CN105933116B - The electronic signature generation of SM2 based on segmentation module feature and verification method and device - Google Patents

Abstract

The invention provides one kind electronic signature generation and verification method and device.Methods described includes：Obtain user's factor password, specific to user for generation electronic signature input based on user；Obtain random factor；Obtain user and input the equipment factor on the mobile device of password, specific to mobile device；Based on user's factor, random factor, the equipment factor, through the SM2 algorithms based on segmentation module feature, generation electronic signature.SM2 algorithms wherein based on segmentation module feature are to ensure that any one is different in the user factor, random factor, the equipment factor and interference factor, all different algorithm of electronic signature.The present invention meets the domestic password standards of SM2, is calculated by being segmented mould, and the distributed arithmetic of mobile device and encryption device, improves the security of electronic signature.

Description

The electronic signature generation of SM2 based on segmentation module feature and verification method and device

Technical field

The present invention relates to mobile device security technology area, more particularly to a kind of electronics of the SM2 based on segmentation module feature Signature generation and verification method and device.

Background technology

With the rapid development and extensive use of development of Mobile Internet technology, intelligent mobile terminal progressively substitutes traditional PC, added Speed is penetrated into tradition application, turns into the main entrance of types of applications.Increasing user done shopping using mobile terminal, Transfer accounts, while more convenient service is enjoyed, incident safety issue also highlights user further therewith.

Traditional electronic signature product, is mostly based on U-shield etc..Existing electronic signature schemes, electronic signature are based on user Password and some random numbers etc. generate, and security is not high

The content of the invention

The purpose of the present invention is to improve the security of electronic signature.

According to an aspect of the invention, there is provided a kind of electronic signature generation method of the SM2 based on segmentation module feature, Methods described includes：

Obtain user's factor password, specific to user for generation electronic signature input based on user；

Obtain random factor；

Obtain user and input the equipment factor on the mobile device of password, specific to mobile device；

Based on user's factor, random factor, the equipment factor, through based on segmentation mould estimated performance based on segmentation model Property SM2 algorithms, generation electronic signature, wherein the SM2 algorithms based on segmentation module feature be ensure the user factor, random factor, Any one is different in the equipment factor, all different algorithm of electronic signature.

According to an aspect of the invention, there is provided a kind of electronic signature processing method of the SM2 based on segmentation module feature, Methods described includes：

The electronic signature of mobile device shield plug-in unit generation is received from mobile device shield plug-in unit, wherein the electronic signature from Mobile device shield plug-in unit end group in user for generation electronic signature input password specific to user user's factor, it is random because The equipment factor specific to mobile device that son, user are inputted on the mobile device of password, calculated through the SM2 based on segmentation module feature Method generates, and is used to scramble the interference factor that electronic signature is scrambled using acquisition；

The electronic signature is descrambled；

Electronic signature after descrambling is sent to authentication platform.

According to an aspect of the invention, there is provided a kind of electronic signature to be verified of the SM2 based on segmentation module feature is tested Card method, methods described include：

Obtain user's factor password, specific to user for checking electronic signature generation based on user；

Obtain in random factor being locally stored, locally generated when generation signs electronically；

Obtain user and input the equipment factor on the mobile device of password, specific to mobile device；

Based on user's factor, random factor, the equipment factor, through based on segmentation mould estimated performance based on segmentation model Property SM2 algorithms, generate electronic signature to be verified, wherein based on segmentation module feature SM2 algorithms be generation electronic signature when adopt SM2 algorithms based on segmentation module feature；

Electronic signature to be verified is sent to distributed cipher key machine, it is corresponding with electronic signature public to be forwarded to authentication platform Checking is compared in key the result.

According to an aspect of the invention, there is provided a kind of electronic signature to be verified of the SM2 based on segmentation module feature is tested Card method, methods described include：

Electronic signature to be verified is received from mobile device shield plug-in unit, the electronic signature to be verified is to be according to based on user Checking electronic signature generation it is password, specific to user user's factor, it is being locally stored, generate sign electronically when sheet Random factor caused by ground, user input the equipment factor on the mobile device of password, specific to mobile device, through based on point Section mould estimated performance based on segmentation module feature SM2 algorithms generation, and using acquisition be used for it is to be verified sign electronically into The interference factor of row scrambling is scrambled, wherein the SM2 algorithms based on segmentation module feature are the bases used during generation electronic signature In the SM2 algorithms of segmentation module feature；

The electronic signature to be verified is descrambled；

Electronic signature to be verified after descrambling is sent to authentication platform, tested to be compared with public key verifications result Card.

According to an aspect of the invention, there is provided a kind of electronic signature of the SM2 based on segmentation module feature generates equipment, The equipment includes：

For obtaining the dress based on user for user's factor password, specific to user of generation electronic signature input Put；

For obtaining the device of random factor；

The device of the equipment factor on the mobile device of password, specific to mobile device is inputted for obtaining user；

For based on user's factor, random factor, the equipment factor, through based on segmentation mould estimated performance based on segmentation The SM2 algorithms of module feature, generate the device of electronic signature, wherein the SM2 algorithms based on segmentation module feature be ensure the user factor, Any one is different in random factor, the equipment factor, all different algorithm of electronic signature.

According to an aspect of the invention, there is provided a kind of electronic signature processing equipment, the equipment include：

For the device for the electronic signature that the generation of mobile device shield plug-in unit is received from mobile device shield plug-in unit, wherein the electricity Son signature is in the user specific to user from mobile device shield plug-in unit end group in user for the password of generation electronic signature input The equipment factor specific to mobile device that the factor, random factor, user are inputted on the mobile device of password, through based on segmentation mould The SM2 algorithms generation based on segmentation module feature of estimated performance, and it is dry for what is scrambled to electronic signature using acquisition The factor is disturbed to be scrambled；

For to the device for signing electronically and being descrambled；

For the electronic signature after descrambling to be sent to the device of authentication platform.

According to an aspect of the invention, there is provided a kind of electronic signature to be verified of the SM2 based on segmentation module feature is tested Equipment is demonstrate,proved, the equipment includes：

For obtaining the dress based on user for user's factor password, specific to user of checking electronic signature generation Put；

For obtaining the device in random factor being locally stored, locally generated when generation signs electronically；

The device of the equipment factor on the mobile device of password, specific to mobile device is inputted for obtaining user；

For based on user's factor, random factor, the equipment factor, through based on segmentation mould estimated performance based on segmentation The SM2 algorithms of module feature, the device of electronic signature to be verified is generated, wherein the SM2 algorithms based on segmentation module feature are generation electricity The SM2 algorithms based on segmentation module feature used during son signature；

For sending electronic signature to be verified to distributed cipher key machine, so as to public key verifications result corresponding with electronic signature The device of checking is compared.

According to an aspect of the invention, there is provided a kind of electronic signature to be verified of the SM2 based on segmentation module feature is tested Equipment is demonstrate,proved, the equipment includes：

For receiving the device of electronic signature to be verified from mobile device shield plug-in unit, the electronic signature to be verified be according to Based on user for checking electronic signature generation it is password, specific to user user's factor, it is being locally stored, generation electricity Locally generated random factor during son signature, user input it is on the mobile device of password, specific to mobile device equipment because Son, generated through the SM2 algorithms based on segmentation module feature based on segmentation mould estimated performance, and utilize what is obtained to be used for to be verified The interference factor scrambled that signs electronically is scrambled, wherein the SM2 algorithms based on segmentation module feature are generation electronic signatures The Shi Caiyong SM2 algorithms based on segmentation module feature；

For the device descrambled to the electronic signature to be verified；

For the electronic signature to be verified after descrambling to be sent into authentication platform, so that public key corresponding with electronic signature is tested The device of checking is compared in card result.

Compared with prior art, the present invention has advantages below：Due to based on user's factor, the equipment factor, random factor Three orthogonal factor generation electronic signatures, these three factors are indispensable, and user's factor is not stored and grasped by user, The equipment factor is that mobile device is distinctive, is set on the mobile device that can only be bound when user generates and signed electronically, these three Aspect checks and balance, three factors one when these three factors must sign electronically with generation completely when verifying electronic signature Cause, can just be verified, greatly improve electronic signature security.Preferably, based on user's factor, random factor, equipment because Son, interference factor, generation electronic signature, wherein ensureing any one in user's factor, random factor, the equipment factor, interference factor Item is different, and electronic signature is all different.The present invention meets the domestic password standards of SM2, by be segmented mould calculate, and mobile device with The distributed arithmetic of encryption device, improve the security of electronic signature.

Further, since in the embodiment of the present invention, electronic signature uses interference protection mechanism, that is, passes through mobile device shield plug-in unit Electronic signature is scrambled, the distributed cipher key machine on backstage, which carries out descrambling, could recover electronic signature.Only distributed cipher key Machine could descramble.If the electronic signature of scrambling is intercepted by any third party, third party can not descramble recovery electronic signature. That is, using interference mechanism, each digital signature, it is required for mobile terminal, background key machine collective effect to complete, private key shields each other Cover, process pins down each other, indispensable, substantially increases the security of electronic signature.And distributed cipher key machine can only eliminate label Name interference component, that is, descramble, it is impossible to generate user's signature, can not replace user's signature, it is ensured that the secret of user's signature generation Property.

Brief description of the drawings

By reading the detailed description made to non-limiting example made with reference to the following drawings, of the invention is other Feature, objects and advantages will become more apparent upon：

Fig. 1 shows the electronic signature generation side of the SM2 according to an embodiment of the invention based on segmentation module feature Both-end interaction diagrams of the method between mobile device shield plug-in unit and distributed cipher key machine.

Fig. 2 shows the electronic signature to be verified of the SM2 according to an embodiment of the invention based on segmentation module feature Both-end interaction diagrams of the verification method between mobile device shield plug-in unit and distributed cipher key machine.

Fig. 3 show mobile device shield plug-in unit side according to an embodiment of the invention based on segmentation module feature The block diagram of SM2 electronic signature generation equipment.

Fig. 4 shows the SM2 based on segmentation module feature of distributed cipher key pusher side according to an embodiment of the invention Electronic signature processing equipment block diagram.

Fig. 5 show mobile device shield plug-in unit side according to an embodiment of the invention based on segmentation module feature The block diagram of SM2 electric signing verification equipment to be verified.

Fig. 6 shows the SM2 based on segmentation module feature of distributed cipher key pusher side according to an embodiment of the invention Electric signing verification equipment to be verified block diagram.

Embodiment

The present invention is described in further detail below in conjunction with the accompanying drawings.

Fig. 1 shows the electronic signature generation side of the SM2 according to an embodiment of the invention based on segmentation module feature Both-end interaction diagrams of the method between mobile device shield plug-in unit and distributed cipher key machine.SM2 be those skilled in the art all A kind of close algorithm of the state of solution.The electronic signature generation checking system of one embodiment of the application is inserted including mobile device shield Part, distributed cipher key machine and authentication platform.Mobile device shield plug-in unit is located on the mobile device of user, such as binding movement In the application of equipment.And distributed cipher key machine is located in background server, such as computer room.The two distributed collaboration computing, for Family provides electronic signature functionality.

By taking the electronic bank application on user's mobile device (such as mobile phone) as an example.Electronics of the user on mobile device is opened During Bank application (such as being installed to by downloading electronic bank application on mobile device), electronic bank application binding has a shifting Dynamic equipment shield plug-in unit, the plug-in unit is different from U-shield, and it is not individualism, but is bundled in the electronic bank application of installation, For cooperateing with computing with distributed cipher key machine in electronic signature generation and checking, the generation and checking of electronic signature are completed.Peace After filling electronic bank application, user needs to complete registration.User password is inputted in registration.User will remember the password, and Afterwards every time by input identical password when electronic bank application transacting business (such as transferring accounts).At this moment, mobile device Shield plug-in unit is according to the user's factor generated based on the user password, the random factor got and the equipment specific to mobile device The factor, generation electronic signature, and the distributed cipher key machine that backstage is issued after the factor scrambles using scrambling.Distributed cipher key machine is to this Authentication platform registration is issued after electronic signature descrambling.Needed after user by the electronic bank application transacting business (as turned Account) when, it is necessary to complete electronic signature verification process.Checking user can just handle the business, otherwise merchandise dangerous.At this moment, User needs to input the user password that oneself is inputted in registration.Mobile device shield plug-in unit is passed through with noting based on the user password User's factor identical algorithm is obtained during volume based on user password to obtain and identical user's factor during registration.User is in registration The random factor obtained during generation electronic signature is that fixation is stored in the mobile device of user, and therefore, movement is set The random factor that standby shield plug-in unit uses during can also getting the production electronic signature of storage.The equipment factor is specific for Mobile device, it can also be got by mobile device shield plug-in unit.The equipment factor now got is also with generating electronics label Identical during name.Therefore, now mobile device shield plug-in unit is generated based on user's factor now, random factor, the equipment factor Electronic signature to be verified should be also and generate the electronic signature identical that is generated during electronic signature.Mobile device shield plug-in unit should Distributed cipher key machine is dealt into after electronic signature scrambling to be verified, authentication platform is dealt into after being descrambled by distributed cipher key machine, with user Checking is compared in the electronic signature for being generated during registration and being registered in authentication platform.Theoretically, this it is to be verified electronic signature with The electronic signature for being generated during user's registration and being registered in authentication platform should be identical.Such as differ, then illustrate that user have input mistake What user password, user used by mistake is not to register the electronic signature of mobile device used or generation at the beginning or wait to recognize Card electronic signature is during transmission by illegally distorting.Due in the embodiment of the present invention, based on user's factor, equipment because Son, the generation electronic signature of the orthogonal factor of random factor three, these three factors are indispensable, user's factor do not store and Grasped by user, the equipment factor is that mobile device is distinctive, and these three factors check and balance, verify sign electronically when these three Three factors when the factor must sign electronically with generation completely are consistent, can just be verified so that let out even in user password Other people also are difficult to only be proved to be successful with user password when dew, greatly improve electronic signature security.Moreover, electronics Signature uses interference protection mechanism, i.e., electronic signature is scrambled by mobile device shield plug-in unit, the distributed cipher key on backstage Machine, which carries out descrambling, could recover electronic signature.Only distributed cipher key machine could descramble.If the electronic signature of scrambling is any Third party intercepts, and third party can not descramble recovery electronic signature and distributed cipher key machine can only eliminate signature interference component, i.e., Descrambling, it is impossible to generate user's signature, therefore the manager of distributed cipher key generator terminal can not also distort user's signature, this shifting privately The mode that dynamic equipment shield plug-in unit and distributed cipher key machine mutually pin down ensure that the privacy of user's signature generation.

Distributed cipher key machine is used to being engaged with mobile device shield plug-in unit completion electronic signature generation and authenticated on backstage Computing in journey, such as descramble.For example, the computer room of the subbranch of each bank sets a distributed cipher key machine, it is responsible for the subbranch The generation and checking of the electronic signature of all electronic bank applications correlation issued.

As shown in figure 1, one kind of mobile device shield plug-in unit side according to an embodiment of the invention is based on segmentation module feature SM2 electronic signature generation method include：

Step S110, user's factor password, specific to user for generation electronic signature input based on user is obtained；

Step S120, random factor is obtained；

Step S130, obtain user and input the equipment factor on the mobile device of password, specific to mobile device；

Step S140, based on user's factor, random factor, the equipment factor, through the base based on segmentation mould estimated performance In the SM2 algorithms of segmentation module feature, generation electronic signature, wherein the SM2 algorithms based on segmentation module feature be ensure the user factor, Any one is different in random factor, the equipment factor, all different algorithm of electronic signature.

These steps are described in detail below.

Step S110, user's factor password, specific to user for generation electronic signature input based on user is obtained.

In one embodiment, step S110 includes：

Obtain the password of user's input；

By password entry user's factor generating algorithm of acquisition, user's factor specific to user is obtained, wherein the use Family factor generating algorithm is to ensure that the password of input is different, all different algorithm of caused user's factor.

As it was previously stated, the password of user's input is user inputs user password in registration.Typically, in user's registration, With the interface of the application bound in mobile device shield plug-in unit user can be prompted to input user password.After user inputs the password, Mobile device shield plug-in unit just obtains the password.User will remember the password, and pass through electronic bank application every time afterwards Identical password is inputted during transacting business (such as transferring accounts).

User's factor generating algorithm is to ensure that the password of input is different, all different algorithm of caused user's factor. Moreover, when verifying electronic signature to be verified, same user's factor generating algorithm will also be used by producing electronic signature to be verified User's factor during generation checking.

User's factor is existing concept, is specific for the factor of user, such as different one with user's difference Number.The characteristics of user's factor generating algorithm is the password and value (user's factor) all unique correspondence of output of input, that is, is inputted Password it is different, caused user's factor is all different.It is currently known many algorithms and can be used for user's factor generating algorithm, therefore does not go to live in the household of one's in-laws on getting married State.

Step S120, random factor is obtained.

In one embodiment, step S120 includes：

Receive the hardware random number that distributed cipher key machine is sent；

In locally generated local random number；

The hardware random number is synthesized with the local random number, obtains random factor.

Random factor generally refers to the number randomly generated.

Random factor in the embodiment is divided into two parts.A part is hardware random number, is connect from distributed cipher key machine Receive what is come.Another part is local random number, is that mobile device shield plug-in unit is locally generated.The random factor is synthesized by two parts Benefit be, because the random factor part comes from distributed cipher key machine, even if mobile device shield plug-in unit is under attack, to attack The person of hitting also is only that can grasp locally generated random number；And the random factor some from local, even if distributed Key machine is under attack, is also only that part wherein from distributed cipher key machine is decoded, still can not steal entirely with The machine factor, improve the security of electronic signature generation.

Step S130, obtain user and input the equipment factor on the mobile device of password, specific to mobile device.

The equipment factor can be the device id or equipment factory serial number etc. that user is inputted on the mobile device of password, can also It is a number obtained from carrying out certain specific computing based on device id or equipment factory serial number etc..Device id on mobile device Or equipment factory serial number etc. can be stored in a certain ad-hoc location in the memory of mobile device.As long as mobile device shield plug-in unit is read The content for taking the opening position to store, it is possible to obtain device id or equipment factory serial number on mobile device etc..Certain is specifically transported It is known at last and fixed, same computing is just used during for any mobile device computing device factor.For example, should Specific computing is connected with equipment factory serial number after the device id XOR on mobile device.In general, the computing needs to have There is the one-to-one property of input and output, i.e., for different inputs, different output will necessarily be produced.

Step S140, based on user's factor, random factor, the equipment factor, calculated through the SM2 based on segmentation module feature Method, generation electronic signature, wherein the SM2 algorithms based on segmentation module feature are ensured in user's factor, random factor, the equipment factor Any one is different, all different algorithm of electronic signature.

The embodiment of the present invention is that the SM2 algorithms based on segmentation module feature are realized.SM2 is national Password Management office in 2010 The ellipse curve public key cipher algorithm of issue on December 17, in.In the embodiment of the present invention, the SM2 based on segmentation mould estimated performance is calculated Method has the one-to-one property of input and output, that is, ensures that any one is different in user's factor, random factor, the equipment factor, electronics label Name is all different.In the algorithm, iteration is distinguished by each section of orthogonal factor of user's factor, the hardware factor, random factor three Computing, it is not necessary to be assembled into partial data.

Preferably, iterative algorithm should be included based on SM2 algorithms of segmentation module feature, user's factor, the equipment factor, it is random because Son passes through iterative algorithm, it is not necessary to three factors are assembled into complete user's signature, are difficult to analyze from complete user's signature Three factors gone out before iteration, greatly improve the security of electronic signature.

Before step S140, in one embodiment, this method also includes：Step S135, obtain for electronics label The interference factor that name is scrambled.

Will sign electronically be sent to distributed cipher key machine before the effect that is scrambled of electronic signature is, prevent electricity Son signature is intercepted and revealed by third party.In the case of scrambling, technology electronic signature is intercepted by third party, due to third party not Know the interference factor of scrambling, still can not recover to sign electronically.That is, using interference mechanism, each digital signature, all need Mobile terminal, background key machine collective effect is wanted to complete, private key is shielded from one another, and process pins down each other, indispensable, substantially increases The security of electronic signature.And distributed cipher key machine can only eliminate signature interference component, that is, descramble, it is impossible to user's signature is generated, Ensure the privacy of user's signature generation.

In one embodiment, step S135 includes：

Receive the interference public key that distributed cipher key machine is sent；

Interference factor is determined according to the interference public key.

Interference public key, interference private key pair are provided with distributed cipher key machine.Public key, interference private key are disturbed to can be to each The generation and checking of electronic signature are all identical, but preferably public using different interference to the generation and checking that sign electronically every time Key, interference private key pair.Distributed cipher key machine will disturb public key to be sent to mobile device shield plug-in unit, for mobile device shield plug-in unit accordingly Determine interference factor.Distributed cipher key machine retains interference private key.Electronics in mobile device shield plug-in unit interference factor to generation After beaming back distributed cipher key machine after signature scrambling, distributed cipher key machine is descrambled with interference private key.Because interference private key is public with interference Key is corresponding, and distributed cipher key machine can descramble open the electronic signature of generation, even and if other equipment intercepts the electronics label Name, also because lacking interference private key, it can not be descrambled.

Interference factor is for number for being scrambled to the electronic signature of generation etc..Interference is determined according to the interference public key The factor produces algorithm often by predetermined interference factor.The interference factor, which produces algorithm, has the one-to-one property of input and output, i.e., Different output is produced for different inputs.Known many algorithms have the one-to-one property of input and output, can be used as interference because Son produces algorithm, therefore does not repeat.

After step s 140, methods described also includes：Step S145, using the interference factor of acquisition to the electronics of generation Signature is scrambled, the electronic signature after generation scrambling.

Scrambling belongs to prior art.There is electronics of the interference factor to generation that many scrambling algorithms can be utilized to acquisition Signature is scrambled, the electronic signature after generation scrambling, therefore is not repeated.

As shown in figure 1, in one embodiment, after step S145, methods described includes：Step S150, to distribution Formula key machine sends the electronic signature after scrambling.

The purpose for sending the electronic signature after scrambling to distributed cipher key machine is to enable distributed cipher key machine using interference Electronic signature after private key descrambling scrambling, so as to which the electronic signature of recovery is sent into authentication platform registration, to verify later Electronic signature to be verified.

As illustrated, in one embodiment, one kind according to an embodiment of the invention in distributed cipher key pusher side The electronic signature processing method of SM2 based on segmentation module feature includes：

Step S210, the electronic signature of mobile device shield plug-in unit generation is received from mobile device shield plug-in unit, wherein the electricity Son signature is in the user specific to user from mobile device shield plug-in unit end group in user for the password of generation electronic signature input The equipment factor specific to mobile device that the factor, random factor, user are inputted on the mobile device of password, through based on segmentation mould The SM2 algorithms generation of characteristic, and be used to scramble the interference factor that electronic signature is scrambled using acquisition；

Step S220, the electronic signature is descrambled；

Step S230, the electronic signature after descrambling is sent to authentication platform.

Electronic signature processing method refers to solve the electronic signature after the scrambling that receives from mobile device shield plug-in unit Processing, and the method for being sent to the electronic signature that authentication platform is registered as user such as disturb.

These steps are described in detail below.

Step S210, the electronic signature of mobile device shield plug-in unit generation is received from mobile device shield plug-in unit, wherein the electricity Son signature is in the user specific to user from mobile device shield plug-in unit end group in user for the password of generation electronic signature input The equipment factor specific to mobile device that the factor, random factor, user are inputted on the mobile device of password, through based on segmentation mould The SM2 algorithms generation of characteristic, and be used to scramble the interference factor that electronic signature is scrambled using acquisition.

The electronic signature is in the spy from mobile device shield plug-in unit end group in user for the password of generation electronic signature input Due to user's factor of user, random factor, user input password mobile device on the equipment specific to mobile device because Son, generated through the SM2 algorithms based on segmentation module feature, and utilize the interference factor for being used to scramble electronic signature of acquisition The process scrambled has been described above above in conjunction with step S110-S145, therefore repeats no more.

Step S220, the electronic signature is descrambled.

In one embodiment, in interference factor determined based on the interference public key for being sent to mobile device shield plug-in unit In the case of, described the step of descrambling to the electronic signature, includes：Electronic signature is descrambled with interference private key.

As it was previously stated, interference public key, interference private key pair are provided with distributed cipher key machine.Distributed cipher key machine will disturb public Key is sent to mobile device shield plug-in unit, and interference factor is determined therefrom that for mobile device shield plug-in unit.Distributed cipher key machine retains interference Private key.After distributed cipher key machine is beamed back after mobile device shield plug-in unit is scrambled with interference factor to the electronic signature of generation, distribution Formula key machine is descrambled with interference private key.Due to interference private key with disturb public key be corresponding, distributed cipher key machine can descramble out The electronic signature of generation, even and if other equipment intercepts the electronic signature, also because lack interference private key, it can not be solved Disturb.

Step S230, the electronic signature after descrambling is sent to authentication platform.

The purpose that electronic signature after descrambling is sent into authentication platform is the electronics registered as user in authentication platform Signature.When later user needs to use the application (such as electronic bank application) bound in mobile device shield plug-in unit to carry out some operation When, electronic signature to be verified is generated by aftermentioned mode, user when authentication platform signs electronically with generation is sent to and is registered in certification The electronic signature of platform is compared.Pass through checking if consistent.

As shown in Fig. 2 one kind of mobile device shield plug-in unit side according to an embodiment of the invention is based on segmentation module feature SM2 electric signing verification method to be verified include：

Step S310, user's factor password, specific to user for checking electronic signature generation based on user is obtained；

Step S320, obtain in random factor being locally stored, locally generated when generation signs electronically；

Step S330, obtain user and input the equipment factor on the mobile device of password, specific to mobile device；

Step S340, based on user's factor, random factor, the equipment factor, calculated through the SM2 based on segmentation module feature Method, generate electronic signature to be verified, wherein based on segmentation module feature SM2 algorithms be generation electronic signature when use based on point The SM2 algorithms of section module feature；

Step S350, electronic signature to be verified is sent to distributed cipher key machine, is tested to be forwarded to authentication platform with public key Checking is compared in card result.

These steps are described in detail below.

Step S310, user's factor password, specific to user for checking electronic signature generation based on user is obtained.

For example, user needs to be transferred accounts using the electronic bank application on mobile device, at this moment need to produce for user One electronic signature to be verified, is sent to authentication platform and is verified.

Under the prompting of the application interface bound in mobile device shield plug-in unit, user inputs user password.Mobile device shield Plug-in unit gets the user password, user's factor based on user password generation specific to user.Given birth to based on the user password It is consistent into user's factor specific to user and step S110, and identical algorithms are used, it so just can guarantee that electronic signature life Into the uniformity with checking.Difference with step S110 is that what this step obtained is the use for being used for electric signing verification The family factor, and caused by step S110 be one and be used for the user's factor generated that signs electronically.

Step S320, obtain in random factor being locally stored, locally generated when generation signs electronically.

Because random factor caused by the electronic signature in generation user has been stored in the storage of mobile device shield plug-in unit In device, therefore it can directly obtain the random factor.

Step S330, obtain user and input the equipment factor on the mobile device of password, specific to mobile device.

The mistake that user inputs the equipment factor on the mobile device of password, specific to mobile device is obtained in step S330 Journey with it is completely the same in step S130.Difference with step S130 is that the equipment factor obtained in step S130 is used for user The generation of electronic signature.The equipment factor obtained in step S330 is used for the checking of user's electronic signature.

Step S340, based on user's factor, random factor, the equipment factor, calculated through the SM2 based on segmentation module feature Method, generate electronic signature to be verified, wherein based on segmentation module feature SM2 algorithms be generation electronic signature when use based on point The SM2 algorithms of section module feature.

The step and step S140 are essentially identical.Unlike step S140, step S140 is to be based on being used for electronics label User's factor, random factor, the equipment factor of name generation sign electronically to generate, and this step is in for electric signing verification User's factor, random factor, the equipment factor generate electronic signature to be verified.

Step S350, electronic signature to be verified is sent to distributed cipher key machine, is tested to be forwarded to authentication platform with public key Checking is compared in card result.

The step and step S150 are essentially identical.Unlike step S150, step S150 is to send to generate for user Electronic signature, and this step be send generation electronic signature to be verified.

In one embodiment, before step S340, methods described also includes：Step S335 is obtained for to be verified Sign electronically the interference factor scrambled.

The step and step S135 are essentially identical.Unlike step S135, step S135 is to obtain to be used for generation The interference factor that is scrambled of electronic signature, and step S335 be obtain be used for it is to be verified sign electronically scrambled it is dry Disturb the factor.

After step S340, methods described also includes：Step S345, using the interference factor of acquisition to the to be tested of generation Card electronic signature is scrambled, the electronic signature to be verified after generation scrambling.

The step and step S145 are essentially identical.Unlike step S145, step S145 is to utilize the interference obtained The electronic signature that factor pair generates when being user's registration is scrambled, the electronic signature after generation scrambling.Step S345 is to utilize The interference factor of acquisition needs to use the electronic signature to be verified generated during the function of application to scramble to user, generation scrambling Electronic signature to be verified afterwards.

Now, step S350 includes：The electronic signature to be verified after scrambling is sent to distributed cipher key machine, so as to distribution Authentication platform is forwarded to after key machine descrambling, and checking is compared with public key verifications result.

As shown in Fig. 2 the electronic signature to be verified according to an embodiment of the invention in distributed cipher key pusher side is tested Card method includes：

Step S410, receive electronic signature to be verified from mobile device shield plug-in unit, the electronic signature to be verified be according to Based on user for checking electronic signature generation it is password, specific to user user's factor, it is being locally stored, generation electricity Locally generated random factor during son signature, user input it is on the mobile device of password, specific to mobile device equipment because Son, generated through the SM2 algorithms based on segmentation module feature, and be used to do to what electronic signature to be verified was scrambled using acquisition Disturb the factor to be scrambled, wherein the SM2 algorithms based on segmentation module feature are used during generation electronic signature based on segmentation model The SM2 algorithms of property；

Step S420, the electronic signature to be verified is descrambled；

Step S430, the electronic signature to be verified after descrambling is sent to authentication platform, to enter with public key verifications result Row comparison.

These steps are described in detail below.

Step S410, receive electronic signature to be verified from mobile device shield plug-in unit, the electronic signature to be verified be according to Based on user for checking electronic signature generation it is password, specific to user user's factor, it is being locally stored, generation electricity Locally generated random factor during son signature, user input it is on the mobile device of password, specific to mobile device equipment because Son, generated through the SM2 algorithms based on segmentation module feature, and be used to do to what electronic signature to be verified was scrambled using acquisition Disturb the factor to be scrambled, wherein the SM2 algorithms based on segmentation module feature are used during generation electronic signature based on segmentation model The SM2 algorithms of property.

The electronic signature to be verified is the password, specific to user of checking electronic signature generation according to based on user User's factor, it is being locally stored, generate sign electronically when locally generated random factor, user input the movement of password and set The standby equipment factor upper, specific to mobile device, generated through the SM2 algorithms based on segmentation module feature, and utilize the use obtained In the process that the interference factor scrambled to electronic signature to be verified is scrambled as shown in step S310-S345.

Step S420, the electronic signature to be verified is descrambled.

In one embodiment, in interference factor determined based on the interference public key for being sent to mobile device shield plug-in unit In the case of, step S420 includes：

Electronic signature to be verified is descrambled with interference private key.

Step S430, the electronic signature to be verified after descrambling is sent to authentication platform, to enter with public key verifications result Row comparison.

After electronic signature to be verified after descrambling is sent into authentication platform, if descrambling after electronic signature to be verified with User is consistent in the electronic signature that authentication platform is registered during generation electronic signature, then is verified.Do not pass through conversely, then verifying.

As shown in figure 3, one kind of mobile device shield plug-in unit side according to an embodiment of the invention is based on segmentation module feature SM2 electronic signature generation equipment 3 include：

For obtaining the device based on user for user's factor password, specific to user of generation electronic signature input (lower referred to as " user's factor acquisition device is used in generation electronic signature ") 301；

For obtaining the device (lower referred to as " generation electronic signature random factor acquisition device ") 302 of random factor；

Inputted for obtaining user on the mobile device of password, the equipment factor specific to mobile device device (under Referred to as " generation electronic signature equipment factor acquisition device ") 303；

For based on user's factor, random factor, the equipment factor, through the SM2 algorithms based on segmentation module feature, generating The device (lower to be referred to as " electronic signature generating means ") 304 of electronic signature.

These devices are described in detail below.

In one embodiment, generation electronic signature is used for user's factor acquisition device 301：

Obtain the password of user's input；

By password entry user's factor generating algorithm of acquisition, user's factor specific to user is obtained, wherein the use Family factor generating algorithm is to ensure that the password of input is different, all different algorithm of caused user's factor.

As it was previously stated, the password of user's input is user inputs user password in registration.Typically, in user's registration, With the interface of the application bound in mobile device shield plug-in unit user can be prompted to input user password.After user inputs the password, Mobile device shield plug-in unit just obtains the password.User will remember the password, and pass through electronic bank application every time afterwards Identical password is inputted during transacting business (such as transferring accounts).

User's factor generating algorithm is to ensure that the password of input is different, all different algorithm of caused user's factor. Moreover, when verifying electronic signature to be verified, same user's factor generating algorithm will also be used by producing electronic signature to be verified User's factor during generation checking.

User's factor is existing concept, is specific for the factor of user, such as different one with user's difference Number.The characteristics of user's factor generating algorithm is the password and value (user's factor) all unique correspondence of output of input, that is, is inputted Password it is different, caused user's factor is all different.It is currently known many algorithms and can be used for user's factor generating algorithm, therefore does not go to live in the household of one's in-laws on getting married State.

In one embodiment, electronic signature random factor acquisition device 302 is generated to be used for：

Receive the hardware random number that distributed cipher key machine is sent；

In locally generated local random number；

The hardware random number is synthesized with the local random number, obtains random factor.

Random factor generally refers to the number randomly generated.

Random factor in the embodiment is divided into two parts.A part is hardware random number, is connect from distributed cipher key machine Receive what is come.Another part is local random number, is that mobile device shield plug-in unit is locally generated.The random factor is synthesized by two parts Benefit be, because the random factor part comes from distributed cipher key machine, even if mobile device shield plug-in unit is under attack, to attack The person of hitting also is only that can grasp locally generated random number；And the random factor some from local, even if distributed Key machine is under attack, is also only that part wherein from distributed cipher key machine is decoded, still can not steal entirely with The machine factor, improve the security of electronic signature generation.

Generation electronic signature equipment factor acquisition device 303 is used to obtain the equipment factor.The equipment factor can be used Device id or equipment factory serial number etc. on the mobile device of family input password or based on device id or equipment factory serial number etc. A number obtained from carrying out certain specific computing.Device id or equipment factory serial number on mobile device etc. can be stored in shifting A certain ad-hoc location in the memory of dynamic equipment.As long as mobile device shield plug-in unit reads the content of opening position storage, so that it may To obtain device id or equipment factory serial number on mobile device etc..Certain specific computing is known, and fixed, for Same computing is just used during any mobile device computing device factor.For example, the specific computing is setting on mobile device Connected after standby ID XORs with equipment factory serial number.In general, the computing is needed with the one-to-one property of input and output, i.e., for not Same input, will necessarily produce different output.

The generating means 304 that sign electronically are based on user's factor, random factor, the equipment factor, through based on segmentation model Property SM2 algorithms, generation electronic signature, wherein the SM2 algorithms based on segmentation module feature be ensure the user factor, random factor, Any one is different in the equipment factor, all different algorithm of electronic signature.

SM2 algorithms based on segmentation module feature have the one-to-one property of input and output, that is, ensure the user factor, random factor, Any one is different in the equipment factor, and electronic signature is all different.Known many algorithms have the one-to-one property of input and output, Ke Yiyong Make the SM2 algorithms based on segmentation module feature.This part does not repeat herein.

Preferably, iterative algorithm should be included based on SM2 algorithms of segmentation module feature, user's factor, the equipment factor, it is random because Son passes through iterative algorithm, it is not necessary to three factors are assembled into complete user's signature, are difficult to analyze from complete user's signature Three factors gone out before iteration, greatly improve the security of electronic signature.

In one embodiment, the equipment also includes：For generating electronics through the SM2 algorithms based on segmentation module feature Before signature, the device for obtaining the interference factor for being scrambled to electronic signature is (lower referred to as " to generate electronic signature scrambling to use Interference factor acquisition device ", do not show in figure).

Will sign electronically be sent to distributed cipher key machine before the effect that is scrambled of electronic signature is, prevent electricity Son signature is intercepted and revealed by third party.In the case of scrambling, technology electronic signature is intercepted by third party, due to third party not Know the interference factor of scrambling, still can not recover to sign electronically.That is, using interference mechanism, each digital signature, all need Mobile terminal, background key machine collective effect is wanted to complete, private key is shielded from one another, and process pins down each other, indispensable, substantially increases The security of electronic signature.And distributed cipher key machine can only eliminate signature interference component, that is, descramble, it is impossible to user's signature is generated, Ensure the privacy of user's signature generation.

Generation electronic signature scrambling is used for interference factor acquisition device：

Receive the interference public key that distributed cipher key machine is sent；

Interference factor is determined according to the interference public key.

Interference public key, interference private key pair are provided with distributed cipher key machine.Public key, interference private key are disturbed to can be to each The generation and checking of electronic signature are all identical, but preferably public using different interference to the generation and checking that sign electronically every time Key, interference private key pair.Distributed cipher key machine will disturb public key to be sent to mobile device shield plug-in unit, for mobile device shield plug-in unit accordingly Determine interference factor.Distributed cipher key machine retains interference private key.Electronics in mobile device shield plug-in unit interference factor to generation After beaming back distributed cipher key machine after signature scrambling, distributed cipher key machine is descrambled with interference private key.Because interference private key is public with interference Key is corresponding, and distributed cipher key machine can descramble open the electronic signature of generation, even and if other equipment intercepts the electronics label Name, also because lacking interference private key, it can not be descrambled.

Interference factor is for number for being scrambled to the electronic signature of generation etc..Interference is determined according to the interference public key The factor produces algorithm often by predetermined interference factor.The interference factor, which produces algorithm, has the one-to-one property of input and output, i.e., Different output is produced for different inputs.Known many algorithms have the one-to-one property of input and output, can be used as interference because Son produces algorithm, therefore does not repeat.

In one embodiment, the equipment also includes：For generating electronics through the SM2 algorithms based on segmentation module feature After signature, scrambled using electronic signature of the interference factor of acquisition to generation, the dress of the electronic signature after generation scrambling Put (not shown).

Scrambling belongs to prior art.There is electronics of the interference factor to generation that many scrambling algorithms can be utilized to acquisition Signature is scrambled, the electronic signature after generation scrambling, therefore is not repeated.

In one embodiment, the equipment also includes：

For sending the device (not shown) of the electronic signature after scrambling to distributed cipher key machine.

As shown in figure 4, in one embodiment, one kind according to an embodiment of the invention in distributed cipher key pusher side The electronic signature processing equipment 4 of SM2 based on segmentation module feature includes：

The device of electronic signature for receiving the generation of mobile device shield plug-in unit from mobile device shield plug-in unit is (lower referred to as " raw Into electronic signature reception device ") 401, wherein the electronic signature is electric for generation in user from mobile device shield plug-in unit end group The spy inputted specific to user's factor of user, random factor, user on the mobile device of password of the password of son signature input Due to the equipment factor of mobile device, generated through the SM2 algorithms based on segmentation module feature, and utilize what is obtained to be used for electronics label The interference factor that name is scrambled is scrambled；

For to the device (lower referred to as " generation electronic signature descrambler ") 402 for signing electronically and being descrambled；

For the electronic signature after descrambling to be sent to device (lower referred to as " the descrambling electronic signature transmission dress of authentication platform Put ") 403.

These devices are described in detail below.

Generation electronic signature reception device 401 is used for the electricity that the generation of mobile device shield plug-in unit is received from mobile device shield plug-in unit Son signature, wherein the electronic signature is generating the password of electronic signature input from mobile device shield plug-in unit end group in user The equipment specific to mobile device inputted specific to user's factor of user, random factor, user on the mobile device of password The factor, generated through the SM2 algorithms based on segmentation module feature, and using acquisition be used for the interference that is scrambled of electronic signature because Son is scrambled.

The electronic signature is in the spy from mobile device shield plug-in unit end group in user for the password of generation electronic signature input Due to user's factor of user, random factor, user input password mobile device on the equipment specific to mobile device because Son, generated through the SM2 algorithms based on segmentation module feature, and utilize the interference factor for being used to scramble electronic signature of acquisition The process scrambled has been described above above in conjunction with step S110-S145, therefore repeats no more.

Generation electronic signature descrambler 402 is used for the device for signing electronically and being descrambled.

In one embodiment, in interference factor determined based on the interference public key for being sent to mobile device shield plug-in unit In the case of, generation electronic signature descrambler 402 is used for：

Electronic signature is descrambled with interference private key.

As it was previously stated, interference public key, interference private key pair are provided with distributed cipher key machine.Distributed cipher key machine will disturb public Key is sent to mobile device shield plug-in unit, and interference factor is determined therefrom that for mobile device shield plug-in unit.Distributed cipher key machine retains interference Private key.After distributed cipher key machine is beamed back after mobile device shield plug-in unit is scrambled with interference factor to the electronic signature of generation, distribution Formula key machine is descrambled with interference private key.Due to interference private key with disturb public key be corresponding, distributed cipher key machine can descramble out The electronic signature of generation, even and if other equipment intercepts the electronic signature, also because lack interference private key, it can not be solved Disturb.

Descrambling electronic signature dispensing device 403 is used to the electronic signature after descrambling being sent to authentication platform.

The purpose that electronic signature after descrambling is sent into authentication platform is the electronics registered as user in authentication platform Signature.When later user needs to use the application (such as electronic bank application) bound in mobile device shield plug-in unit to carry out some operation When, electronic signature to be verified is generated by aftermentioned mode, user when authentication platform signs electronically with generation is sent to and is registered in certification The electronic signature of platform is compared.Pass through checking if consistent.

As shown in figure 5, one kind of mobile device shield plug-in unit side according to an embodiment of the invention is based on segmentation module feature SM2 electric signing verification equipment 5 to be verified include：

For obtaining the device based on user for user's factor password, specific to user of checking electronic signature generation (lower referred to as " user's factor acquisition device is used in checking electronic signature ") 501；

For obtaining device (the lower abbreviation in random factor being locally stored, locally generated when generation signs electronically " checking electronic signature random factor acquisition device ") 502；

Inputted for obtaining user on the mobile device of password, the equipment factor specific to mobile device device (under Referred to as " checking electronic signature equipment factor acquisition device ") 503；

For based on user's factor, random factor, the equipment factor, through the SM2 algorithms based on segmentation module feature, generating The device (lower abbreviation " electronic signature generating means to be verified ") 504 of electronic signature to be verified, wherein based on segmentation module feature SM2 algorithms are the SM2 algorithms based on segmentation module feature used during generation electronic signature；

For sending electronic signature to be verified to distributed cipher key machine, to be forwarded to authentication platform and public key verifications result The device (lower abbreviation " electronic signature dispensing device to be verified ") 505 of checking is compared.

These devices are described in detail below.

It is checking electronic signature generation that checking electronic signature is used to obtain based on user with user's factor acquisition device 501 Password, user's factor specific to user.

For example, user needs to be transferred accounts using the electronic bank application on mobile device, at this moment need to produce for user One electronic signature to be verified, is sent to authentication platform and is verified.

Under the prompting of the application interface bound in mobile device shield plug-in unit, user inputs user password.Mobile device shield Plug-in unit gets the user password, user's factor based on user password generation specific to user.Given birth to based on the user password It is consistent into user's factor specific to user and device 301, and identical algorithms are used, it so just can guarantee that electronic signature generation With the uniformity of checking.Difference with device 301 is, that the present apparatus obtains is a user for being used for electric signing verification because Son, and caused by device 301 be one and be used for the user's factor generated that signs electronically.

Verify electronic signature random factor acquisition device 502 be used to obtaining it is being locally stored, sign electronically in generation When locally generated random factor.

Because random factor caused by the electronic signature in generation user has been stored in the storage of mobile device shield plug-in unit In device, therefore it can directly obtain the random factor.

On mobile device of the checking electronic signature equipment factor acquisition device 503 for obtaining user's input password, Specific to the equipment factor of mobile device.

The process that user inputs the equipment factor on the mobile device of password, specific to mobile device is obtained in this device With it is completely the same in device 303.Difference with device 303 is that the equipment factor obtained in device 303 is used for user's electronics label The generation of name.The equipment factor obtained in the present apparatus is used for the checking of electronic signature to be verified.

Electronic signature generating means 504 to be verified are used for based on user's factor, random factor, the equipment factor, through base In the SM2 algorithms of segmentation module feature, electronic signature to be verified is generated, wherein the SM2 algorithms based on segmentation module feature are generation electricity The SM2 algorithms based on segmentation module feature used during son signature.

The device and device 304 are essentially identical.Unlike device 304, device 304 is to be based on being used for the life that signs electronically Into user's factor, random factor, the equipment factor generate electronic signature, and the present apparatus is in the use for electric signing verification The family factor, random factor, the equipment factor generate electronic signature to be verified.

Electronic signature dispensing device 505 to be verified is used to send electronic signature to be verified to distributed cipher key machine, to turn It is dealt into authentication platform and checking is compared with public key verifications result.

In one embodiment, the equipment also includes：For to be tested through the SM2 algorithms generation based on segmentation module feature Before card electronic signature, obtain for the device (not shown) to the interference factor to be verified for signing electronically and being scrambled.

In one embodiment, the equipment also includes：For to be tested through the SM2 algorithms generation based on segmentation module feature After card electronic signature, scrambled using to be verified electronic signature of the interference factor of acquisition to generation, after generation scrambling The device (not shown) of electronic signature to be verified.

In one embodiment, electronic signature dispensing device 505 to be verified is used for：

The electronic signature to be verified after scrambling is sent to distributed cipher key machine, is forwarded to after descrambling so as to distributed cipher key machine Checking is compared with public key verifications result in authentication platform.

As shown in fig. 6, it is according to an embodiment of the invention in distributed cipher key pusher side based on segmentation module feature SM2 electric signing verification equipment 6 to be verified includes：

For the device from mobile device shield plug-in unit reception electronic signature to be verified, (lower referred to as " electronic signature to be verified connects Receiving apparatus) 601, it is described it is to be verified electronic signature be according to based on user for checking electronic signature generation it is password, specific to User's factor of user, it is being locally stored, generate sign electronically when locally generated random factor, user input password The equipment factor on mobile device, specific to mobile device, generated through the SM2 algorithms based on segmentation module feature, and utilize and obtain What is taken is used to scramble the interference factor that electronic signature to be verified is scrambled, wherein the SM2 based on segmentation module feature is calculated Method is the SM2 algorithms based on segmentation module feature used during generation electronic signature；

For to device (lower referred to as " the electronic signature descrambling dress to be verified to be verified that descrambled of signing electronically Put ") 602；

For the electronic signature to be verified after descrambling to be sent into authentication platform, to be compared with public key verifications result The device (lower abbreviation " electronic signature dispensing device to be verified after descrambling ") 603 of checking.

These devices are described in detail below.

Electronic signature reception device 601 to be verified is used to receive electronic signature to be verified from mobile device shield plug-in unit, described It is to be verified electronic signature be according to based on user for checking electronic signature generation it is password, specific to user user's factor, Inputted in random factor being locally stored, locally generated when generation signs electronically, user on the mobile device of password, special Due to the equipment factor of mobile device, generated through the SM2 algorithms based on segmentation module feature, and utilize what is obtained to be used for to be verified The interference factor scrambled that signs electronically is scrambled, wherein the SM2 algorithms based on segmentation module feature are generation electronic signatures The Shi Caiyong SM2 algorithms based on segmentation module feature.

The electronic signature to be verified is the password, specific to user of checking electronic signature generation according to based on user User's factor, it is being locally stored, generate sign electronically when locally generated random factor, user input the movement of password and set The standby equipment factor upper, specific to mobile device, generated through the SM2 algorithms based on segmentation module feature, and utilize the use obtained In the process that the interference factor scrambled to electronic signature to be verified is scrambled as shown in step S310-S345.

Electronic signature descrambler 602 to be verified is used to descramble the electronic signature to be verified.

In one embodiment, the electronic signature descrambler 602 to be verified is used for：It is based on transmission in interference factor To mobile device shield plug-in unit interference public key determine in the case of, with interference private key to it is to be verified electronic signature descramble.

Electronic signature dispensing device 603 to be verified is used to the electronic signature to be verified after descrambling being sent to certification after descrambling Platform, so as to which checking is compared with public key verifications result.

After electronic signature to be verified after descrambling is sent into authentication platform, if descrambling after electronic signature to be verified with User is consistent in the electronic signature that authentication platform is registered during generation electronic signature, then is verified.Do not pass through conversely, then verifying.

Wherein, the method according to the invention is realized by the device being contained in computer equipment.The computer is set It is standby to be carried out numerical computations automatically according to the instruction for being previously set or storing and/or the electronics of information processing is set including a kind of Standby, its hardware includes but is not limited to microprocessor, application specific integrated circuit (ASIC), programmable gate array (FPGA), digital processing Device (DSP), embedded device etc..The computer equipment includes the network equipment and/or user equipment.Wherein, the network is set For including but not limited to single network server, the server group of multiple webservers composition or based on cloud computing (CloudComputing) the cloud being made up of a large amount of main frames or the webserver, wherein, cloud computing is the one of Distributed Calculation Kind, a super virtual computer being made up of the computer collection of a group loose couplings.The user equipment includes but is not limited to Any one can carry out the electricity of man-machine interaction with user by modes such as keyboard, mouse, remote control, touch pad or voice-operated devices Sub- product, for example, personal computer, tablet personal computer, smart mobile phone, PDA, game machine or IPTV etc..Wherein, the user sets Network residing for the standby and network equipment includes but is not limited to internet, wide area network, Metropolitan Area Network (MAN), LAN, VPN etc..

It should be noted that the user equipment, the network equipment and network are only for example, other are existing or from now on may be used Can occur user equipment, the network equipment and network be such as applicable to the present invention, also should be included in the scope of the present invention with It is interior, and be incorporated herein by reference.

The software program of the present invention can realize steps described above or function by computing device.Similarly, originally The software program (including related data structure) of invention can be stored in computer readable recording medium storing program for performing, for example, RAM is deposited Reservoir, magnetically or optically driver or floppy disc and similar devices.In addition, some steps or function of the present invention can employ hardware to reality It is existing, for example, coordinating as with processor so as to perform the circuit of each function or step.

In addition, the part of the present invention can be applied to computer program product, such as computer program instructions, when its quilt When computer performs, by the operation of the computer, the method according to the invention and/or technical scheme can be called or provided. And the programmed instruction of the method for the present invention is called, it is possibly stored in fixed or moveable recording medium, and/or pass through Broadcast or the data flow in other signal bearing medias and be transmitted, and/or be stored according to described program instruction operation In the working storage of computer equipment.Here, including a device according to one embodiment of present invention, the device includes using Memory in storage computer program instructions and processor for execute program instructions, wherein, when the computer program refers to When order is by the computing device, method and/or skill of the plant running based on foregoing multiple embodiments according to the present invention are triggered Art scheme.

It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended power Profit requires rather than described above limits, it is intended that all in the implication and scope of the equivalency of claim by falling Change is included in the present invention.Any reference in claim should not be considered as to the involved claim of limitation.This Outside, it is clear that the word of " comprising " one is not excluded for other units or step, and odd number is not excluded for plural number.That is stated in system claims is multiple Unit or device can also be realized by a unit or device by software or hardware.The first, the second grade word is used for table Show title, and be not offered as any specific order.

Although above specifically shown and describe exemplary embodiment, it will be understood to those of skill in the art that It is that in the case of the spirit and scope without departing substantially from claims, can be varied from terms of its form and details.Here Sought protection illustrates in the dependent claims.

Claims (24)

1. a kind of electronic signature generation method of the SM2 based on segmentation module feature, it is characterised in that methods described includes：

Obtain user's factor password, specific to user for generation electronic signature input based on user；

Obtain random factor；

Obtain user and input the equipment factor on the mobile device of password, specific to mobile device；

Based on user's factor, random factor and the equipment factor, through the SM2 algorithms based on segmentation module feature, electronics label are generated Name, wherein the SM2 algorithms based on segmentation module feature are to ensure that any one is not in the user factor, random factor and the equipment factor Together, sign electronically all different algorithms；

It is described obtain based on user for generation electronic signature input it is password, specific to user user's factor the step of wrap Include：

Obtain the password of user's input；

By password entry user's factor generating algorithm of acquisition, obtain user's factor specific to user, wherein the user because Sub- generating algorithm is to ensure that the password of input is different, all different algorithm of caused user's factor.

2. according to the method for claim 1, it is characterised in that generating electronics through the SM2 algorithms based on segmentation module feature Before the step of signature, methods described also includes：Obtain the interference factor for being scrambled to electronic signature；

After the step of generating electronic signature through the SM2 algorithms based on segmentation module feature, methods described also includes：Utilize acquisition Electronic signature of the interference factor to generation scramble, the electronic signature after generation scrambling.

3. according to the method for claim 2, it is characterised in that after the electronic signature after generation scrambles, methods described Also include：

The electronic signature after scrambling is sent to distributed cipher key machine.

4. according to the method for claim 1, it is characterised in that described the step of obtaining random factor includes：

Receive the hardware random number that distributed cipher key machine is sent；

In locally generated local random number；

The hardware random number is synthesized with the local random number, obtains random factor.

5. according to the method for claim 2, it is characterised in that the interference obtained for being scrambled to electronic signature The step of factor, includes：

Receive the interference public key that distributed cipher key machine is sent；

Interference factor is determined according to the interference public key.

6. a kind of electronic signature processing method of the SM2 based on segmentation module feature, it is characterised in that methods described includes：

The electronic signature of mobile device shield plug-in unit generation is received from mobile device shield plug-in unit, wherein the electronic signature is from movement User's factor, random based on user for the password of generation electronic signature input specific to user that equipment shield plug-in unit end obtains The equipment factor specific to mobile device that the factor and user are inputted on the mobile device of password, through based on segmentation module feature The generation of SM2 algorithms, and be used to scramble the interference factor that electronic signature is scrambled using acquisition；

The electronic signature is descrambled；

Electronic signature after descrambling is sent to authentication platform；

Obtain based on user for generation electronic signature input password specific to user user's factor the step of include：

Obtain the password of user's input；

By password entry user's factor generating algorithm of acquisition, obtain user's factor specific to user, wherein the user because Sub- generating algorithm is to ensure that the password of input is different, all different algorithm of caused user's factor.

7. according to the method for claim 6, it is characterised in that in interference factor be based on being sent to mobile device shield plug-in unit Interference public key determine in the case of, it is described to it is described electronic signature descramble the step of include：

Electronic signature is descrambled with interference private key.

A kind of 8. electric signing verification method to be verified of the SM2 based on segmentation module feature, it is characterised in that methods described bag Include：

Obtain user's factor password, specific to user for checking electronic signature generation based on user；

Obtain in random factor being locally stored, locally generated when generation signs electronically；

Obtain user and input the equipment factor on the mobile device of password, specific to mobile device；

It is to be verified through the SM2 algorithms based on segmentation module feature, generation based on user's factor, random factor and the equipment factor Electronic signature, wherein the SM2 algorithms based on segmentation module feature are the SM2 based on segmentation module feature used during generation electronic signature Algorithm；

Electronic signature to be verified is sent to distributed cipher key machine, is tested to be forwarded to authentication platform with the corresponding public key of electronic signature Checking is compared in card result；

It is described obtain based on user for checking electronic signature input it is password, specific to user user's factor the step of wrap Include：

Obtain the password of user's input；

By password entry user's factor generating algorithm of acquisition, obtain user's factor specific to user, wherein the user because Sub- generating algorithm is to ensure that the password of input is different, all different algorithm of caused user's factor.

9. according to the method for claim 8, it is characterised in that to be tested through the SM2 algorithms generation based on segmentation module feature Before the step of card electronic signature, methods described also includes：Obtain for it is to be verified sign electronically the interference that is scrambled because Son；

After the step of generating electronic signature to be verified through the SM2 algorithms based on segmentation module feature, methods described also includes：Profit Scrambled with to be verified electronic signature of the interference factor of acquisition to generation, the electronic signature to be verified after generation scrambling.

10. according to the method for claim 9, it is characterised in that described to send electronics label to be verified to distributed cipher key machine Name, include to be forwarded to the step of checking is compared with public key verifications result corresponding to electronic signature in authentication platform：

The electronic signature to be verified after scrambling is sent to distributed cipher key machine, certification is forwarded to after descrambling so as to distributed cipher key machine Checking is compared with public key verifications result in platform.

A kind of 11. electric signing verification method to be verified of the SM2 based on segmentation module feature, it is characterised in that methods described bag Include：

Electronic signature to be verified is received from mobile device shield plug-in unit, the electronic signature to be verified is inserted according to from mobile device shield Part end obtain based on user for checking electronic signature generation password specific to user's factor of user, what is be locally stored Generate sign electronically when locally generated random factor and user input on the mobile device of password specific to mobile device The equipment factor, through based on segmentation module feature SM2 algorithms generate, and using acquisition be used for it is to be verified sign electronically into The interference factor of row scrambling is scrambled, wherein the SM2 algorithms based on segmentation module feature are the bases used during generation electronic signature In the SM2 algorithms of segmentation module feature；

The electronic signature to be verified is descrambled；

Electronic signature to be verified after descrambling is sent to authentication platform, so that public key verifications result corresponding with electronic signature is entered Row comparison；

Obtain based on user for verify it is described electronic signature generation password specific to user user's factor the step of include：

Obtain the password of user's input；

By password entry user's factor generating algorithm of acquisition, obtain user's factor specific to user, wherein the user because Sub- generating algorithm is to ensure that the password of input is different, all different algorithm of caused user's factor.

12. according to the method for claim 11, it is characterised in that in interference factor inserted based on being sent to mobile device shield In the case that the interference public key of part is determined, described the step of descrambling to the electronic signature to be verified, includes：

Electronic signature to be verified is descrambled with interference private key.

13. a kind of electronic signature of the SM2 based on segmentation module feature generates equipment, it is characterised in that the equipment includes：

For obtaining the device based on user for user's factor password, specific to user of generation electronic signature input；

For obtaining the device of random factor；

The device of the equipment factor on the mobile device of password, specific to mobile device is inputted for obtaining user；

For based on user's factor, random factor and the equipment factor, through the SM2 algorithms based on segmentation module feature, generating electricity The device of son signature, wherein the SM2 algorithms based on segmentation module feature are to ensure to appoint in user's factor, random factor and the equipment factor What difference, all different algorithm of electronic signature；

The device for obtaining user's factor password, specific to user inputted based on user for generation electronic signature is used In：

Obtain the password of user's input；

By password entry user's factor generating algorithm of acquisition, obtain user's factor specific to user, wherein the user because Sub- generating algorithm is to ensure that the password of input is different, all different algorithm of caused user's factor.

14. equipment according to claim 13, it is characterised in that the equipment also includes：

For before through the SM2 algorithms generation electronic signature based on segmentation module feature, obtaining for adding to electronic signature The device for the interference factor disturbed；

After being signed electronically in SM2 algorithm generation of the warp based on segmentation module feature, using the interference factor of acquisition to generation Electronic signature scrambled, generation scrambling after electronic signature device.

15. equipment according to claim 13, it is characterised in that the equipment also includes：

For sending the device of the electronic signature after scrambling to distributed cipher key machine.

16. equipment according to claim 13, it is characterised in that the device for obtaining random factor is used for：

Receive the hardware random number that distributed cipher key machine is sent；

In locally generated local random number；

The hardware random number is synthesized with the local random number, obtains random factor.

17. equipment according to claim 14, it is characterised in that described obtain is done for what is scrambled to electronic signature The device for disturbing the factor is used for：

Receive the interference public key that distributed cipher key machine is sent；

Interference factor is determined according to the interference public key.

18. a kind of electronic signature processing equipment of the SM2 based on segmentation module feature, it is characterised in that the equipment includes：

For the device for the electronic signature that the generation of mobile device shield plug-in unit is received from mobile device shield plug-in unit, wherein the electronics label Name is the use specific to user based on user for the password of generation electronic signature input obtained from mobile device shield plug-in unit end The equipment factor specific to mobile device that the family factor, random factor and user are inputted on the mobile device of password, through based on point The SM2 algorithms generation of section module feature, and be used to scramble the interference factor that electronic signature is scrambled using acquisition；

For to the device for signing electronically and being descrambled；

For the electronic signature after descrambling to be sent to the device of authentication platform；

Obtain and be used for based on user for the device of user's factor specific to user of the password of generation electronic signature input：

Obtain the password of user's input；

By password entry user's factor generating algorithm of acquisition, obtain user's factor specific to user, wherein the user because Sub- generating algorithm is to ensure that the password of input is different, all different algorithm of caused user's factor.

19. equipment according to claim 18, it is characterised in that in interference factor inserted based on being sent to mobile device shield In the case that the interference public key of part is determined, the device descrambled to the electronic signature is used for：

Electronic signature is descrambled with interference private key.

A kind of 20. electric signing verification equipment to be verified of the SM2 based on segmentation module feature, it is characterised in that the equipment bag Include：

For obtaining the device based on user for user's factor password, specific to user of checking electronic signature generation；

For obtaining the device in random factor being locally stored, locally generated when generation signs electronically；

The device of the equipment factor on the mobile device of password, specific to mobile device is inputted for obtaining user；

For based on user's factor, random factor and the equipment factor, through the SM2 algorithms based on segmentation module feature, generation to be treated The device of electronic signature is verified, wherein the SM2 algorithms based on segmentation module feature are used during generation electronic signature based on segmentation The SM2 algorithms of module feature；

It is corresponding with electronic signature public to be forwarded to authentication platform for sending electronic signature to be verified to distributed cipher key machine The device of checking is compared in key the result；

Obtain and be used for based on user for the device of user's factor password, specific to user of checking electronic signature generation：

Obtain the password of user's input；

By password entry user's factor generating algorithm of acquisition, obtain user's factor specific to user, wherein the user because Sub- generating algorithm is to ensure that the password of input is different, all different algorithm of caused user's factor.

21. equipment according to claim 20, it is characterised in that the equipment also includes：

For before electronic signature to be verified is generated through the SM2 algorithms based on segmentation module feature, obtaining for electricity to be verified The device for the interference factor that son signature is scrambled；

For after electronic signature to be verified is generated through the SM2 algorithms based on segmentation module feature, utilizing the interference factor of acquisition Electronic signature to be verified to generation scrambles, the device of the electronic signature to be verified after generation scrambling.

22. equipment according to claim 21, it is characterised in that described to send electronics label to be verified to distributed cipher key machine Name, the device that checking is compared to be forwarded to authentication platform with public key verifications result corresponding to electronic signature are used for：

The electronic signature to be verified after scrambling is sent to distributed cipher key machine, certification is forwarded to after descrambling so as to distributed cipher key machine Checking is compared with public key verifications result in platform.

A kind of 23. electric signing verification equipment to be verified of the SM2 based on segmentation module feature, it is characterised in that the equipment bag Include：

For receiving the device of electronic signature to be verified from mobile device shield plug-in unit, the electronic signature to be verified is according to from shifting Dynamic equipment shield plug-in unit end obtain based on user for the password of checking electronic signature generation specific to user user's factor, The random factor locally generated when generating electronic signature being locally stored and user input specific on the mobile device of password In the equipment factor of mobile device, generated through the SM2 algorithms based on segmentation module feature, and utilize what is obtained to be used for to be verified The interference factor scrambled that signs electronically is scrambled, wherein the SM2 algorithms based on segmentation module feature are generation electronic signatures The Shi Caiyong SM2 algorithms based on segmentation module feature；

For the device descrambled to the electronic signature to be verified；

For the electronic signature to be verified after descrambling to be sent into authentication platform, so as to public key verifications knot corresponding with electronic signature The device of checking is compared in fruit；

Obtain and be used for based on user for the device of user's factor specific to user of the password of checking electronic signature generation：

Obtain the password of user's input；

By password entry user's factor generating algorithm of acquisition, obtain user's factor specific to user, wherein the user because Sub- generating algorithm is to ensure that the password of input is different, all different algorithm of caused user's factor.

24. equipment according to claim 23, it is characterised in that described to be descrambled to be verified sign electronically Device is used for：In the case where interference factor is determined based on the interference public key for being sent to mobile device shield plug-in unit, with interference Private key descrambles to electronic signature to be verified.