * | 2015-10-19 | 2016-01-06 | 成都卫士通信息产业股份有限公司 | A kind of safe e-mail system of integrated campaign |
| CN105245337A (en) * | 2015-10-30 | 2016-01-13 | 南京未来网络产业创新有限公司 | Improved file encryption and decryption method |
| CN109495268B (en) * | 2017-09-12 | 2020-12-29 | 中国移动通信集团公司 | Two-dimensional code authentication method and device and computer readable storage medium |
| CN109495268A (en) * | 2017-09-12 | 2019-03-19 | 中国移动通信集团公司 | A kind of two dimension code authentication method, device and computer readable storage medium |
| CN107835079A (en) * | 2017-11-02 | 2018-03-23 | 广州佳都数据服务有限公司 | A kind of two-dimentional code authentication method and equipment based on digital certificate |
| CN109376554A (en) * | 2018-10-16 | 2019-02-22 | 周金明 | Multiple terminals electronic document based on label and view examines label method and careful label system |
| CN109376554B (en) * | 2018-10-16 | 2022-02-11 | 周金明 | Multi-terminal electronic document examination and signature method and system based on labels and views |
| CN111092719A (en) * | 2018-10-23 | 2020-05-01 | 中国银联股份有限公司 | Label data refreshing method and system, payment method and system |
| CN111092719B (en) * | 2018-10-23 | 2022-11-15 | 中国银联股份有限公司 | Label data refreshing method and system, payment method and system |
| CN109508560A (en) * | 2018-11-20 | 2019-03-22 | 孟凡富 | Electronic tag offline authentication system and method |
| CN112865972A (en) * | 2021-03-31 | 2021-05-28 | 深圳市巽震科技孵化器有限公司 | Initialization method, device and system based on digital certificate platform and storage device |
| CN112865972B (en) * | 2021-03-31 | 2023-03-14 | 深圳市巽震科技孵化器有限公司 | Initialization method, device and system based on digital certificate platform and storage device |
| CN113704742A (en) * | 2021-09-23 | 2021-11-26 | 北京国民安盾科技有限公司 | Method and system for preventing user privacy leakage through equipment verification |
| CN113704742B (en) * | 2021-09-23 | 2024-04-26 | 北京国民安盾科技有限公司 | Method and system for preventing device verification from leaking user privacy |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103795546A (en) | Generating method and authentication method of data label and system of generating method and authentication method | |
| CN112637278B (en) | Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium | |
| CN108830600B (en) | Block chain-based electronic invoice system and implementation method | |
| CN103440444B (en) | The signing method of electronic contract | |
| CN108229188B (en) | Method for signing file and verifying file by using identification key | |
| CN107742212B (en) | Asset verification method, device and system based on block chain | |
| US9397839B2 (en) | Non-hierarchical infrastructure for managing twin-security keys of physical persons or of elements (IGCP/PKI) | |
| CN101340437B (en) | Time source regulating method and system | |
| Zhang et al. | Secure and efficient data storage and sharing scheme for blockchain‐based mobile‐edge computing | |
| US20100205431A1 (en) | System, method and program product for checking revocation status of a biometric reference template | |
| US20110173452A1 (en) | Method of generating compound type combined public key | |
| CN108092779A (en) | A kind of method and device for realizing electronic signature | |
| CN1922816B (en) | One way authentication | |
| CN202424771U (en) | Security service system for electronic contracts | |
| US20150372813A1 (en) | System and method for generating a random number | |
| CN106921496A (en) | A kind of digital signature method and system | |
| CN103490881A (en) | Authentication service system, user authentication method, and authentication information processing method and system | |
| CN101183439A (en) | Electronic bill processing system and processing method | |
| CN103107996A (en) | On-line download method and system of digital certificate and digital certificate issuing platform | |
| CN109729046A (en) | Two-dimensional code scanning method and terminal, authentication method and server and service system | |
| CN108022194A (en) | Law-enforcing recorder and its data safety processing method, server and system | |
| CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
| CN112905979B (en) | Electronic signature authorization method and device, storage medium and electronic device | |
| CN104200154A (en) | Identity based installation package signing method and identity based installation package signing device | |
| CN108768975A (en) | Support the data integrity verification method of key updating and third party's secret protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 528200 science and technology road, Nanhai Software Science Park, Nanhai Town, Nanhai District, Foshan, Guangdong Applicant after: Age of security Polytron Technologies Inc Address before: 528200 science and technology road, Nanhai Software Science Park, Nanhai Town, Nanhai District, Foshan, Guangdong Applicant before: Guangdong Certificate Authority Center Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140514 |