CN106059773B - Digital signature method and system - Google Patents
Digital signature method and system Download PDFInfo
- Publication number
- CN106059773B CN106059773B CN201610370198.1A CN201610370198A CN106059773B CN 106059773 B CN106059773 B CN 106059773B CN 201610370198 A CN201610370198 A CN 201610370198A CN 106059773 B CN106059773 B CN 106059773B
- Authority
- CN
- China
- Prior art keywords
- signature
- terminal
- intelligent terminal
- information
- transaction information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides digital signature method and systems, are related to safety verification field.Digital signature method provided by the invention, it passes through before showing Transaction Information, digest calculations first are carried out to Transaction Information, and then make intelligent terminal and terminal of signing calculates separately out the characteristic information of Transaction Information, and shown on intelligent terminal and signature terminal is characteristic information rather than the Transaction Information of plaintext.Even if hacker only has modified a small amount of content in Transaction Information, calculated characteristic information can also change a lot, this, which allows for user, more intuitive to determine that Transaction Information is by distorting with accurate, at this time, user should not then be digitally signed, and then ensure that hacker after distorting to Transaction Information, user can timely have found, will not incur loss.
Description
Technical field
The present invention relates to safety verification fields, in particular to digital signature method and system.
Background technique
With the development of internet technology, electronic information interaction technique has been obtained universal.From the angle of the information content,
The information of transmitting can be divided into two types, a type is to express the information of certain meaning, another then be fund.Not
It is usually required to the confirmation of informant before carrying out information exchange by the interaction for being which kind of information, to guarantee that information mentions
The information security of donor.When information exchange, transmitting is virtual information (data), and the confirmation of informant is then logical
Cross what the mode of digital signature was realized.General digital signature process is as follows:
1, smart machine (such as user mobile phone) reception/generation Transaction Information;
2, smart machine shows Transaction Information;
3, user checks the correctness of Transaction Information shown by smart machine, if correctly, operating smart machine will
Transaction Information is sent to digital signature device (usual smart machine is mutually independent with digital signature device)
4, whether the Transaction Information that user's check figures signature device is received, and shown is correct;
5, if the judging result of step 3 is yes, user's operation digital signature device generation digital signature;
6, the digital signature of generation is sent to smart machine by digital signature device, and smart machine can be according to connecing later
The digital signature received carries out subsequent transaction process, and digital signature is such as supplied to Internetbank center, Internetbank central authentication number label
It is entitled very after, just transfer accounts according to Transaction Information.
In the above process, the groundwork that user is done is step 2 and 3, and the specific process for checking Transaction Information is intelligence
Equipment first shows the details of Transaction Information on the display screen of itself, can also show on digital signature device later
The main contents of Transaction Information out, user can check whether the information shown on smart machine is correct, and
Whether identical check the shown Transaction Information come out on the shown Transaction Information and digital signature device come out of smart machine.
But there are certain loopholes, such as hacker, and trojan horse program can be implanted into smart machine in the above process, then, step
Information shown by rapid 2 is still normal information, and user executes step 3 after carrying out confirmation, at this time smart machine to
The content that digital signature device is sent is by distorting, but the content usually distorted is seldom, such as changes address information " ABCD "
For " ABCB " it is such it is small-scale distort, and the symbol for distorting front and back is very much like, and user is generally difficult to notice so thin
Small variation after being confirmed by digital signature device, will transfer accounts fund to wrong people in turn.
To sum up, since currently when being digitally signed, signature process is not rigorous enough, lead to transaction errors.
Summary of the invention
The purpose of the present invention is to provide digital signature methods and system, to improve the accuracy of digital signature.
In a first aspect, the embodiment of the invention provides digital signature methods, comprising:
Intelligent terminal sends the Transaction Information got in advance to signature apparatus;
Intelligent terminal calculates the fisrt feature information of Transaction Information using preset first digest algorithm, and shows that first is special
Reference breath;
Terminal of signing calculates the second feature information of Transaction Information using preset second digest algorithm, and shows that second is special
Reference breath;Wherein, the first digest algorithm is identical as the second digest algorithm;
If signature terminal receives confirmation instruction, it is digitally signed according to Transaction Information, to generate signed data;
Terminal of signing sends signed data to intelligent terminal.
With reference to first aspect, the embodiment of the invention provides the first possible embodiments of first aspect, wherein step
Suddenly intelligent terminal includes: using the fisrt feature information that preset first digest algorithm calculates Transaction Information
Intelligent terminal calculates the first summary info of Transaction Information using preset first digest algorithm;
Intelligent terminal extracts characteristic, and the characteristic that will be extracted respectively from multiple positions of summary info
Form fisrt feature information.
With reference to first aspect, the embodiment of the invention provides second of possible embodiments of first aspect, wherein step
Rapid intelligent terminal extracts characteristic respectively from multiple positions of summary info, and by the characteristic extracted composition the
One characteristic information includes:
The byte of predetermined figure in first summary info is obtained feature number to 10 modulus by intelligent terminal;
Intelligent terminal since feature number corresponding to byte, sequentially extract the byte of predetermined quantity as characteristic
According to;
The characteristic that intelligent terminal will extract calculates fisrt feature information to 10 modulus.
With reference to first aspect, the embodiment of the invention provides the third possible embodiments of first aspect, wherein the
The total bit of one characteristic information meets claimed below:
6 < X < 10, wherein X is the total bit of fisrt feature information.
With reference to first aspect, the embodiment of the invention provides the 4th kind of possible embodiments of first aspect, wherein
Step signature terminal is digitally signed according to Transaction Information, before generating signed data further include:
Intelligent terminal obtains the first PIN code of user's input;
Intelligent terminal sends the first PIN code to signature terminal;
Whether signature the first PIN code of terminal authentication meets preset requirement;
If the first PIN code meets preset requirement, terminal of signing, which generates, is digitally signed key used.
With reference to first aspect, the embodiment of the invention provides the 5th kind of possible embodiments of first aspect, wherein also
Include:
If receiving multiple first PIN codes in the predetermined time, and the first PIN code received in the predetermined time is not met
Preset requirement then stops executing whether step signature the first PIN code of terminal authentication meets preset requirement.
With reference to first aspect, the embodiment of the invention provides the 6th kind of possible embodiments of first aspect, wherein step
Rapid signature terminal is digitally signed according to Transaction Information, before generating signed data, further includes:
Intelligent terminal obtains the second PIN code of user's input;
Intelligent terminal sends the second PIN code to signature terminal;
Whether signature the second PIN code of terminal authentication meets preset requirement;
If the second PIN code meets preset requirement, and terminal of signing receives confirmation instruction, then terminal of signing is believed according to transaction
Breath is digitally signed.
With reference to first aspect, the embodiment of the invention provides the 7th kind of possible embodiments of first aspect, wherein step
Rapid intelligent terminal, which sends the Transaction Information got in advance to signature apparatus, includes:
Intelligent terminal is connect by the bluetooth connection/radio frequency established in advance with signature terminal, sends transaction to signature terminal
Information;
Or, intelligent terminal sends Transaction Information to signature terminal by the contact contact being arranged in signature terminal.
With reference to first aspect, the embodiment of the invention provides the 8th kind of possible embodiments of first aspect, wherein also
Include:
If signature terminal was shown in the predetermined time after second feature information, confirmation instruction is not received, then terminates and works as
Preceding process.
Second aspect, the embodiment of the invention also provides digital signature systems, comprising: intelligent terminal and signature terminal, intelligence
Energy terminal includes the first sending module, the first computing module and the first display module;Terminal of signing includes the second computing module, the
Two display modules, signature blocks and the second sending module;
Sending module, for sending the Transaction Information got in advance to signature apparatus;
First computing module, for using preset first digest algorithm to calculate the fisrt feature information of Transaction Information;
First display module, for showing fisrt feature information;
Second computing module, for using preset second digest algorithm to calculate the second feature information of Transaction Information;Its
In, the first digest algorithm is identical as the second digest algorithm;
Second display module, for showing second feature information;
Signature blocks, if confirmation instruction is received, for being digitally signed according to Transaction Information, to generate number of signature
According to;
Second sending module, for sending signed data to intelligent terminal.
Digital signature method provided in an embodiment of the present invention, using condition code verification by the way of, with it is in the prior art
When verification, intelligent terminal and signature apparatus can be in the plaintexts that it shows screen display Transaction Information, and causing to work as has
After hacker is implanted into wooden horse in intelligent terminal, so that plaintext shown on plaintext and intelligent terminal shown on signature apparatus
A small amount of difference is had, user will cause the knot being digitally signed to the Transaction Information of mistake in the case where not going through
Fruit finally makes user incur loss and compares, by first carrying out digest calculations to Transaction Information before showing Transaction Information, into
And intelligent terminal and signature terminal is set to calculate separately out the characteristic information of Transaction Information, and on intelligent terminal and signature terminal
Shown is characteristic information rather than the Transaction Information of plaintext.Even if hacker only has modified a small amount of content in Transaction Information,
Calculated characteristic information can also change a lot, this allows for user being capable of more intuitive and accurate determining transaction letter
Breath is at this point, user should not then be digitally signed, and then to ensure that user will not incur loss by distorting.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows the basic flow chart of digital signature method provided by the embodiment of the present invention;
Fig. 2 shows the basic framework figures of digital signature system provided by the embodiment of the present invention.
Specific embodiment
Below in conjunction with attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete
Ground description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Usually exist
The component of the embodiment of the present invention described and illustrated in attached drawing can be arranged and be designed with a variety of different configurations herein.Cause
This, is not intended to limit claimed invention to the detailed description of the embodiment of the present invention provided in the accompanying drawings below
Range, but it is merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art are not doing
Every other embodiment obtained under the premise of creative work out, shall fall within the protection scope of the present invention.
Digital signature technology can be improved the life convenience of user, the also network for following digital signature technology to rise
Authorization technique, e-Bank payment technology etc..Wherein, large-scale popularization has been obtained in e-Bank payment technology, and certain
Instead of paying in cash on field.Many kinds of, the common such as POS machine payment, Alipay payment of e-Bank payment.But
Whether which kind of means of payment, technological core are digital signature (authorizations).In the following, just occur in the related technology one
As e-Bank payment process be illustrated.
The early stage of development of e-Bank payment, the general safety for guaranteeing transaction using intelligent code key, that is, pass through intelligent cipher
Key carries out certificate login and digital signature identification to customer transaction, guarantees the safety of transaction.Its workflow is as follows:
1, intelligent code key is inserted into computer by user, and opens the application program in computer;
2, application program accesses cipher key, prompts user to input PIN code (personal authentication code) on computer screen;
3, the personal authentication code that application program inputs user is sent to cipher key;
4, cipher key checks the PIN code that user inputs with the PIN code being pre-stored in cipher key, if consistent
Think that user passes through verification, the termination process if inconsistent;
5, after the verification that the PIN code of user's input passes through cipher key, then user obtains permission, can permit active user
Using the certificate and key stored in cipher key, and then start network bank business;
6, when user starts network bank business, application program by Transaction Information, (such as believe substantially by transaction amount, both parties
Breath) it is sent to cipher key, cipher key signs to Transaction Information, and the Transaction Information for carrying digital signature is returned
To application program, the Transaction Information for carrying digital signature is sent Internetbank platform, last Internetbank platform validation number by application program
After word signature is legal, complete this time to trade according to the content of Transaction Information.
In general, cipher key is kept properly by user oneself, and only one, therefore the above method can be with
The safety of guarantee customer transaction is that cannot be stolen using application program if other people do not have cipher key to a certain extent
User resources.
But above method is also leaky, after user finishes transaction, may forget cipher key and computer/mobile phone etc.
Equipment disconnects, at this moment if there are trojan horse program in these equipment, if these trojan horse programs can with the operation of analog subscriber,
Operation application and cipher key realize other transaction, the fund in user account are transferred.
In order to solve the problems, such as to occur above the cipher key of the second generation, the cipher key of referred to as visual key type, this
Kind cipher key has key and display screen, and when user transacts business, Transaction Information is issued cipher key by application program,
At this moment cipher key does not calculate digital signature at once, but Transaction Information is shown on the display screen, waits user
Key response, if user presses acknowledgement key, cipher key ability accounting calculates digital signature, digital signature is then returned to application
Program.
As it can be seen that the cipher key of visual key type, the attack of trojan horse can be taken precautions against to a certain extent, but there is also
Loophole.Although it is possible to prevente effectively from user is using the operational risk disconnected is forgotten after complete cipher key, in process of exchange
In, trojan horse program still is possible to that Transaction Information can be changed, and such as shows on the screen of cipher key and confirms different from user
Information, at this moment if user is half-hearted to check content shown by screen, after user presses confirmation key, trojan horse program
The digital signature of illegal transaction can still be obtained.Especially when trojan horse program only modifies to a malapropism or symbol (such as
" time " has been changed to " marquis "), the more difficult discovery mistake of user.
For this kind of situation, this application provides digital signature methods, as shown in Figure 1, including the following steps:
S101, intelligent terminal send the Transaction Information got in advance to signature apparatus;
S102, intelligent terminal calculate the fisrt feature information of Transaction Information using preset first digest algorithm, and show
Fisrt feature information;
S103, signature terminal calculate the second feature information of Transaction Information using preset second digest algorithm, and show
Second feature information;Wherein, the first digest algorithm is identical as the second digest algorithm;
S104 is digitally signed, to generate number of signature if signature terminal receives confirmation instruction according to Transaction Information
According to;
S105, signature terminal send signed data to intelligent terminal.
In step S101, intelligent terminal refers to such as mobile phone, POS machine smart machine.Friendship accessed by intelligent terminal
Easy information can be network-side (such as Internetbank center, other intelligent terminals) is sent to it, and be also possible to intelligent terminal according to net
What content transmitted by network end was locally generated, the application is to the source of Transaction Information and without limitation.It is digitally signed
Need of work is completed by signature terminal, thus, intelligent terminal needs to be supplied to friendship to signature terminal after getting Transaction Information
Easy information, what is sent herein remains the plaintext of Transaction Information.
In step S102, the Transaction Information of plaintext other than being sent to signature terminal by intelligent terminal, it is also necessary to be calculated just
In the information that user is checked, i.e. characteristic information.In view of the convenience of verification, algorithm as used herein should abstract
Algorithm, i.e. intelligent terminal need to calculate the summary info of Transaction Information, and then are made using the whole of summary info, or a part
For fisrt feature information.After generating fisrt feature information, signature terminal needs to show the fisrt feature information in intelligence
On the display of energy terminal, so as to user's verification.
In step S103, signature terminal needs use digest algorithm identical with intelligent terminal to calculate second feature letter
Breath, and the second feature information is shown on its display screen, so that user checks.
Since the characteristic of digest algorithm passes through digest algorithm even if hacker only has modified a small amount of content in Transaction Information
Calculated abstract is also to have very big difference.In turn, (refer to that calculating is public the first digest algorithm is identical as the second digest algorithm
Formula, calculating process are identical) in the case where, if intelligent terminal carries out the Transaction Information of digest calculations and signature terminal carries out
The Transaction Information of digest calculations is different (resulting in the two Transaction Informations difference by hacker's modification), then the spy that the two finally obtains
Reference breath is just very different, and user is very easy to find the difference of two characteristic informations.Wherein, the first digest algorithm and second is plucked
Algorithm is wanted to be set in advance in intelligent terminal and signature terminal inner, as that there can be believable third party to complete digest algorithm
Write-in.Since digest algorithm is non-reversible algorithm, i.e., calculating process, therefore its confidentiality cannot be derived by calculated result
It is preferable.
It, should also be at intelligent end in addition to above-mentioned respectively in the display screen display characteristic information of intelligent terminal and signature terminal
End, and/or signature terminal display screen display Transaction Information plaintext, in order to which user to checking in plain text, display is bright
The mode of text belongs in digital signature procedure can not do excessive explanation by the way of herein.It should be noted that if main
What is considered is the problem of reducing verification risk, in method provided herein, preferably in signature terminal and intelligent terminal
Show the plaintext of Transaction Information;If primary concern is that the problem of reducing signature terminal complexity, provided herein
In method, all plaintexts of Transaction Information are preferably shown by intelligent terminal, the main contents of Transaction Information are shown by signature terminal
(such as transaction amount, remittance account and sender information), or signature terminal do not show any of the Transaction Information of plaintext
Content.
After intelligent terminal and signature terminal respectively illustrate characteristic information, user can check the two characteristic informations
It is whether identical, and instructed from user to signature terminal input validation.In step S104, signature terminal has received confirmation instruction
Later, Transaction Information can be digitally signed in a general manner, and then generates signed data, terminal of signing later
Signed data is sent to intelligent terminal, all tasks of signature terminal can be completed.Subsequent step summarizes, and intelligent terminal needs
Signed data is sent to Internetbank center to check, if the signed data is very, Internetbank center can be according to Transaction Information
In content transfer accounts.
The verification for replacing cleartext information using the verification of characteristic information can reduce workload (the feature letter of user's verification
Quantity of the quantity of breath far fewer than cleartext information), also can be when two characteristic information differences, it is evident that sent out by user
It is existing.
In order to improve characteristic information verification effect, the calculating process of characteristic information can also be advanced optimized,
Due to intelligent terminal and signature terminal calculate characteristic information process be it is identical, herein only to intelligent terminal carry out characteristic information
The process of calculating carries out refinement explanation.
That is, step S102, intelligent terminal calculates the fisrt feature information of Transaction Information using preset first digest algorithm,
It can be made of following two steps:
11, intelligent terminal calculates the first summary info of Transaction Information using preset first digest algorithm;
12, intelligent terminal extracts characteristic, and the feature that will be extracted respectively from multiple positions of summary info
Data form fisrt feature information.
It is, characteristic information is not the whole of summary info, and only a part of summary info, just can in this way
Further decrease the workload of user's verification.Specifically, intelligent terminal can only believe transaction when calculating summary info
Main information (such as remitter address, account and money transfer amount) in breath calculates, rather than to complete in Transaction Information
Portion's information is calculated.The workload of user's verification can not only be reduced in this way, additionally it is possible to guarantee the relative fullness of information.
In step 12, such as calculated summary info has 100 bytes, then the characteristic extracted can be continuously
10-20 bytes;It is also possible to discrete the 10th, 20,30,40 ... waits byte on positions.
Further, step 12 can be made of following steps:
121, the byte of predetermined figure in the first summary info is obtained feature number to 10 modulus by intelligent terminal;
122, intelligent terminal byte corresponding to the feature number, the byte of predetermined quantity is sequentially extracted as special
Levy data;
123, the characteristic that intelligent terminal will extract calculates fisrt feature information to 10 modulus.
Wherein, the byte in predetermined position can be manually set, such as first character section, the 25th byte.Such as calculate
Feature number be 9, then in 122 steps, intelligent terminal sequence should extract predetermined quantity (such as 8- since the 9th byte
12) byte, as characteristic.Such mode continuously extracted can be avoided random extract and caused by low probability be overlapped
Problem.
Step 123 later will extract obtained characteristic and calculate fisrt feature information to 10 modulus.Consider
It is very few to calculated characteristic information digit, then the function of its verification can be reduced, digit is excessive, then will lead to user and need to spend
The a large amount of time is compared, and therefore, in method provided herein, the total bit of fisrt feature information meets following want
It asks: 6 < X < 10, wherein X is the total bit of fisrt feature information.
The process of above-mentioned calculating fisrt feature information is identical with the process of second feature information is calculated, herein no longer
The Optimization Steps of second feature information are illustrated.
Verification in addition to using characteristic information replaces the verification of the Transaction Information of plaintext, in method provided herein,
The function of veritification is also increased when user operates signature terminal.It is embodied in two aspects, first aspect
It is signature terminal when generating key used in digital signature, needs to carry out the verifying of PIN code;Second aspect is signature
Terminal needs to carry out PIN code verifying before executing digital signature.The two aspects play guarantee signature terminal not respectively
Easily it can be tampered and use, and then ensure the transaction security of user.Wherein, key herein refers to cipher key pair
Private key (is encrypted), and public key corresponding to the private key is can to export that (public key is usually destined to the authentication mechanisms such as CA, goes to make
Make digital certificate), with mechanisms such as the host computer, the Internetbank centers that are supplied to needs.Under normal circumstances, private key is stored in signature dress
It in the safety chip set, and can not be modified, private key can not be exported forever, and public key then can be exported arbitrarily.
Below pair in a first aspect, being illustrated to the process of key used when generating digital signature, this kind of situation
Under, signature terminal is without input keyboard, and the approach that terminal of signing obtains PIN code can only be that intelligent terminal is sent to it
, thus at this point, the process for carrying out key generation includes the following steps:
User's operation intelligent terminal initiates the request of resetting/generation key to signature terminal;
User's operation intelligent terminal inputs preset PIN code, i.e. the first PIN code;
Intelligent terminal obtains the first PIN code of user's input;
Intelligent terminal sends the first PIN code to signature terminal;
Whether signature the first PIN code of terminal authentication meets preset requirement;
If the first PIN code meets preset requirement, terminal of signing, which generates, is digitally signed key used.
There are two types of state when generating key, the first state is that key has been had existed in signature terminal, second
It is that there are no there are keys in signature terminal.When the first state, when thering is new key to generate, then terminal of signing
Original just existing key can be replaced using new key automatically, and generate new key, replacement in storage inside it
The time of primary key, and old key existing for script is deleted;When second of state, it then be used directly newly-generated close
Key is as the key being digitally signed in subsequent process.
Certainly, hacker may control signature terminal by the way of multiple trial and error, in order to guarantee the peace of signature terminal
Entirely, it should be signature terminal and increases safety protecting mechanism, it may be assumed that
If receiving multiple first PIN codes in the predetermined time, and the first PIN code received in the predetermined time is not met
Preset requirement then stops executing whether step signature the first PIN code of terminal authentication meets preset requirement.
That is, when receive multiple first PIN codes, and each PIN code it is different from local pre-stored PIN code when
It waits, should just stop the function of PIN code verification.
Below to second aspect, i.e. signature terminal before executing digital signature, need to carry out the process of PIN code verifying into
Row explanation.Likewise, signature terminal is without input keyboard, and terminal of signing obtains the approach of PIN code only in the case of this kind
It can be that intelligent terminal is sent to it, thus at this point, the process for carrying out key generation includes the following steps:
Intelligent terminal obtains the second PIN code of user's input;
Intelligent terminal sends the second PIN code to signature terminal;
Whether signature the second PIN code of terminal authentication meets preset requirement;
If the second PIN code meets preset requirement, and terminal of signing receives confirmation instruction, then terminal of signing is believed according to transaction
Breath is digitally signed.
Wherein, it after confirmation instruction is the confirmation key that user passes through in pressing signature terminal end surface, is generated by signature terminal
's.Cancel key it is, of course, also possible to be arranged on the surface of signature terminal, it is just automatic whole when user, which presses, cancels key
Fluid stopping journey.
The case where termination process is predetermined time after terminal of signing shows second feature information there are also another kind
In (such as 10 seconds), confirmation instruction is never received, then it will be understood that user has been moved off, should also be as terminating current stream at this time
Journey.
Further, in method provided by the present application, step intelligent terminal fills the Transaction Information got in advance to signature
The following two kinds concrete implementation mode can be had by setting transmission:
The first, intelligent terminal is connect by the bluetooth connection/radio frequency established in advance with signature terminal, to signature terminal hair
Send Transaction Information;
Second, intelligent terminal sends Transaction Information to signature terminal by the contact contact being arranged in signature terminal.
Wherein, contact contact is arranged on the surface of signature terminal.And when intelligent terminal by bluetooth/radio frequency with
After signature terminal is attached, signature apparatus is just automatically stopped through contact contact and extraneous progress data interaction.When intelligent end
After end is attached by contact contact and signature terminal, signature apparatus, which is just automatically stopped, to be carried out by bluetooth/radio frequency with extraneous
Data interaction.
Corresponding with digital signature method, the embodiment of the present application also provides digital signature systems, as shown in Fig. 2, packet
Include: intelligent terminal and signature terminal, intelligent terminal include the first sending module, the first computing module and the first display module;Label
Name terminal includes the second computing module, the second display module, signature blocks and the second sending module;
Sending module, for sending the Transaction Information got in advance to signature apparatus;
First computing module, for using preset first digest algorithm to calculate the fisrt feature information of Transaction Information;
First display module, for showing fisrt feature information;
Second computing module, for using preset second digest algorithm to calculate the second feature information of Transaction Information;Its
In, the first digest algorithm is identical as the second digest algorithm;
Second display module, for showing second feature information;
Signature blocks, if confirmation instruction is received, for being digitally signed according to Transaction Information, to generate number of signature
According to;
Second sending module, for sending signed data to intelligent terminal.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit,
Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can
To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for
The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect
Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. digital signature method characterized by comprising
Intelligent terminal sends the Transaction Information got in advance to signature apparatus;
Intelligent terminal calculates the fisrt feature information of the Transaction Information using preset first digest algorithm, and shows described
One characteristic information;
Signature terminal calculates the second feature information of the Transaction Information using preset second digest algorithm, and shows described the
Two characteristic informations;Wherein, first digest algorithm is identical as second digest algorithm;
If signature terminal receives confirmation instruction, it is digitally signed according to the Transaction Information, to generate signed data;
Signature terminal sends the signed data to the intelligent terminal.
2. the method according to claim 1, wherein intelligent terminal described in step is calculated using preset first abstract
The fisrt feature information that method calculates the Transaction Information includes:
Intelligent terminal calculates the first summary info of the Transaction Information using preset first digest algorithm;
Intelligent terminal extracts characteristic respectively from multiple positions of the summary info, and by the feature extracted
Data form fisrt feature information.
3. according to the method described in claim 2, it is characterized in that, intelligent terminal described in step is from the multiple of the summary info
Characteristic is extracted in position respectively, and includes: by the characteristic composition fisrt feature information extracted
The byte of predetermined figure in first summary info is obtained feature number to 10 modulus by intelligent terminal;
Intelligent terminal byte corresponding to the feature number, the byte of predetermined quantity is sequentially extracted as characteristic
According to;
The characteristic extracted is calculated the fisrt feature information to 10 modulus by intelligent terminal.
4. according to the method described in claim 3, it is characterized in that, the total bit of the fisrt feature information meets following want
It asks:
6 < X < 10, wherein X is the total bit of the fisrt feature information.
5. the method according to claim 1, wherein being counted in step signature terminal according to the Transaction Information
Word signature, before generating signed data further include:
Intelligent terminal obtains the first PIN code of user's input;
Intelligent terminal sends first PIN code to signature terminal;
Whether the first PIN code described in signature terminal authentication meets preset requirement;
If first PIN code meets preset requirement, terminal of signing, which generates, carries out key used in the digital signature.
6. according to the method described in claim 5, it is characterized by further comprising:
If receiving multiple first PIN codes in the predetermined time, and the first PIN code received in the predetermined time is not met
Preset requirement then stops executing whether the first PIN code described in step signature terminal authentication meets preset requirement.
7. terminal carries out number according to the Transaction Information the method according to claim 1, wherein step is signed
Signature, before generating signed data, further includes:
Intelligent terminal obtains the second PIN code of user's input;
Intelligent terminal sends second PIN code to signature terminal;
Whether the second PIN code described in signature terminal authentication meets preset requirement;
If second PIN code meets preset requirement, and terminal of signing receives confirmation instruction, then terminal of signing is according to the friendship
Easy information is digitally signed.
8. the method according to claim 1, wherein step intelligent terminal by the Transaction Information got in advance to
Signature apparatus is sent
Intelligent terminal is connect by the bluetooth connection/radio frequency established in advance with signature terminal, sends the transaction to signature terminal
Information;
Or, intelligent terminal sends the Transaction Information to signature terminal by the contact contact being arranged in the signature terminal.
9. the method according to claim 1, wherein further include:
If terminal of signing was shown in the predetermined time after the second feature information, the confirmation instruction is not received, then eventually
Only current process.
10. digital signature system characterized by comprising intelligent terminal and signature terminal, the intelligent terminal include the first hair
Send module, the first computing module and the first display module;The signature terminal include the second computing module, the second display module,
Signature blocks and the second sending module;
Sending module, for sending the Transaction Information got in advance to signature apparatus;
First computing module, for calculating the fisrt feature information of the Transaction Information using preset first digest algorithm;
First display module, for showing the fisrt feature information;
Second computing module, for calculating the second feature information of the Transaction Information using preset second digest algorithm;Its
In, first digest algorithm is identical as second digest algorithm;
Second display module, for showing the second feature information;
Signature blocks, if confirmation instruction is received, for being digitally signed according to the Transaction Information, to generate number of signature
According to;
Second sending module, for sending the signed data to the intelligent terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610370198.1A CN106059773B (en) | 2016-05-27 | 2016-05-27 | Digital signature method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610370198.1A CN106059773B (en) | 2016-05-27 | 2016-05-27 | Digital signature method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106059773A CN106059773A (en) | 2016-10-26 |
| CN106059773B true CN106059773B (en) | 2019-08-02 |
Family
ID=57172844
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610370198.1A Active CN106059773B (en) | 2016-05-27 | 2016-05-27 | Digital signature method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106059773B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051907A (en) * | 2007-05-14 | 2007-10-10 | 北京握奇数据系统有限公司 | Safety certifying method and its system for facing signature data |
| CN101247227A (en) * | 2007-02-15 | 2008-08-20 | 李东声 | Electric endorsement method and device |
| CN101562525A (en) * | 2009-04-30 | 2009-10-21 | 北京飞天诚信科技有限公司 | Method, device and system for signature |
| CN101588364A (en) * | 2009-03-31 | 2009-11-25 | 北京飞天诚信科技有限公司 | Signature method, device and system thereof |
| CN101820346A (en) * | 2010-05-04 | 2010-09-01 | 北京飞天诚信科技有限公司 | Secure digital signature method |
| CN102184353A (en) * | 2011-04-02 | 2011-09-14 | 方园 | Method for preventing online payment data from being intercepted |
| CN102651058A (en) * | 2012-03-30 | 2012-08-29 | 恒宝股份有限公司 | Method for realizing follow attack prevention in device with data sign determining function |
-
2016
- 2016-05-27 CN CN201610370198.1A patent/CN106059773B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101247227A (en) * | 2007-02-15 | 2008-08-20 | 李东声 | Electric endorsement method and device |
| CN101051907A (en) * | 2007-05-14 | 2007-10-10 | 北京握奇数据系统有限公司 | Safety certifying method and its system for facing signature data |
| CN101588364A (en) * | 2009-03-31 | 2009-11-25 | 北京飞天诚信科技有限公司 | Signature method, device and system thereof |
| CN101562525A (en) * | 2009-04-30 | 2009-10-21 | 北京飞天诚信科技有限公司 | Method, device and system for signature |
| CN101820346A (en) * | 2010-05-04 | 2010-09-01 | 北京飞天诚信科技有限公司 | Secure digital signature method |
| CN102184353A (en) * | 2011-04-02 | 2011-09-14 | 方园 | Method for preventing online payment data from being intercepted |
| CN102651058A (en) * | 2012-03-30 | 2012-08-29 | 恒宝股份有限公司 | Method for realizing follow attack prevention in device with data sign determining function |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106059773A (en) | 2016-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2679343C1 (en) | Verification of contactless payment card for issuing payment certificate for mobile device | |
| CN108027926B (en) | Authentication system and method for service-based payment | |
| CN105027153A (en) | Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data | |
| US20130185209A1 (en) | Transaction-based one time password (otp) payment system | |
| KR20210024669A (en) | Cloud-based transactions methods and systems | |
| US11017389B2 (en) | Systems, methods and computer program products for OTP based authorization of electronic payment transactions | |
| CN104883293B (en) | Method for message interaction and relevant apparatus and communication system | |
| CN106875177A (en) | Order processing method, device and paying server | |
| CN103400265A (en) | Quick payment method and system based on position information | |
| US11403633B2 (en) | Method for sending digital information | |
| CN102238193A (en) | Data authentication method and system using same | |
| CN103942897A (en) | Method for money withdrawing without card on ATM | |
| CN106411950A (en) | Block-chain transaction ID based authentication method, device and system | |
| CN104933565A (en) | IC card transaction method and IC card transaction system | |
| CN106548338A (en) | The method and system of resource numerical value transfer | |
| CN110084586B (en) | Mobile terminal secure payment system and method | |
| KR102333811B1 (en) | System and method for processing card payment based on block-chain | |
| CN104753940B (en) | A kind of method to issue invoice, common invoice self-service terminal and server | |
| CN111052671A (en) | System for secure authentication of user identity in an electronic system for banking transactions | |
| US11301840B1 (en) | Systems and methods for provisioning point of sale terminals | |
| KR101772358B1 (en) | Method for Automatic Identifying Other Companies Application for Registration of Payment Means | |
| US20210390546A1 (en) | Systems and Methods for Secure Transaction Processing | |
| CN106059773B (en) | Digital signature method and system | |
| US11410170B2 (en) | Systems, methods and computer program products for securing OTPS | |
| CN106961417A (en) | Auth method based on ciphertext |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |