CN106059773A - Digital signature method and system - Google Patents
Digital signature method and system Download PDFInfo
- Publication number
- CN106059773A CN106059773A CN201610370198.1A CN201610370198A CN106059773A CN 106059773 A CN106059773 A CN 106059773A CN 201610370198 A CN201610370198 A CN 201610370198A CN 106059773 A CN106059773 A CN 106059773A
- Authority
- CN
- China
- Prior art keywords
- signature
- terminal
- intelligent terminal
- transaction information
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
Abstract
The present invention provides a digital signature method and system, and relates to the field of the safety verification. The method provided by the invention is configured to perform abstract calculation of the transaction information prior to the transaction information display so as to allow a smart terminal and a signature terminal to respectively calculate the feature information of the transaction information and allow the smart terminal and the signature terminal to display the feature information instead of plaintext transaction information. Even though a hacker only modifies little content in the transaction information, the calculated feature information can have great change to allow users to visually and accurately determine that the transaction information is tampered, and the users do not should perform digital signature so as to ensure that the users can timely find that the hacker tampers the transaction information and cannot have loss.
Description
Technical field
The present invention relates to safety verification field, in particular to digital signature method and system.
Background technology
Along with the development of Internet technology, electronic information interaction technique has been obtained for popularizing.From the angle of information content,
It is to express the information of certain implication that the information of transmission can be divided into two kinds, a kind, and another kind is then fund.Not
Opinion is the mutual of which kind of information, before the information of carrying out is mutual, typically each needs the confirmation of informant, carries with guarantee information
The information security of donor.The when that information being mutual, transmission is virtual information (data), and the confirmation of informant is then logical
Cross what the mode of digital signature realized.General digital signature flow process is as follows:
1, smart machine (such as user mobile phone) receives/generates Transaction Information;
2, smart machine display Transaction Information;
3, user checks the correctness of the Transaction Information shown by smart machine, if correctly, then operation smart machine will
Transaction Information is sent to digital signature device (usual smart machine is separate with digital signature device)
4, user's check figures signature device is received, and the Transaction Information shown is the most correct;
5, if the judged result of step 3 is yes, then user operation digital signature device generates digital signature;
6, the digital signature of generation is sent to smart machine by digital signature device, and smart machine just can be according to connecing afterwards
The digital signature received carries out subsequent transaction process, as digital signature being supplied to Net silver center, and Net silver central authentication numeral label
Entitled very after, just transfer accounts according to Transaction Information.
In said process, the groundwork that user is done is step 2 and 3, and the process of concrete verification Transaction Information is, intelligence
The details of Transaction Information are first shown on the display screen of self by equipment, also can show afterwards on digital signature device
Going out the main contents of Transaction Information, user just can check whether the information shown on smart machine is correct, and
Transaction Information out shown by Transaction Information out shown by verification smart machine and digital signature device is the most identical.
But said process exists certain leak, as hacker can implant trojan horse program, then, step in smart machine
Information shown by rapid 2 is still normal information, user after carrying out confirmation, perform step 3, now smart machine to
The content that digital signature device sends is through distorting, but the content generally distorted is little, as address information " ABCD " changed
For distorting of " ABCB " this kind little scope, and the symbol before and after distorting is very much like, and user is generally difficult to notice the thinnest
Little change, and then, after being confirmed by digital signature device, will transfer accounts the people to mistake by fund.
To sum up, due to current being digitally signed when, signature process is the most rigorous, causes transaction errors.
Summary of the invention
It is an object of the invention to provide digital signature method and system, to improve the accuracy of digital signature.
First aspect, embodiments provides digital signature method, including:
The Transaction Information got in advance is sent by intelligent terminal to signature apparatus;
Intelligent terminal uses the first default digest algorithm to calculate the fisrt feature information of Transaction Information, and shows that first is special
Reference ceases;
Signature terminal uses the second digest algorithm preset to calculate the second feature information of Transaction Information, and shows that second is special
Reference ceases;Wherein, the first digest algorithm and the second digest algorithm are identical;
If signature terminal receives confirmation instruction, then it is digitally signed according to Transaction Information, to generate signed data;
Signed data is sent by signature terminal to intelligent terminal.
In conjunction with first aspect, embodiments provide the first possible embodiment of first aspect, wherein, step
The fisrt feature information that rapid intelligent terminal uses the first default digest algorithm to calculate Transaction Information includes:
Intelligent terminal uses the first default digest algorithm to calculate the first summary info of Transaction Information;
Intelligent terminal extracts characteristic, and the characteristic that will extract from multiple positions of summary info respectively
Composition fisrt feature information.
In conjunction with first aspect, embodiments provide the embodiment that the second of first aspect is possible, wherein, step
Rapid intelligent terminal extracts characteristic from multiple positions of summary info respectively, and the characteristic composition that will extract
One characteristic information includes:
Intelligent terminal is by the byte of predetermined figure in the first summary info, to 10 deliverys, obtains feature numeral;
Intelligent terminal is from the beginning of the byte corresponding to feature numeral, and order extracts the byte of predetermined quantity as characteristic number
According to;
The characteristic that intelligent terminal will extract, to 10 deliverys, calculates fisrt feature information.
In conjunction with first aspect, embodiments provide the third possible embodiment of first aspect, wherein,
The total bit of one characteristic information meets claimed below:
6 < X < 10, wherein, X is the total bit of fisrt feature information.
In conjunction with first aspect, embodiments provide the 4th kind of possible embodiment of first aspect, wherein,
Step signature terminal is digitally signed according to Transaction Information, also to include before generating signed data:
Intelligent terminal obtains the first PIN code of user's input;
First PIN code is sent by intelligent terminal to signature terminal;
Whether signature terminal authentication the first PIN code meets preset requirement;
If the first PIN code meets preset requirement, then signature terminal generates and is digitally signed key used.
In conjunction with first aspect, embodiments provide the 5th kind of possible embodiment of first aspect, wherein, also
Including:
If receiving multiple first PIN code in the scheduled time, and the first PIN code received in the scheduled time does not all meet
Preset requirement, then stop performing whether step signature terminal authentication the first PIN code meets preset requirement.
In conjunction with first aspect, embodiments provide the 6th kind of possible embodiment of first aspect, wherein, step
Rapid signature terminal is digitally signed according to Transaction Information, before generating signed data, also includes:
Intelligent terminal obtains the second PIN code of user's input;
Second PIN code is sent by intelligent terminal to signature terminal;
Whether signature terminal authentication the second PIN code meets preset requirement;
If the second PIN code meets preset requirement, and signature terminal receives confirmation instruction, then signature terminal is according to transaction letter
Breath is digitally signed.
In conjunction with first aspect, embodiments provide the 7th kind of possible embodiment of first aspect, wherein, step
The Transaction Information got in advance is sent to signature apparatus and includes by rapid intelligent terminal:
Intelligent terminal is connected/radio frequency connection by the bluetooth set up with signature terminal in advance, sends transaction to signature terminal
Information;
Or, intelligent terminal, by the contact contact arranged in signature terminal, sends Transaction Information to signature terminal.
In conjunction with first aspect, embodiments provide the 8th kind of possible embodiment of first aspect, wherein, also
Including:
If in the scheduled time that signature terminal is after display second feature information, do not receive confirmation instruction, then terminate working as
Front flow process.
Second aspect, the embodiment of the present invention additionally provides digital signature system, including: intelligent terminal and signature terminal, intelligence
Terminal can include the first sending module, the first computing module and the first display module;Signature terminal include the second computing module, the
Two display modules, signature blocks and the second sending module;
Sending module, sends to signature apparatus for the Transaction Information that will get in advance;
First computing module, for using the first default digest algorithm to calculate the fisrt feature information of Transaction Information;
First display module, is used for showing fisrt feature information;
Second computing module, for using the second default digest algorithm to calculate the second feature information of Transaction Information;Its
In, the first digest algorithm and the second digest algorithm are identical;
Second display module, is used for showing second feature information;
Signature blocks, if receiving confirmation instruction, then for being digitally signed according to Transaction Information, to generate number of signature
According to;
Second sending module, for sending signed data to intelligent terminal.
The embodiment of the present invention provide digital signature method, use condition code verification mode, with of the prior art
The when of verification, intelligent terminal and signature apparatus all can cause when having at the plaintext of its display screen display Transaction Information
After hacker implants wooden horse in intelligent terminal so that plaintext shown on signature apparatus and the upper shown plaintext of intelligent terminal
Having a small amount of difference, user, in the case of not going through, can cause the knot that the Transaction Information to mistake is digitally signed
Really, incur loss and compare in final utilization family, and it is by, before display Transaction Information, first carrying out digest calculations to Transaction Information, enter
And make intelligent terminal and signature terminal calculate the characteristic information of Transaction Information respectively, and on intelligent terminal and signature terminal
Shown is characteristic information rather than Transaction Information in plain text.Even if hacker only have modified a small amount of content in Transaction Information,
The characteristic information calculated also can change a lot, and this allows for user can the most intuitively and accurately determine transaction letter
Breath is through distorting, and now, user the most should not be digitally signed, and then ensure that user will not incur loss.
For making the above-mentioned purpose of the present invention, feature and advantage to become apparent, preferred embodiment cited below particularly, and coordinate
Appended accompanying drawing, is described in detail below.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, below by embodiment required use attached
Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, and it is right to be therefore not construed as
The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to according to this
A little accompanying drawings obtain other relevant accompanying drawings.
Fig. 1 shows the basic flow sheet of the digital signature method that the embodiment of the present invention provided;
Fig. 2 shows the basic framework figure of the digital signature system that the embodiment of the present invention provided.
Detailed description of the invention
Below in conjunction with accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Ground describes, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Generally exist
Can arrange and design with various different configurations with the assembly of the embodiment of the present invention that illustrates described in accompanying drawing herein.Cause
This, be not intended to limit claimed invention to the detailed description of the embodiments of the invention provided in the accompanying drawings below
Scope, but it is merely representative of the selected embodiment of the present invention.Based on embodiments of the invention, those skilled in the art are not doing
The every other embodiment obtained on the premise of going out creative work, broadly falls into the scope of protection of the invention.
Digital signature technology can improve the convenient degree of life of user, follows the also network that digital signature technology rises
Authorization technique, e-Bank payment technology etc..Wherein, e-Bank payment technology has been obtained for promoting on a large scale, and at some
Instead of on field and paid in cash.E-Bank payment of a great variety, common such as POS payment, Alipay payment etc..But
Whether which kind of means of payment, its technological core is all digital signature (authorization).Below, with regard in correlation technique the one of appearance
As e-Bank payment flow process illustrate.
The early stage of development of e-Bank payment, the general safety using intelligent code key to ensure transaction, i.e. pass through intelligent cipher
Key carries out certificate login and digital signature identification to customer transaction, it is ensured that the safety of transaction.Its workflow is as follows:
1, intelligent code key is inserted computer by user, and opens the application program in computer;
2, application program accesses cipher key, points out user to input PIN code (personal authentication code) on computer screen;
3, the personal authentication code that application program inputs user, it is sent to cipher key;
4, the PIN code that user is inputted by cipher key and the PIN code being pre-stored in cipher key are checked, as the most then
Think that user passes through verification, if inconsistent, termination process;
5, after the PIN code of user's input is by the verification of cipher key, then user obtains authority, can allow active user
The certificate stored in using cipher key and key, and then start network bank business;
6, when user starts network bank business, application program is by Transaction Information (letter as basic in dealing money, both parties etc.
Breath) it is sent to cipher key, Transaction Information is signed by cipher key, and is returned by the Transaction Information carrying digital signature
To application program, the Transaction Information carrying digital signature is sent Net silver platform, last Net silver platform validation number by application program
After word signature is legal, complete this time to conclude the business according to the content of Transaction Information.
Generally, cipher key is kept properly by user oneself, and only one, therefore said method is permissible
Ensure the safety of customer transaction to a certain extent, if other people do not have cipher key, be to use application program to steal
User resources.
But above method is the most leaky, after user finishes transaction, may forget cipher key and computer/mobile phone etc.
Equipment disconnects, if at this moment there is trojan horse program on these equipment, these trojan horse programs then can with the operation of analog subscriber,
Operation application and cipher key, it is achieved other transaction, transfer the fund in user account.
In order to solve problem above, occur in that the cipher key of the second filial generation, the cipher key of the most visual key type, this
Kind cipher key is with button and display screen, and when user transacts business when, Transaction Information is issued cipher key by application program,
At this moment cipher key calculates digital signature the most at once, but is shown on the display screen by Transaction Information, waits user
Key response, if user presses acknowledgement key, digital signature is calculated in cipher key just accounting, and then digital signature returns to application
Program.
Visible, the cipher key of visual key type, the attack of trojan horse can be taken precautions against to a certain extent, but there is also
Leak.Although the operational risk forgetting to disconnect after user has used cipher key can be prevented effectively from, but at process of exchange
In, trojan horse program still is possible to change Transaction Information, and as demonstrated on the screen of cipher key, being different from user confirms
Information, if the at this moment half-hearted content checked shown by screen of user, then user press confirmation button after, trojan horse program
Still can obtain black digital signature.Especially when trojan horse program is only to individual malapropism, or the when that symbol being modified (as
" wait " and changed " marquis " into), user's more difficult discovery mistake.
For this kind of situation, this application provides digital signature method, as it is shown in figure 1, comprise the steps:
S101, the Transaction Information got in advance is sent by intelligent terminal to signature apparatus;
S102, intelligent terminal uses the first default digest algorithm to calculate the fisrt feature information of Transaction Information, and shows
Fisrt feature information;
S103, signature terminal uses the second digest algorithm preset to calculate the second feature information of Transaction Information, and shows
Second feature information;Wherein, the first digest algorithm and the second digest algorithm are identical;
S104, if signature terminal receives confirmation instruction, is then digitally signed according to Transaction Information, to generate number of signature
According to;
S105, signed data is sent by signature terminal to intelligent terminal.
In step S101, intelligent terminal refers to such as the smart machine such as mobile phone, POS.Friendship accessed by intelligent terminal
Easily information can be that network-side (such as Net silver center, other intelligent terminal) is sent to, it is also possible to is that intelligent terminal is according to net
The content that network end is sent is locally generated, and the source of Transaction Information is not limited by the application.It is digitally signed
Job demand is completed by terminal of signing, thus, intelligent terminal, after getting Transaction Information, needs to be supplied to hand over to signature terminal
Easily information, the plaintext remaining Transaction Information herein sent.
In step S102, intelligent terminal is except being sent to sign in addition to terminal by Transaction Information in plain text, in addition it is also necessary to calculate just
The information checked, i.e. characteristic information is carried out in user.In view of verification convenience, algorithm as used herein should summary
Algorithm, i.e. intelligent terminal need to calculate the summary info of Transaction Information, and then use the whole of summary info, or a part is made
For fisrt feature information.After generating fisrt feature information, signature terminal needs to show in intelligence this fisrt feature information
On the display of energy terminal, in order to user checks.
In step S103, signature terminal needs to use the digest algorithm identical with intelligent terminal to calculate second feature letter
Breath, and this second feature information is shown on its display screen, in order to user checks.
Due to the characteristic of digest algorithm, even if hacker only have modified a small amount of content in Transaction Information, pass through digest algorithm
The summary calculated also has the biggest difference.And then, the first digest algorithm and the second digest algorithm identical (refer to calculate public affairs
Formula, calculating process are identical) in the case of, if the Transaction Information that intelligent terminal carries out digest calculations is carried out with signature terminal
The Transaction Information of digest calculations different (being result in the two Transaction Information by hacker's amendment different), then the two spy finally drawn
Reference breath is just very different, and user is very easy to find the difference of two characteristic informations.Wherein, the first digest algorithm and second is plucked
Algorithm is wanted to be set in advance in intelligent terminal and signature terminal inner, as believable third party can be had to complete digest algorithm
Write.Owing to digest algorithm is non-reversible algorithm, i.e. can not derive calculating process by result of calculation, therefore its confidentiality is also
It is preferable.
Except above-mentioned respectively at intelligent terminal and the display screen display characteristic information of signature terminal, also should in intelligence eventually
End, and/or the plaintext of the display screen display Transaction Information of signature terminal, in order to user, to checking in plain text, shows bright
The mode of literary composition belongs to the mode that all can use in digital signature procedure, does not the most do too much explanation.If it is it should be noted that main
Want it is considered that reduce the problem of verification risk, in method provided herein, preferably in signature terminal and intelligent terminal
All show the plaintext of Transaction Information;If primary concern is that the problem reducing signature terminal complexity, provided herein
In method, preferably shown whole plaintexts of Transaction Information by intelligent terminal, by the main contents of signature terminal demonstration Transaction Information
(such as dealing money, remittance account and sender information etc.), or signature terminal do not shows any of Transaction Information in plain text
Content.
After intelligent terminal and signature terminal show characteristic information respectively, user can check the two characteristic information
The most identical, and by user to signature terminal input validation instruction.In step S104, signature terminal have received confirmation instruction
Afterwards, just in a general manner Transaction Information can be digitally signed, and then generate signed data, terminal of signing afterwards
Signed data is sent to intelligent terminal, all tasks of signature terminal can be completed.Subsequent step collects, and intelligent terminal needs
Signed data being sent to Net silver center check, if this signed data is true, then Net silver center can be according to Transaction Information
In content transfer accounts.
The verification using characteristic information replaces the verification of cleartext information, it is possible to the workload of minimizing user's verification (believe by feature
The quantity of breath is far fewer than the quantity of cleartext information), it is also possible to two characteristic information differences when, it is evident that sent out by user
Existing.
In order to improve the effect of characteristic information verification, it is also possible to the calculating process of characteristic information is optimized further,
It is identical owing to intelligent terminal and signature terminal calculate the process of characteristic information, only intelligent terminal is carried out characteristic information herein
The process calculated carries out refining explanation.
That is, step S102, intelligent terminal uses the first default digest algorithm to calculate the fisrt feature information of Transaction Information,
Can be made up of following two steps:
11, intelligent terminal uses the first default digest algorithm to calculate the first summary info of Transaction Information;
12, intelligent terminal extracts characteristic, and the feature that will extract from multiple positions of summary info respectively
Data composition fisrt feature information.
It is, characteristic information is not the whole of summary info, and a part for simply summary info, the most just can
Reduce the workload of user's verification further.Concrete, calculating summary info when, intelligent terminal can be only to transaction letter
Main information (such as remitter address, account and money transfer amount etc.) in breath carries out calculating rather than complete in Transaction Information
Portion's information calculates.So can not only reduce the workload of user's verification, additionally it is possible to the relative fullness of guarantee information.
In step 12, the summary info as calculated has 100 bytes, then the characteristic extracted can be continuous print
The byte of 10-20 position;Can also be discrete the 10th, 20,30,40 ... wait the byte on position.
Further, step 12 can be made up of following steps:
121, intelligent terminal is by the byte of predetermined figure in the first summary info, to 10 deliverys, obtains feature numeral;
122, intelligent terminal is from the beginning of the byte corresponding to feature numeral, and order extracts the byte of predetermined quantity as spy
Levy data;
123, the characteristic that intelligent terminal will extract, to 10 deliverys, calculate fisrt feature information.
Wherein, the byte in precalculated position can be manually set, such as first character joint, the 25th byte.As calculated
Feature numeral be 9, then in 122 steps, intelligent terminal should from the 9th byte start order extract predetermined quantity (such as 8-
12) byte, as characteristic.The mode of this kind of continuous extraction is it can be avoided that the low probability extracting at random and causing is overlapping
Problem.
Step 123 afterwards, the characteristic that extraction is obtained, to 10 deliverys, calculate fisrt feature information.Consider
Very few to the characteristic information figure place calculated, then can reduce the function of its verification, figure place is too much, then user can be caused to need to spend
The substantial amounts of time compares, and therefore, in method provided herein, the total bit of fisrt feature information meets following wanting
Asking: 6 < X < 10, wherein, X is the total bit of fisrt feature information.
The process of above-mentioned calculating fisrt feature information is identical, the most no longer with the process calculating second feature information
The optimization step of second feature information is illustrated.
Except using the verification of characteristic information to replace the verification of Transaction Information in plain text, in method provided herein,
Signature terminal is operated by user when, also add the function of veritification.It is embodied in two aspects, first aspect
Be signature terminal generate digital signature used key when, need to carry out the checking of PIN code;Second aspect is signature
Terminal, before performing digital signature, needs to carry out PIN code checking.The two aspect serves guarantee signature terminal not respectively
Can be tampered easily and use, and then ensure the transaction security of user.Wherein, key herein refers to cipher key pair
Private key (is encrypted), the PKI corresponding to this private key be can derive (PKI is typically to be sent to the authentication mechanisms such as CA, go system
Make digital certificate), to be supplied to the mechanisms such as the host computer of needs, Net silver center.Generally, private key is stored in signature dress
In the safety chip put, and cannot be modified, private key cannot be exported forever, and PKI then can be derived arbitrarily.
Below to first aspect, i.e. the process of the key used when generating digital signature is illustrated, this kind of situation
Under, signature terminal is not have input keyboard, and it can only be that intelligent terminal is sent to that signature terminal obtains the approach of PIN code
, thus now, the process carrying out key generation comprises the steps:
User operation intelligent terminal, initiates to reset/generate the request of key to signature terminal;
User operation intelligent terminal inputs PIN code set in advance, the i.e. first PIN code;
Intelligent terminal obtains the first PIN code of user's input;
First PIN code is sent by intelligent terminal to signature terminal;
Whether signature terminal authentication the first PIN code meets preset requirement;
If the first PIN code meets preset requirement, then signature terminal generates and is digitally signed key used.
Having two states when of generating key, the first state is to have there are key, the second in signature terminal
It it is the most not key in signature terminal.The when of the first state, when having new key to generate when, then terminal of signing
Can automatically use new key to replace on the key originally just existed, and storage therein and generate new key, replacement
The time of primary key, and the old key originally existed is deleted;The when of the second state, the most directly use newly-generated close
Key is as the key being digitally signed in subsequent process.
Certainly, hacker may use repeatedly the mode of trial and error to control terminal of signing, in order to ensure the peace of signature terminal
Entirely, it should increase safety protecting mechanism for signature terminal, it may be assumed that
If receiving multiple first PIN code in the scheduled time, and the first PIN code received in the scheduled time does not all meet
Preset requirement, then stop performing whether step signature terminal authentication the first PIN code meets preset requirement.
That is, when receiving multiple first PIN code, and each PIN code different from the PIN code that this locality prestores time
Wait, just should stop the function of PIN code verification.
Below to second aspect, i.e. signature terminal, before performing digital signature, needs the process carrying out PIN code checking to enter
Row explanation.Same, in the case of this kind, signature terminal is not have input keyboard, and signature terminal only obtains the approach of PIN code
Can be that intelligent terminal is sent to, thus now, the process carrying out key generation comprises the steps:
Intelligent terminal obtains the second PIN code of user's input;
Second PIN code is sent by intelligent terminal to signature terminal;
Whether signature terminal authentication the second PIN code meets preset requirement;
If the second PIN code meets preset requirement, and signature terminal receives confirmation instruction, then signature terminal is according to transaction letter
Breath is digitally signed.
Wherein, after confirming that instruction is the confirmation button that user passes through in pressing signature terminal end surface, signature terminal generate
's.It is, of course, also possible to the surface configuration in signature terminal cancels button, when user presses cancellation button when, the most eventually
Fluid stopping journey.
The situation of termination process also has another kind, is the scheduled time after signature terminal demonstration second feature information
In (such as 10 seconds), never receive confirmation instruction, then will be understood that user has been moved off, now should also be as terminating currently flowing
Journey.
Further, in the method that the application provides, the Transaction Information got in advance is filled by step intelligent terminal to signature
Putting transmission can be there to be the following two kinds concrete implementation mode:
The first, intelligent terminal is connected/radio frequency connection by the bluetooth set up with signature terminal in advance, sends out to signature terminal
Send Transaction Information;
The second, intelligent terminal, by the contact contact arranged in signature terminal, sends Transaction Information to signature terminal.
Wherein, contact contact is provided on the surface of signature terminal.And, when intelligent terminal by bluetooth/radio frequency with
After signature terminal is attached, signature apparatus is just automatically stopped and carries out data interaction by contact contact with the external world.When intelligence is whole
Holding after being attached with signature terminal by contact contact, signature apparatus is just automatically stopped and is carried out with the external world by bluetooth/radio frequency
Data interaction.
Corresponding with digital signature method, the embodiment of the present application additionally provides digital signature system, as in figure 2 it is shown, bag
Include: intelligent terminal and signature terminal, intelligent terminal includes the first sending module, the first computing module and the first display module;Sign
Name terminal includes the second computing module, the second display module, signature blocks and the second sending module;
Sending module, sends to signature apparatus for the Transaction Information that will get in advance;
First computing module, for using the first default digest algorithm to calculate the fisrt feature information of Transaction Information;
First display module, is used for showing fisrt feature information;
Second computing module, for using the second default digest algorithm to calculate the second feature information of Transaction Information;Its
In, the first digest algorithm and the second digest algorithm are identical;
Second display module, is used for showing second feature information;
Signature blocks, if receiving confirmation instruction, then for being digitally signed according to Transaction Information, to generate number of signature
According to;
Second sending module, for sending signed data to intelligent terminal.
Those skilled in the art is it can be understood that arrive, for convenience and simplicity of description, the system of foregoing description,
The specific works process of device and unit, is referred to the corresponding process in preceding method embodiment, does not repeats them here.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method, permissible
Realize by another way.Device embodiment described above is only schematically, such as, and the division of described unit,
Being only a kind of logic function to divide, actual can have other dividing mode when realizing, and the most such as, multiple unit or assembly can
To combine or to be desirably integrated into another system, or some features can be ignored, or does not performs.Another point, shown or beg for
The coupling each other of opinion or direct-coupling or communication connection can be indirect by some communication interfaces, device or unit
Coupling or communication connection, can be electrical, machinery or other form.
The described unit illustrated as separating component can be or may not be physically separate, shows as unit
The parts shown can be or may not be physical location, i.e. may be located at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected according to the actual needs to realize the mesh of the present embodiment scheme
's.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to two or more unit are integrated in a unit.
If described function is using the form realization of SFU software functional unit and as independent production marketing or use, permissible
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is the most in other words
The part contributing prior art or the part of this technical scheme can embody with the form of software product, this meter
Calculation machine software product is stored in a storage medium, including some instructions with so that a computer equipment (can be individual
People's computer, server, or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.
And aforesaid storage medium includes: USB flash disk, portable hard drive, read only memory (ROM, Read-Only Memory), random access memory are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic disc or CD.
The above, the only detailed description of the invention of the present invention, but protection scope of the present invention is not limited thereto, and any
Those familiar with the art, in the technical scope that the invention discloses, can readily occur in change or replace, should contain
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should described be as the criterion with scope of the claims.
Claims (10)
1. digital signature method, it is characterised in that including:
The Transaction Information got in advance is sent by intelligent terminal to signature apparatus;
Intelligent terminal uses default first digest algorithm to calculate the fisrt feature information of described Transaction Information, and shows described the
One characteristic information;
Signature terminal uses the second digest algorithm preset to calculate the second feature information of described Transaction Information, and shows described the
Two characteristic informations;Wherein, described first digest algorithm is identical with described second digest algorithm;
If signature terminal receives confirmation instruction, then it is digitally signed according to described Transaction Information, to generate signed data;
Described signed data is sent by signature terminal to described intelligent terminal.
Method the most according to claim 1, it is characterised in that intelligent terminal described in step uses the first default summary to calculate
Method calculates the fisrt feature information of described Transaction Information and includes:
Intelligent terminal uses the first default digest algorithm to calculate the first summary info of described Transaction Information;
Intelligent terminal extracts characteristic from multiple positions of described summary info respectively, and by the described feature extracted
Data composition fisrt feature information.
Method the most according to claim 2, it is characterised in that intelligent terminal described in step is multiple from described summary info
Position extracts characteristic respectively, and the described characteristic extracted composition fisrt feature information is included:
Intelligent terminal is by the byte of predetermined figure in described first summary info, to 10 deliverys, obtains feature numeral;
Intelligent terminal is from the beginning of the byte corresponding to described feature numeral, and order extracts the byte of predetermined quantity as characteristic number
According to;
Intelligent terminal is by the described characteristic extracted, and to 10 deliverys, calculates described fisrt feature information.
Method the most according to claim 3, it is characterised in that the total bit of described fisrt feature information meets following wanting
Ask:
6 < X < 10, wherein, X is the total bit of described fisrt feature information.
Method the most according to claim 1, it is characterised in that in step signature terminal according to described Transaction Information number
Word is signed, also to include before generating signed data:
Intelligent terminal obtains the first PIN code of user's input;
Described first PIN code is sent by intelligent terminal to signature terminal;
Whether the first PIN code described in signature terminal authentication meets preset requirement;
If described first PIN code meets preset requirement, then signature terminal generates the key carried out used by described digital signature.
Method the most according to claim 5, it is characterised in that also include:
If receiving multiple first PIN code in the scheduled time, and the first PIN code received in the described scheduled time does not all meet
Preset requirement, then stop performing whether the first PIN code described in step signature terminal authentication meets preset requirement.
Method the most according to claim 1, it is characterised in that step signature terminal carries out numeral according to described Transaction Information
Signature, before generating signed data, also includes:
Intelligent terminal obtains the second PIN code of user's input;
Described second PIN code is sent by intelligent terminal to signature terminal;
Whether the second PIN code described in signature terminal authentication meets preset requirement;
If described second PIN code meets preset requirement, and signature terminal receives confirmation instruction, then signature terminal is according to described friendship
Easily information is digitally signed.
Method the most according to claim 1, it is characterised in that step intelligent terminal by the Transaction Information that gets in advance to
Signature apparatus sends and includes:
Intelligent terminal is connected/radio frequency connection by the bluetooth set up with signature terminal in advance, sends described transaction to signature terminal
Information;
Or, intelligent terminal, by the contact contact arranged in described signature terminal, sends described Transaction Information to signature terminal.
Method the most according to claim 1, it is characterised in that also include:
If in the scheduled time that signature terminal is after showing described second feature information, do not receive described confirmation instruction, then eventually
Only current process.
10. digital signature system, it is characterised in that including: intelligent terminal and signature terminal, described intelligent terminal includes first
Send module, the first computing module and the first display module;Described signature terminal include the second computing module, the second display module,
Signature blocks and the second sending module;
Sending module, sends to signature apparatus for the Transaction Information that will get in advance;
First computing module, for using the first default digest algorithm to calculate the fisrt feature information of described Transaction Information;
First display module, is used for showing described fisrt feature information;
Second computing module, for using the second default digest algorithm to calculate the second feature information of described Transaction Information;Its
In, described first digest algorithm is identical with described second digest algorithm;
Second display module, is used for showing described second feature information;
Signature blocks, if receiving confirmation instruction, then for being digitally signed according to described Transaction Information, to generate number of signature
According to;
Second sending module, for sending described signed data to described intelligent terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610370198.1A CN106059773B (en) | 2016-05-27 | 2016-05-27 | Digital signature method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610370198.1A CN106059773B (en) | 2016-05-27 | 2016-05-27 | Digital signature method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106059773A true CN106059773A (en) | 2016-10-26 |
| CN106059773B CN106059773B (en) | 2019-08-02 |
Family
ID=57172844
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610370198.1A Active CN106059773B (en) | 2016-05-27 | 2016-05-27 | Digital signature method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106059773B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051907A (en) * | 2007-05-14 | 2007-10-10 | 北京握奇数据系统有限公司 | Safety certifying method and its system for facing signature data |
| CN101247227A (en) * | 2007-02-15 | 2008-08-20 | 李东声 | Electric endorsement method and device |
| CN101562525A (en) * | 2009-04-30 | 2009-10-21 | 北京飞天诚信科技有限公司 | Method, device and system for signature |
| CN101588364A (en) * | 2009-03-31 | 2009-11-25 | 北京飞天诚信科技有限公司 | Signature method, device and system thereof |
| CN101820346A (en) * | 2010-05-04 | 2010-09-01 | 北京飞天诚信科技有限公司 | Secure digital signature method |
| CN102184353A (en) * | 2011-04-02 | 2011-09-14 | 方园 | Method for preventing online payment data from being intercepted |
| CN102651058A (en) * | 2012-03-30 | 2012-08-29 | 恒宝股份有限公司 | Method for realizing follow attack prevention in device with data sign determining function |
-
2016
- 2016-05-27 CN CN201610370198.1A patent/CN106059773B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101247227A (en) * | 2007-02-15 | 2008-08-20 | 李东声 | Electric endorsement method and device |
| CN101051907A (en) * | 2007-05-14 | 2007-10-10 | 北京握奇数据系统有限公司 | Safety certifying method and its system for facing signature data |
| CN101588364A (en) * | 2009-03-31 | 2009-11-25 | 北京飞天诚信科技有限公司 | Signature method, device and system thereof |
| CN101562525A (en) * | 2009-04-30 | 2009-10-21 | 北京飞天诚信科技有限公司 | Method, device and system for signature |
| CN101820346A (en) * | 2010-05-04 | 2010-09-01 | 北京飞天诚信科技有限公司 | Secure digital signature method |
| CN102184353A (en) * | 2011-04-02 | 2011-09-14 | 方园 | Method for preventing online payment data from being intercepted |
| CN102651058A (en) * | 2012-03-30 | 2012-08-29 | 恒宝股份有限公司 | Method for realizing follow attack prevention in device with data sign determining function |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106059773B (en) | 2019-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2679343C1 (en) | Verification of contactless payment card for issuing payment certificate for mobile device | |
| CN105027153A (en) | Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data | |
| CN107230068A (en) | Use the method and system of viewable numbers currency chip card payout figure currency | |
| CN107230050A (en) | The method and system of digital cash payment is carried out based on viewable numbers currency chip card | |
| CN105976177A (en) | NFC (near field communication)-oriented cloud payment method | |
| CN109829830A (en) | A danger marketing method, device, electronic equipment and computer readable storage medium | |
| KR102333811B1 (en) | System and method for processing card payment based on block-chain | |
| CN102521631A (en) | Intelligent financial IC card reading and writing method based on electronic identity card system | |
| TWI748630B (en) | Two-dimensional bar code payment method based on mobile phone business card and its payment system, computer readable storage medium and computer equipment | |
| CN105956839A (en) | Payment method and payment device applied to smart home platform | |
| CN102800153B (en) | The service downloading method and system of card swiping terminal | |
| CN101976403A (en) | Phone number payment platform, payment trading system and method thereof | |
| CN106980977A (en) | Payment system and its Payment Card based on Internet of Things | |
| US20120041882A1 (en) | Method of and computer programme for changing an identification code of a transaction authorisation medium | |
| US20180349885A1 (en) | Mobile device, method, computer program product and issuance system for configuring ticket co-branded credit card based on tokenization technology | |
| CN201993844U (en) | Mobile phone number payment platform and payment trade system | |
| CN107977841A (en) | The method and its terminal of two-dimension code safe payment are realized based on driving layer | |
| TWM618366U (en) | Online transaction system and bank server | |
| CN106059773A (en) | Digital signature method and system | |
| CN107230073A (en) | The method and system of payout figure currency between viewable numbers currency chip card | |
| CN107230076A (en) | The method and system of on-line payment digital cash | |
| KR101357786B1 (en) | Method for issue security card for electronic financial transaction and system thereof | |
| CN107918869A (en) | One kind is transferred accounts control method, device and terminal | |
| CN102332144B (en) | Bank electronic password produces system and applies the authentication method of this bank electronic password generation system | |
| TWI679603B (en) | System for assisting a financial card holder in setting password for the first time and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |