CN106059773B - Digital signature method and system - Google Patents

Digital signature method and system Download PDF

Info

Publication number
CN106059773B
CN106059773B CN201610370198.1A CN201610370198A CN106059773B CN 106059773 B CN106059773 B CN 106059773B CN 201610370198 A CN201610370198 A CN 201610370198A CN 106059773 B CN106059773 B CN 106059773B
Authority
CN
China
Prior art keywords
signature
terminal
intelligent terminal
information
transaction information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610370198.1A
Other languages
Chinese (zh)
Other versions
CN106059773A (en
Inventor
王刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen DTEC Electronic Technology Co Ltd
Original Assignee
Shenzhen DTEC Electronic Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen DTEC Electronic Technology Co Ltd filed Critical Shenzhen DTEC Electronic Technology Co Ltd
Priority to CN201610370198.1A priority Critical patent/CN106059773B/en
Publication of CN106059773A publication Critical patent/CN106059773A/en
Application granted granted Critical
Publication of CN106059773B publication Critical patent/CN106059773B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides digital signature method and systems, are related to safety verification field.Digital signature method provided by the invention, it passes through before showing Transaction Information, digest calculations first are carried out to Transaction Information, and then make intelligent terminal and terminal of signing calculates separately out the characteristic information of Transaction Information, and shown on intelligent terminal and signature terminal is characteristic information rather than the Transaction Information of plaintext.Even if hacker only has modified a small amount of content in Transaction Information, calculated characteristic information can also change a lot, this, which allows for user, more intuitive to determine that Transaction Information is by distorting with accurate, at this time, user should not then be digitally signed, and then ensure that hacker after distorting to Transaction Information, user can timely have found, will not incur loss.

Description

Digital signature method and system
Technical field
The present invention relates to safety verification fields, in particular to digital signature method and system.
Background technique
With the development of internet technology, electronic information interaction technique has been obtained universal.From the angle of the information content, The information of transmitting can be divided into two types, a type is to express the information of certain meaning, another then be fund.Not It is usually required to the confirmation of informant before carrying out information exchange by the interaction for being which kind of information, to guarantee that information mentions The information security of donor.When information exchange, transmitting is virtual information (data), and the confirmation of informant is then logical Cross what the mode of digital signature was realized.General digital signature process is as follows:
1, smart machine (such as user mobile phone) reception/generation Transaction Information;
2, smart machine shows Transaction Information;
3, user checks the correctness of Transaction Information shown by smart machine, if correctly, operating smart machine will Transaction Information is sent to digital signature device (usual smart machine is mutually independent with digital signature device)
4, whether the Transaction Information that user's check figures signature device is received, and shown is correct;
5, if the judging result of step 3 is yes, user's operation digital signature device generation digital signature;
6, the digital signature of generation is sent to smart machine by digital signature device, and smart machine can be according to connecing later The digital signature received carries out subsequent transaction process, and digital signature is such as supplied to Internetbank center, Internetbank central authentication number label It is entitled very after, just transfer accounts according to Transaction Information.
In the above process, the groundwork that user is done is step 2 and 3, and the specific process for checking Transaction Information is intelligence Equipment first shows the details of Transaction Information on the display screen of itself, can also show on digital signature device later The main contents of Transaction Information out, user can check whether the information shown on smart machine is correct, and Whether identical check the shown Transaction Information come out on the shown Transaction Information and digital signature device come out of smart machine.
But there are certain loopholes, such as hacker, and trojan horse program can be implanted into smart machine in the above process, then, step Information shown by rapid 2 is still normal information, and user executes step 3 after carrying out confirmation, at this time smart machine to The content that digital signature device is sent is by distorting, but the content usually distorted is seldom, such as changes address information " ABCD " For " ABCB " it is such it is small-scale distort, and the symbol for distorting front and back is very much like, and user is generally difficult to notice so thin Small variation after being confirmed by digital signature device, will transfer accounts fund to wrong people in turn.
To sum up, since currently when being digitally signed, signature process is not rigorous enough, lead to transaction errors.
Summary of the invention
The purpose of the present invention is to provide digital signature methods and system, to improve the accuracy of digital signature.
In a first aspect, the embodiment of the invention provides digital signature methods, comprising:
Intelligent terminal sends the Transaction Information got in advance to signature apparatus;
Intelligent terminal calculates the fisrt feature information of Transaction Information using preset first digest algorithm, and shows that first is special Reference breath;
Terminal of signing calculates the second feature information of Transaction Information using preset second digest algorithm, and shows that second is special Reference breath;Wherein, the first digest algorithm is identical as the second digest algorithm;
If signature terminal receives confirmation instruction, it is digitally signed according to Transaction Information, to generate signed data;
Terminal of signing sends signed data to intelligent terminal.
With reference to first aspect, the embodiment of the invention provides the first possible embodiments of first aspect, wherein step Suddenly intelligent terminal includes: using the fisrt feature information that preset first digest algorithm calculates Transaction Information
Intelligent terminal calculates the first summary info of Transaction Information using preset first digest algorithm;
Intelligent terminal extracts characteristic, and the characteristic that will be extracted respectively from multiple positions of summary info Form fisrt feature information.
With reference to first aspect, the embodiment of the invention provides second of possible embodiments of first aspect, wherein step Rapid intelligent terminal extracts characteristic respectively from multiple positions of summary info, and by the characteristic extracted composition the One characteristic information includes:
The byte of predetermined figure in first summary info is obtained feature number to 10 modulus by intelligent terminal;
Intelligent terminal since feature number corresponding to byte, sequentially extract the byte of predetermined quantity as characteristic According to;
The characteristic that intelligent terminal will extract calculates fisrt feature information to 10 modulus.
With reference to first aspect, the embodiment of the invention provides the third possible embodiments of first aspect, wherein the The total bit of one characteristic information meets claimed below:
6 < X < 10, wherein X is the total bit of fisrt feature information.
With reference to first aspect, the embodiment of the invention provides the 4th kind of possible embodiments of first aspect, wherein Step signature terminal is digitally signed according to Transaction Information, before generating signed data further include:
Intelligent terminal obtains the first PIN code of user's input;
Intelligent terminal sends the first PIN code to signature terminal;
Whether signature the first PIN code of terminal authentication meets preset requirement;
If the first PIN code meets preset requirement, terminal of signing, which generates, is digitally signed key used.
With reference to first aspect, the embodiment of the invention provides the 5th kind of possible embodiments of first aspect, wherein also Include:
If receiving multiple first PIN codes in the predetermined time, and the first PIN code received in the predetermined time is not met Preset requirement then stops executing whether step signature the first PIN code of terminal authentication meets preset requirement.
With reference to first aspect, the embodiment of the invention provides the 6th kind of possible embodiments of first aspect, wherein step Rapid signature terminal is digitally signed according to Transaction Information, before generating signed data, further includes:
Intelligent terminal obtains the second PIN code of user's input;
Intelligent terminal sends the second PIN code to signature terminal;
Whether signature the second PIN code of terminal authentication meets preset requirement;
If the second PIN code meets preset requirement, and terminal of signing receives confirmation instruction, then terminal of signing is believed according to transaction Breath is digitally signed.
With reference to first aspect, the embodiment of the invention provides the 7th kind of possible embodiments of first aspect, wherein step Rapid intelligent terminal, which sends the Transaction Information got in advance to signature apparatus, includes:
Intelligent terminal is connect by the bluetooth connection/radio frequency established in advance with signature terminal, sends transaction to signature terminal Information;
Or, intelligent terminal sends Transaction Information to signature terminal by the contact contact being arranged in signature terminal.
With reference to first aspect, the embodiment of the invention provides the 8th kind of possible embodiments of first aspect, wherein also Include:
If signature terminal was shown in the predetermined time after second feature information, confirmation instruction is not received, then terminates and works as Preceding process.
Second aspect, the embodiment of the invention also provides digital signature systems, comprising: intelligent terminal and signature terminal, intelligence Energy terminal includes the first sending module, the first computing module and the first display module;Terminal of signing includes the second computing module, the Two display modules, signature blocks and the second sending module;
Sending module, for sending the Transaction Information got in advance to signature apparatus;
First computing module, for using preset first digest algorithm to calculate the fisrt feature information of Transaction Information;
First display module, for showing fisrt feature information;
Second computing module, for using preset second digest algorithm to calculate the second feature information of Transaction Information;Its In, the first digest algorithm is identical as the second digest algorithm;
Second display module, for showing second feature information;
Signature blocks, if confirmation instruction is received, for being digitally signed according to Transaction Information, to generate number of signature According to;
Second sending module, for sending signed data to intelligent terminal.
Digital signature method provided in an embodiment of the present invention, using condition code verification by the way of, with it is in the prior art When verification, intelligent terminal and signature apparatus can be in the plaintexts that it shows screen display Transaction Information, and causing to work as has After hacker is implanted into wooden horse in intelligent terminal, so that plaintext shown on plaintext and intelligent terminal shown on signature apparatus A small amount of difference is had, user will cause the knot being digitally signed to the Transaction Information of mistake in the case where not going through Fruit finally makes user incur loss and compares, by first carrying out digest calculations to Transaction Information before showing Transaction Information, into And intelligent terminal and signature terminal is set to calculate separately out the characteristic information of Transaction Information, and on intelligent terminal and signature terminal Shown is characteristic information rather than the Transaction Information of plaintext.Even if hacker only has modified a small amount of content in Transaction Information, Calculated characteristic information can also change a lot, this allows for user being capable of more intuitive and accurate determining transaction letter Breath is at this point, user should not then be digitally signed, and then to ensure that user will not incur loss by distorting.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows the basic flow chart of digital signature method provided by the embodiment of the present invention;
Fig. 2 shows the basic framework figures of digital signature system provided by the embodiment of the present invention.
Specific embodiment
Below in conjunction with attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete Ground description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Usually exist The component of the embodiment of the present invention described and illustrated in attached drawing can be arranged and be designed with a variety of different configurations herein.Cause This, is not intended to limit claimed invention to the detailed description of the embodiment of the present invention provided in the accompanying drawings below Range, but it is merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art are not doing Every other embodiment obtained under the premise of creative work out, shall fall within the protection scope of the present invention.
Digital signature technology can be improved the life convenience of user, the also network for following digital signature technology to rise Authorization technique, e-Bank payment technology etc..Wherein, large-scale popularization has been obtained in e-Bank payment technology, and certain Instead of paying in cash on field.Many kinds of, the common such as POS machine payment, Alipay payment of e-Bank payment.But Whether which kind of means of payment, technological core are digital signature (authorizations).In the following, just occur in the related technology one As e-Bank payment process be illustrated.
The early stage of development of e-Bank payment, the general safety for guaranteeing transaction using intelligent code key, that is, pass through intelligent cipher Key carries out certificate login and digital signature identification to customer transaction, guarantees the safety of transaction.Its workflow is as follows:
1, intelligent code key is inserted into computer by user, and opens the application program in computer;
2, application program accesses cipher key, prompts user to input PIN code (personal authentication code) on computer screen;
3, the personal authentication code that application program inputs user is sent to cipher key;
4, cipher key checks the PIN code that user inputs with the PIN code being pre-stored in cipher key, if consistent Think that user passes through verification, the termination process if inconsistent;
5, after the verification that the PIN code of user's input passes through cipher key, then user obtains permission, can permit active user Using the certificate and key stored in cipher key, and then start network bank business;
6, when user starts network bank business, application program by Transaction Information, (such as believe substantially by transaction amount, both parties Breath) it is sent to cipher key, cipher key signs to Transaction Information, and the Transaction Information for carrying digital signature is returned To application program, the Transaction Information for carrying digital signature is sent Internetbank platform, last Internetbank platform validation number by application program After word signature is legal, complete this time to trade according to the content of Transaction Information.
In general, cipher key is kept properly by user oneself, and only one, therefore the above method can be with The safety of guarantee customer transaction is that cannot be stolen using application program if other people do not have cipher key to a certain extent User resources.
But above method is also leaky, after user finishes transaction, may forget cipher key and computer/mobile phone etc. Equipment disconnects, at this moment if there are trojan horse program in these equipment, if these trojan horse programs can with the operation of analog subscriber, Operation application and cipher key realize other transaction, the fund in user account are transferred.
In order to solve the problems, such as to occur above the cipher key of the second generation, the cipher key of referred to as visual key type, this Kind cipher key has key and display screen, and when user transacts business, Transaction Information is issued cipher key by application program, At this moment cipher key does not calculate digital signature at once, but Transaction Information is shown on the display screen, waits user Key response, if user presses acknowledgement key, cipher key ability accounting calculates digital signature, digital signature is then returned to application Program.
As it can be seen that the cipher key of visual key type, the attack of trojan horse can be taken precautions against to a certain extent, but there is also Loophole.Although it is possible to prevente effectively from user is using the operational risk disconnected is forgotten after complete cipher key, in process of exchange In, trojan horse program still is possible to that Transaction Information can be changed, and such as shows on the screen of cipher key and confirms different from user Information, at this moment if user is half-hearted to check content shown by screen, after user presses confirmation key, trojan horse program The digital signature of illegal transaction can still be obtained.Especially when trojan horse program only modifies to a malapropism or symbol (such as " time " has been changed to " marquis "), the more difficult discovery mistake of user.
For this kind of situation, this application provides digital signature methods, as shown in Figure 1, including the following steps:
S101, intelligent terminal send the Transaction Information got in advance to signature apparatus;
S102, intelligent terminal calculate the fisrt feature information of Transaction Information using preset first digest algorithm, and show Fisrt feature information;
S103, signature terminal calculate the second feature information of Transaction Information using preset second digest algorithm, and show Second feature information;Wherein, the first digest algorithm is identical as the second digest algorithm;
S104 is digitally signed, to generate number of signature if signature terminal receives confirmation instruction according to Transaction Information According to;
S105, signature terminal send signed data to intelligent terminal.
In step S101, intelligent terminal refers to such as mobile phone, POS machine smart machine.Friendship accessed by intelligent terminal Easy information can be network-side (such as Internetbank center, other intelligent terminals) is sent to it, and be also possible to intelligent terminal according to net What content transmitted by network end was locally generated, the application is to the source of Transaction Information and without limitation.It is digitally signed Need of work is completed by signature terminal, thus, intelligent terminal needs to be supplied to friendship to signature terminal after getting Transaction Information Easy information, what is sent herein remains the plaintext of Transaction Information.
In step S102, the Transaction Information of plaintext other than being sent to signature terminal by intelligent terminal, it is also necessary to be calculated just In the information that user is checked, i.e. characteristic information.In view of the convenience of verification, algorithm as used herein should abstract Algorithm, i.e. intelligent terminal need to calculate the summary info of Transaction Information, and then are made using the whole of summary info, or a part For fisrt feature information.After generating fisrt feature information, signature terminal needs to show the fisrt feature information in intelligence On the display of energy terminal, so as to user's verification.
In step S103, signature terminal needs use digest algorithm identical with intelligent terminal to calculate second feature letter Breath, and the second feature information is shown on its display screen, so that user checks.
Since the characteristic of digest algorithm passes through digest algorithm even if hacker only has modified a small amount of content in Transaction Information Calculated abstract is also to have very big difference.In turn, (refer to that calculating is public the first digest algorithm is identical as the second digest algorithm Formula, calculating process are identical) in the case where, if intelligent terminal carries out the Transaction Information of digest calculations and signature terminal carries out The Transaction Information of digest calculations is different (resulting in the two Transaction Informations difference by hacker's modification), then the spy that the two finally obtains Reference breath is just very different, and user is very easy to find the difference of two characteristic informations.Wherein, the first digest algorithm and second is plucked Algorithm is wanted to be set in advance in intelligent terminal and signature terminal inner, as that there can be believable third party to complete digest algorithm Write-in.Since digest algorithm is non-reversible algorithm, i.e., calculating process, therefore its confidentiality cannot be derived by calculated result It is preferable.
It, should also be at intelligent end in addition to above-mentioned respectively in the display screen display characteristic information of intelligent terminal and signature terminal End, and/or signature terminal display screen display Transaction Information plaintext, in order to which user to checking in plain text, display is bright The mode of text belongs in digital signature procedure can not do excessive explanation by the way of herein.It should be noted that if main What is considered is the problem of reducing verification risk, in method provided herein, preferably in signature terminal and intelligent terminal Show the plaintext of Transaction Information;If primary concern is that the problem of reducing signature terminal complexity, provided herein In method, all plaintexts of Transaction Information are preferably shown by intelligent terminal, the main contents of Transaction Information are shown by signature terminal (such as transaction amount, remittance account and sender information), or signature terminal do not show any of the Transaction Information of plaintext Content.
After intelligent terminal and signature terminal respectively illustrate characteristic information, user can check the two characteristic informations It is whether identical, and instructed from user to signature terminal input validation.In step S104, signature terminal has received confirmation instruction Later, Transaction Information can be digitally signed in a general manner, and then generates signed data, terminal of signing later Signed data is sent to intelligent terminal, all tasks of signature terminal can be completed.Subsequent step summarizes, and intelligent terminal needs Signed data is sent to Internetbank center to check, if the signed data is very, Internetbank center can be according to Transaction Information In content transfer accounts.
The verification for replacing cleartext information using the verification of characteristic information can reduce workload (the feature letter of user's verification Quantity of the quantity of breath far fewer than cleartext information), also can be when two characteristic information differences, it is evident that sent out by user It is existing.
In order to improve characteristic information verification effect, the calculating process of characteristic information can also be advanced optimized, Due to intelligent terminal and signature terminal calculate characteristic information process be it is identical, herein only to intelligent terminal carry out characteristic information The process of calculating carries out refinement explanation.
That is, step S102, intelligent terminal calculates the fisrt feature information of Transaction Information using preset first digest algorithm, It can be made of following two steps:
11, intelligent terminal calculates the first summary info of Transaction Information using preset first digest algorithm;
12, intelligent terminal extracts characteristic, and the feature that will be extracted respectively from multiple positions of summary info Data form fisrt feature information.
It is, characteristic information is not the whole of summary info, and only a part of summary info, just can in this way Further decrease the workload of user's verification.Specifically, intelligent terminal can only believe transaction when calculating summary info Main information (such as remitter address, account and money transfer amount) in breath calculates, rather than to complete in Transaction Information Portion's information is calculated.The workload of user's verification can not only be reduced in this way, additionally it is possible to guarantee the relative fullness of information.
In step 12, such as calculated summary info has 100 bytes, then the characteristic extracted can be continuously 10-20 bytes;It is also possible to discrete the 10th, 20,30,40 ... waits byte on positions.
Further, step 12 can be made of following steps:
121, the byte of predetermined figure in the first summary info is obtained feature number to 10 modulus by intelligent terminal;
122, intelligent terminal byte corresponding to the feature number, the byte of predetermined quantity is sequentially extracted as special Levy data;
123, the characteristic that intelligent terminal will extract calculates fisrt feature information to 10 modulus.
Wherein, the byte in predetermined position can be manually set, such as first character section, the 25th byte.Such as calculate Feature number be 9, then in 122 steps, intelligent terminal sequence should extract predetermined quantity (such as 8- since the 9th byte 12) byte, as characteristic.Such mode continuously extracted can be avoided random extract and caused by low probability be overlapped Problem.
Step 123 later will extract obtained characteristic and calculate fisrt feature information to 10 modulus.Consider It is very few to calculated characteristic information digit, then the function of its verification can be reduced, digit is excessive, then will lead to user and need to spend The a large amount of time is compared, and therefore, in method provided herein, the total bit of fisrt feature information meets following want It asks: 6 < X < 10, wherein X is the total bit of fisrt feature information.
The process of above-mentioned calculating fisrt feature information is identical with the process of second feature information is calculated, herein no longer The Optimization Steps of second feature information are illustrated.
Verification in addition to using characteristic information replaces the verification of the Transaction Information of plaintext, in method provided herein, The function of veritification is also increased when user operates signature terminal.It is embodied in two aspects, first aspect It is signature terminal when generating key used in digital signature, needs to carry out the verifying of PIN code;Second aspect is signature Terminal needs to carry out PIN code verifying before executing digital signature.The two aspects play guarantee signature terminal not respectively Easily it can be tampered and use, and then ensure the transaction security of user.Wherein, key herein refers to cipher key pair Private key (is encrypted), and public key corresponding to the private key is can to export that (public key is usually destined to the authentication mechanisms such as CA, goes to make Make digital certificate), with mechanisms such as the host computer, the Internetbank centers that are supplied to needs.Under normal circumstances, private key is stored in signature dress It in the safety chip set, and can not be modified, private key can not be exported forever, and public key then can be exported arbitrarily.
Below pair in a first aspect, being illustrated to the process of key used when generating digital signature, this kind of situation Under, signature terminal is without input keyboard, and the approach that terminal of signing obtains PIN code can only be that intelligent terminal is sent to it , thus at this point, the process for carrying out key generation includes the following steps:
User's operation intelligent terminal initiates the request of resetting/generation key to signature terminal;
User's operation intelligent terminal inputs preset PIN code, i.e. the first PIN code;
Intelligent terminal obtains the first PIN code of user's input;
Intelligent terminal sends the first PIN code to signature terminal;
Whether signature the first PIN code of terminal authentication meets preset requirement;
If the first PIN code meets preset requirement, terminal of signing, which generates, is digitally signed key used.
There are two types of state when generating key, the first state is that key has been had existed in signature terminal, second It is that there are no there are keys in signature terminal.When the first state, when thering is new key to generate, then terminal of signing Original just existing key can be replaced using new key automatically, and generate new key, replacement in storage inside it The time of primary key, and old key existing for script is deleted;When second of state, it then be used directly newly-generated close Key is as the key being digitally signed in subsequent process.
Certainly, hacker may control signature terminal by the way of multiple trial and error, in order to guarantee the peace of signature terminal Entirely, it should be signature terminal and increases safety protecting mechanism, it may be assumed that
If receiving multiple first PIN codes in the predetermined time, and the first PIN code received in the predetermined time is not met Preset requirement then stops executing whether step signature the first PIN code of terminal authentication meets preset requirement.
That is, when receive multiple first PIN codes, and each PIN code it is different from local pre-stored PIN code when It waits, should just stop the function of PIN code verification.
Below to second aspect, i.e. signature terminal before executing digital signature, need to carry out the process of PIN code verifying into Row explanation.Likewise, signature terminal is without input keyboard, and terminal of signing obtains the approach of PIN code only in the case of this kind It can be that intelligent terminal is sent to it, thus at this point, the process for carrying out key generation includes the following steps:
Intelligent terminal obtains the second PIN code of user's input;
Intelligent terminal sends the second PIN code to signature terminal;
Whether signature the second PIN code of terminal authentication meets preset requirement;
If the second PIN code meets preset requirement, and terminal of signing receives confirmation instruction, then terminal of signing is believed according to transaction Breath is digitally signed.
Wherein, it after confirmation instruction is the confirmation key that user passes through in pressing signature terminal end surface, is generated by signature terminal 's.Cancel key it is, of course, also possible to be arranged on the surface of signature terminal, it is just automatic whole when user, which presses, cancels key Fluid stopping journey.
The case where termination process is predetermined time after terminal of signing shows second feature information there are also another kind In (such as 10 seconds), confirmation instruction is never received, then it will be understood that user has been moved off, should also be as terminating current stream at this time Journey.
Further, in method provided by the present application, step intelligent terminal fills the Transaction Information got in advance to signature The following two kinds concrete implementation mode can be had by setting transmission:
The first, intelligent terminal is connect by the bluetooth connection/radio frequency established in advance with signature terminal, to signature terminal hair Send Transaction Information;
Second, intelligent terminal sends Transaction Information to signature terminal by the contact contact being arranged in signature terminal.
Wherein, contact contact is arranged on the surface of signature terminal.And when intelligent terminal by bluetooth/radio frequency with After signature terminal is attached, signature apparatus is just automatically stopped through contact contact and extraneous progress data interaction.When intelligent end After end is attached by contact contact and signature terminal, signature apparatus, which is just automatically stopped, to be carried out by bluetooth/radio frequency with extraneous Data interaction.
Corresponding with digital signature method, the embodiment of the present application also provides digital signature systems, as shown in Fig. 2, packet Include: intelligent terminal and signature terminal, intelligent terminal include the first sending module, the first computing module and the first display module;Label Name terminal includes the second computing module, the second display module, signature blocks and the second sending module;
Sending module, for sending the Transaction Information got in advance to signature apparatus;
First computing module, for using preset first digest algorithm to calculate the fisrt feature information of Transaction Information;
First display module, for showing fisrt feature information;
Second computing module, for using preset second digest algorithm to calculate the second feature information of Transaction Information;Its In, the first digest algorithm is identical as the second digest algorithm;
Second display module, for showing second feature information;
Signature blocks, if confirmation instruction is received, for being digitally signed according to Transaction Information, to generate number of signature According to;
Second sending module, for sending signed data to intelligent terminal.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention. And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. digital signature method characterized by comprising
Intelligent terminal sends the Transaction Information got in advance to signature apparatus;
Intelligent terminal calculates the fisrt feature information of the Transaction Information using preset first digest algorithm, and shows described One characteristic information;
Signature terminal calculates the second feature information of the Transaction Information using preset second digest algorithm, and shows described the Two characteristic informations;Wherein, first digest algorithm is identical as second digest algorithm;
If signature terminal receives confirmation instruction, it is digitally signed according to the Transaction Information, to generate signed data;
Signature terminal sends the signed data to the intelligent terminal.
2. the method according to claim 1, wherein intelligent terminal described in step is calculated using preset first abstract The fisrt feature information that method calculates the Transaction Information includes:
Intelligent terminal calculates the first summary info of the Transaction Information using preset first digest algorithm;
Intelligent terminal extracts characteristic respectively from multiple positions of the summary info, and by the feature extracted Data form fisrt feature information.
3. according to the method described in claim 2, it is characterized in that, intelligent terminal described in step is from the multiple of the summary info Characteristic is extracted in position respectively, and includes: by the characteristic composition fisrt feature information extracted
The byte of predetermined figure in first summary info is obtained feature number to 10 modulus by intelligent terminal;
Intelligent terminal byte corresponding to the feature number, the byte of predetermined quantity is sequentially extracted as characteristic According to;
The characteristic extracted is calculated the fisrt feature information to 10 modulus by intelligent terminal.
4. according to the method described in claim 3, it is characterized in that, the total bit of the fisrt feature information meets following want It asks:
6 < X < 10, wherein X is the total bit of the fisrt feature information.
5. the method according to claim 1, wherein being counted in step signature terminal according to the Transaction Information Word signature, before generating signed data further include:
Intelligent terminal obtains the first PIN code of user's input;
Intelligent terminal sends first PIN code to signature terminal;
Whether the first PIN code described in signature terminal authentication meets preset requirement;
If first PIN code meets preset requirement, terminal of signing, which generates, carries out key used in the digital signature.
6. according to the method described in claim 5, it is characterized by further comprising:
If receiving multiple first PIN codes in the predetermined time, and the first PIN code received in the predetermined time is not met Preset requirement then stops executing whether the first PIN code described in step signature terminal authentication meets preset requirement.
7. terminal carries out number according to the Transaction Information the method according to claim 1, wherein step is signed Signature, before generating signed data, further includes:
Intelligent terminal obtains the second PIN code of user's input;
Intelligent terminal sends second PIN code to signature terminal;
Whether the second PIN code described in signature terminal authentication meets preset requirement;
If second PIN code meets preset requirement, and terminal of signing receives confirmation instruction, then terminal of signing is according to the friendship Easy information is digitally signed.
8. the method according to claim 1, wherein step intelligent terminal by the Transaction Information got in advance to Signature apparatus is sent
Intelligent terminal is connect by the bluetooth connection/radio frequency established in advance with signature terminal, sends the transaction to signature terminal Information;
Or, intelligent terminal sends the Transaction Information to signature terminal by the contact contact being arranged in the signature terminal.
9. the method according to claim 1, wherein further include:
If terminal of signing was shown in the predetermined time after the second feature information, the confirmation instruction is not received, then eventually Only current process.
10. digital signature system characterized by comprising intelligent terminal and signature terminal, the intelligent terminal include the first hair Send module, the first computing module and the first display module;The signature terminal include the second computing module, the second display module, Signature blocks and the second sending module;
Sending module, for sending the Transaction Information got in advance to signature apparatus;
First computing module, for calculating the fisrt feature information of the Transaction Information using preset first digest algorithm;
First display module, for showing the fisrt feature information;
Second computing module, for calculating the second feature information of the Transaction Information using preset second digest algorithm;Its In, first digest algorithm is identical as second digest algorithm;
Second display module, for showing the second feature information;
Signature blocks, if confirmation instruction is received, for being digitally signed according to the Transaction Information, to generate number of signature According to;
Second sending module, for sending the signed data to the intelligent terminal.
CN201610370198.1A 2016-05-27 2016-05-27 Digital signature method and system Active CN106059773B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610370198.1A CN106059773B (en) 2016-05-27 2016-05-27 Digital signature method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610370198.1A CN106059773B (en) 2016-05-27 2016-05-27 Digital signature method and system

Publications (2)

Publication Number Publication Date
CN106059773A CN106059773A (en) 2016-10-26
CN106059773B true CN106059773B (en) 2019-08-02

Family

ID=57172844

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610370198.1A Active CN106059773B (en) 2016-05-27 2016-05-27 Digital signature method and system

Country Status (1)

Country Link
CN (1) CN106059773B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051907A (en) * 2007-05-14 2007-10-10 北京握奇数据系统有限公司 Safety certifying method and its system for facing signature data
CN101247227A (en) * 2007-02-15 2008-08-20 李东声 Electric endorsement method and device
CN101562525A (en) * 2009-04-30 2009-10-21 北京飞天诚信科技有限公司 Method, device and system for signature
CN101588364A (en) * 2009-03-31 2009-11-25 北京飞天诚信科技有限公司 Signature method, device and system thereof
CN101820346A (en) * 2010-05-04 2010-09-01 北京飞天诚信科技有限公司 Secure digital signature method
CN102184353A (en) * 2011-04-02 2011-09-14 方园 Method for preventing online payment data from being intercepted
CN102651058A (en) * 2012-03-30 2012-08-29 恒宝股份有限公司 Method for realizing follow attack prevention in device with data sign determining function

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247227A (en) * 2007-02-15 2008-08-20 李东声 Electric endorsement method and device
CN101051907A (en) * 2007-05-14 2007-10-10 北京握奇数据系统有限公司 Safety certifying method and its system for facing signature data
CN101588364A (en) * 2009-03-31 2009-11-25 北京飞天诚信科技有限公司 Signature method, device and system thereof
CN101562525A (en) * 2009-04-30 2009-10-21 北京飞天诚信科技有限公司 Method, device and system for signature
CN101820346A (en) * 2010-05-04 2010-09-01 北京飞天诚信科技有限公司 Secure digital signature method
CN102184353A (en) * 2011-04-02 2011-09-14 方园 Method for preventing online payment data from being intercepted
CN102651058A (en) * 2012-03-30 2012-08-29 恒宝股份有限公司 Method for realizing follow attack prevention in device with data sign determining function

Also Published As

Publication number Publication date
CN106059773A (en) 2016-10-26

Similar Documents

Publication Publication Date Title
RU2679343C1 (en) Verification of contactless payment card for issuing payment certificate for mobile device
CN108027926B (en) Authentication system and method for service-based payment
CN105027153A (en) Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data
US20130185209A1 (en) Transaction-based one time password (otp) payment system
KR20210024669A (en) Cloud-based transactions methods and systems
US11017389B2 (en) Systems, methods and computer program products for OTP based authorization of electronic payment transactions
CN104883293B (en) Method for message interaction and relevant apparatus and communication system
CN106875177A (en) Order processing method, device and paying server
CN103400265A (en) Quick payment method and system based on position information
US11403633B2 (en) Method for sending digital information
CN102238193A (en) Data authentication method and system using same
CN103942897A (en) Method for money withdrawing without card on ATM
CN106411950A (en) Block-chain transaction ID based authentication method, device and system
CN104933565A (en) IC card transaction method and IC card transaction system
CN106548338A (en) The method and system of resource numerical value transfer
CN110084586B (en) Mobile terminal secure payment system and method
KR102333811B1 (en) System and method for processing card payment based on block-chain
CN104753940B (en) A kind of method to issue invoice, common invoice self-service terminal and server
CN111052671A (en) System for secure authentication of user identity in an electronic system for banking transactions
US11301840B1 (en) Systems and methods for provisioning point of sale terminals
KR101772358B1 (en) Method for Automatic Identifying Other Companies Application for Registration of Payment Means
US20210390546A1 (en) Systems and Methods for Secure Transaction Processing
CN106059773B (en) Digital signature method and system
US11410170B2 (en) Systems, methods and computer program products for securing OTPS
CN106961417A (en) Auth method based on ciphertext

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant