CN106452756A - Construction verification method and device capable of verifying security two-dimensional code offline - Google Patents

Abstract

Embodiments of the invention provide a construction verification method and device capable of verifying a security two-dimensional code offline. The method comprises the following steps of inputting information that needs coding and type information, carrying out digital signature operation and encryption operation on the input information according to an information release type, constructing combination information, and encoding to generate a security two-dimensional code which can be verified off-line according to a two-dimensional code coding rule; inputting the information of the security two-dimensional code and identifying included combination information and type information, analyzing and decoding the combination information to obtain independent sub-information according to the type information of the two-dimensional code, and verifying digital certificate effectiveness information, a digital signature of the input information and an effective time limit of the input information; and if all verifications pass, showing that the offline verification of the security two-dimensional code is correct and the coding information source of the security two-dimensional code is credible, otherwise showing that the information release source of the security two-dimensional code is incredible. The method and the device have the beneficial effects that the security two-dimensional code cannot be tampered, counterfeited and denied, the public or private information can be released, and the integrity of the information of the security two-dimensional code and the authenticity of the source can be verified offline without a network connection.

Description

Can off-line verification safe Quick Response Code construction verification method and device

Technical field

The present invention relates to information technology and safety verification field, more particularly to one kind can off-line verification safe Quick Response Code structures Make verification method and device.

Background technology

Quick Response Code is that the symbol corresponding with binary system with several is distributed to record according to certain rules on two dimensional surface The particular geometric figure of data message.Quick Response Code represents word numerical information using graphical symbol, and symbol represents technical elements Have been developed that multiple code systems, common are QR Code, Data Matrix, Maxi Code, PDF417 etc..Quick Response Code passes through Image input device or photoelectric scanning device are identified, and can be changed with process symbol size ratio, figure rotates, locally It is stained the automatic identification that the FAQs such as disappearance realize coding information, there is coding information capacity greatly, fault-tolerant error correcting capability is strong, translates Code reliability is high, and low manufacture cost, the features such as easy to use.With smart mobile phone, panel computer, internet, mobile network, thing The popularization of the technology such as networking, Quick Response Code is as a kind of information Store, transmission, identification and interaction technique, miscellaneous in electronic medium, newspaper Will, commodity packaging, warehouse logisticses, personal business card, traffic ticket, certificate document, moving advertising, social APP, net purchase transaction, net The various aspects such as silver-colored payment, mobile payment are widely used.Traditional internet is with IP address or domain address for accessing Entrance, but tediously long textual number information is difficult to remember and inputs, and easily leads to not because of input error access or mistake is visited The problems such as ask.Quick Response Code coding information capacity is big, and the Various types of data information such as word, picture, sound can be encoded, and wherein should Include text TXT type, network address URI type etc. with widest.The applications such as various information storage identification interaction are mainly all bases In both type of codings, especially Internet resources unified positioning URI has become the critical network entrance medium in mobile interchange epoch, Substantial amounts of commercial podium, social software, website of bank, mobile-payment system etc. both provide the Quick Response Code entrance of oneself.These Quick Response Code can easily be published on newspaper, magazine, TV, subway, public transport etc. advertising area, and user need not remember and input net Location information, it is only necessary to scan, with smart mobile phone, the address that Quick Response Code can enter URI sensing, accesses related web site platform or execution The payment transaction specified.

Quick Response Code makes simply, and any entity or individual can make and distinguish 2 D code information.Simply easy having While using advantage, security also becomes a major obstacle of Quick Response Code popularization and application.With Malware and virus link Quick Response Code often disguise oneself as present, discount, preferential etc. promote Quick Response Code, people are difficult to true and false.If scan these by mistake Quick Response Code, may result in download trojan horse program etc., serious harm custom system safety, userspersonal information may be led to let out Dew and economic loss.For example its network address is fabricated to Quick Response Code counterfeit bank online transaction website, Yong Huru by some swindle websites Fruit is scanned this Quick Response Code by mistake and logs in fake site, is likely to result in account No. and password is revealed.The download of some Trojan software Network address is made into Quick Response Code and palms off into Presenting gifts preferential grade link, if scanning download may lead to user privacy information by mistake Reveal, and custom system is brought safely with very big hidden danger.With the popularization and application of Quick Response Code, its security also causes people more next More concerns.Whether the issue source of Quick Response Code is authoritative credible, is the maximum doubt to barcode scanning security for the people.Quick Response Code is Plain code encodes although having the redundant check of information fault tolerance, but the easily modified forgery of information, issue the comparison originated and be stranded Difficult.Current verification method includes two classes：One is the application system using similar barcode scanning bodyguard, and scanning recognition goes out 2 D code information Afterwards, by the private server of network connection application system, Quick Response Code website information is carried out with data-base recording in server Retrieval compares：As retrieved coupling record in system database, can provide this Quick Response Code source according to the attribute of record is No safety；Without the record of coupling, then security cannot judge.Another kind of, it is that 2 D code information is encrypted, lead to Cross the special server of network connection, read authentication information therein, compare with encryption information in Quick Response Code and verified； Such application is closed system, and encryption key message is stored in private server, and 2 D code information can only be by internal proprietary system System input deciphering is it is impossible to voluntarily being read by public users and verifying source.

There is following subject matter in existing two-dimension code safe verification method：Need to carry out by network attached server Checking, there is no a network connection or inconvenience carry out network connection in the environment of cannot verify；Checking based on network address retrieval contrast Method, is able to validate only the information of the Quick Response Code that scanning validation is crossed, and newly-generated 2 D code information needs to be initially charged database Middle just can be verified.

In order to solve existing two-dimension code safe validation problem, the present invention propose a kind of can off-line verification safe Quick Response Code Construction verification method and device, get final product the issue source of off-line verification Quick Response Code, the application that can trust safely without network connection 2 D code information.

The symmetric key cryptosystem used in the present invention and asymmetric public key cryptographic system, its basic principles can With with reference to following discloses document：

[1] Christof Paar and Jan Pelzl. explains the profound in simple terms cryptography-conventional encryption technology principle and application. Publishing house of Tsing-Hua University, 2015

[2] Tom St Denis and Simon Johnson. programmer's cryptography. China Machine Press, 2007

Wherein, document [1] relates generally to symmetric key and the principle of asymmetric public key cryptographic system, and document [2] relates generally to Symmetric key and asymmetric public key algorithm are realized.

Content of the invention

In view of this, embodiments provide one kind and can construct verification method and device by off-line verification Quick Response Code, Without under the universal suitable environment of network connection, you can the issue source of checking Quick Response Code, with safe and reliable use Quick Response Code. Construct the Quick Response Code of verification method, referred to as safe Quick Response Code using the present invention；According to coding information can be read by the public or Only read for specific user and can be divided into public information, private information and mixed information type, be referred to as public information peace Full Quick Response Code, the safe Quick Response Code of private information and the safe Quick Response Code of mixed information.

Embodiment of the present invention first aspect provides one kind can construct verification method, methods described by the safe Quick Response Code of off-line verification Including：

Information and type information that input need to encode；

It is digitally signed computing, cryptographic calculation to needing coding information；

With input information, encryption information, digital signature, digital certificate and its validity information structuring combined information；

Combined information is carried out with Quick Response Code coding, generates safe Quick Response Code；

Input safe 2 D code information, the combined information including by the identification of Quick Response Code coding rule；

Analysis deciphering combined information, obtains input information, digital signature, digital certificate and its validity information；

The validity of checking digital certificate, and with digital certificate authentication input information and digital signature；

The result judges and information output prompting.

In the first possible implementation of embodiment of the present invention first aspect, described need coding information and type information bag Include but be not limited to：

Need coding information to be essential information, arbitrarily several in extension information, target information, multidate information；

Wherein, essential information is not with arbitrarily several in the title of single application change, address, domain-name information；Target information For arbitrarily several in target network address, publicity information；Multidate information be changed according to single application the generation time, effective when Between, arbitrarily several in Transaction Information, application parameter information；Extension information is passport NO., any in contact information Several；Type information is public information, private information, any one in mixed information.

In the first possible implementation of embodiment of the present invention first aspect, described combined information includes but is not limited to：

Input information, encryption information, digital signature, digital certificate and its validity information；

Wherein, input information is the information of need coding and the type information of input；Encryption information be with the public key of specific user or Its symmetric key of specifying of person, can be to input information to the ciphertext needing after coding information encryption and AES parameter information Or whole combined information is encrypted computing；Digital signature is to need coding information to carry out computing of signing with publisher's private key pair As a result, it is possible to computing is digitally signed to input information or whole combined information；Digital certificate is to sign and issue mechanism by key Publisher's identity of digital signature identification and public key certificate；Digital certificate validity information is to sign and issue mechanism's root certificate through key to refer to The digital certificate current state information of fixed validation verification authority signature certification；

In the first possible implementation of embodiment of the present invention first aspect, the tectonic association of described combined information and analytic solution Structure method includes but is not limited to：

Preserve the information such as safe Quick Response Code mark, type, combination, compress mode in combined information head；

When the information needing coding is the public information being available for any user's reading：By input information, digital signature, numeral card Book and its validity information connect and compose combined information by list separator；Type according to combined information head and group during destructing Combined information is decomposed into each independent information by list separator by conjunction mode information.

In the first possible implementation of embodiment of the present invention first aspect, described Quick Response Code code identification and information are defeated Enter output intent to include but is not limited to：

Using any one code recognition method in QR Code, Data Matrix, Maxi Code, PDF417；Using difference Size rank code system and multi-code form represent；A safe Quick Response Code mark figure can be embedded in the two-dimension code pattern generating Shape；Bluetooth RF wireless information transfer side is adopted during using the transmission of optical imagery scanning information and optical imagery condition deficiency Method.

In the first possible implementation of embodiment of the present invention first aspect, described checking and the result judge information Output intent is：

Sign and issue the root certificate checking digital certificate information of mechanism and its certificate validity certifying organization specifying with digital certificate, and Verify input information and digital signature with digital certificate information；Verification method preferably uses off-line verification mode, it is possible to use The mode of the validation verification mechanism checking specified；Digital certificate, input information and digital signature all verify correct, then safety Quick Response Code checking is correct, and coding information source is credible, and otherwise its information issue source is insincere；Correct two-dimentional safely to verifying Code, code displaying information and Quick Response Code distributor information are it is allowed to carry out the application operating related to this Quick Response Code；Otherwise point out this Quick Response Code issues insincere, the refusal application operating related to this Quick Response Code of originating.

In the possible implementation of embodiment of the present invention first aspect second, described digital signature, signature verification, numeral Used by certificate, cryptographic system includes but is not limited to：

Digital signature, signature verification, digital certificate use asymmetric public key cryptographic system, using ECC elliptic curve cipher system, Any one in DSA cryptographic system, rsa cryptosystem system；

In the possible implementation of embodiment of the present invention first aspect second, described information encryption, information decryption method include But it is not limited to：

Information encryption, information deciphering use symmetric key cryptosystem and asymmetric public key cryptographic system, using AES, 3DES, Arbitrarily several in RC4, IDEA, ECC, RSA, ECDH；The symmetric key specified with specific user or its public key and private key pair need Encryption information encrypts and decrypts computing, or with the first symmetric key that is being produced by client public key or randomly generating to need Encryption information encrypts and decrypts computing, and used by the symmetric key specified with specific user or its public key and private key pair One symmetric key encrypts and decrypts computing.

In the third possible implementation of embodiment of the present invention first aspect, the tectonic association of described combined information and point Analysis destructing method includes but is not limited to：

Preserve the information such as safe Quick Response Code mark, type, combination, compress mode in combined information head；

When the information needing coding is the private information only being read by specific user：By the cipher-text information of input information, numeral Signature, digital certificate and its validity information connect and compose combined information by list separator；According to combined information head during destructing The type in portion and combination information, first pass through list separator and combined information are decomposed into each independent information, further according to ciphertext AES parameter in information is decrypted computing to cipher-text information and obtains original input information；Can also be first by input letter Breath, digital signature, digital certificate and its validity information are connected by list separator, then are encrypted fortune to the information after connecting Calculate, using encryption information as combined information；During destructing, the type according to combined information head and combination information, first pass through close AES parameter information in civilian information is decrypted computing to encryption information, further according to list separator by decipher after combination Information decomposition is each independent information.

In the 4th kind of possible implementation of embodiment of the present invention first aspect, the tectonic association of described combined information and point Analysis destructing method includes but is not limited to：

Preserve the information such as safe Quick Response Code mark, type, combination, compress mode in combined information head；

When the information needing coding is the mixed information that can be read by catergories of user：In public information or private information process side On the basis of method, extension information is carried out with independent encrypted signature and checking decryption processing；Outside extension information and extension information Other information can be read by different classes of user respectively.

In the 5th kind of possible implementation of embodiment of the present invention first aspect, the tectonic association of described combined information and point Analysis destructing method includes but is not limited to：

Preserve the information such as safe Quick Response Code mark, type, combination, compress mode in combined information head；

For dedicated system, digital certificate can be cached in the digital certificate store area of checking device, can save in combined information Slightly digital certificate information or only retention figures certificate hash value information；If not using off-line verification mode, digital certificate has Effect property information can be omitted or only retention figures certificate hash value information.

To the information comprising multibyte character, can be with the Unicode coding using UTF-8 or UTF-16 form；

After combined information construction complete, then combined information is compressed with computing or Base64 coding；First to pressure during destructing The combined information of contracting carries out decompression operation or Base64 decoding, then deconstructs by a combination thereof mode；

Embodiment of the present invention second aspect provides one kind can verify device by off-line verification Quick Response Code construction, and described device includes：

Information input unit, needs coding information and type information for input；

Information memory cell, for storing input information and operation result information；

Secure information storage unit, stores private key information for safety；

Certificate store, for digital certificate and its validity information；

Root certificate memory cell, signs and issues mechanism and its root certificate of specified validity certifying organization for storing key；

Digital signature and information cryptographic calculation unit, for calculating digital signature, updating digital certificate validity information and information Encryption；

Combined information construction and Quick Response Code encoding operation unit, for tectonic association information and carry out Quick Response Code encoding operation；

Image display information output unit, for display and output safety 2 D code information；

Image scanning information input unit, for scanning and inputting safe 2 D code information；

Quick Response Code identification and combined information analysis destructing arithmetic element, are carried out for Quick Response Code code identification and to combined information point Analysis destructing computing；

Digital signature authentication and information decrypting unit, for the numeral label of information deciphering and digital certificate validity and input information Name checking；

Result output information Tip element, for the output of safe Quick Response Code the result and information alert.

In the first possible implementation of embodiment of the present invention second aspect, described arithmetic element, signature unit, test Card unit calculation function be:

Computing described in first aspect present invention safe Quick Response Code construction verification method.

In the first possible implementation of embodiment of the present invention second aspect, described arithmetic element, signature unit, checking The building method of unit, memory cell and secure storage unit includes but is not limited to：

Arbitrarily several in general-use storage and arithmetic unit, dsp chip, fpga chip, CPLD chip, asic chip.

As shown in the above, the invention has the advantages that：

Embodiments provide one kind and can construct verification method and device by the safe Quick Response Code of off-line verification, without network even Under the universal suitable environment connecing, you can the issue source of checking Quick Response Code, with safe and reliable use Quick Response Code.Using the present invention The safe Quick Response Code of construction verification method and device has advantages below：

1st, safe Quick Response Code coding information cannot distort, forges, deny；

To safe Quick Response Code coding information any modification all can not by security verification it is ensured that coding information complete Whole property and uniformity.Third party cannot generate safe Quick Response Code by spurious information issue source, and publisher also cannot deny safety simultaneously The true issue source of Quick Response Code.

2nd, safe Quick Response Code can its security of off-line verification；

Connection network is not needed to get final product the true of information integrity, uniformity and the information source of the safe Quick Response Code of off-line verification Property.Can also safety applications in the environment of there is no network or being not easy to online.

3rd, safe Quick Response Code can be issued the public information being read by the public and can also issue the private read by specific user Confidential information；

According to application needs, safe Quick Response Code can issue the safe Quick Response Code of the public information being read by the public can also issue by Private information and the safe Quick Response Code of mixed information that specific one or more user reads, and can be with its safety of off-line verification Property.The safe Quick Response Code of private information, on the basis of above security, also has non-reproduction simultaneously, and it can only be by publisher The specific user that specifies accesses checking, other third parties cannot reading of content or as application authority, replicate clone's private information Safe Quick Response Code does not have practical significance.

Brief description

Fig. 1 is the flow chart that the present invention constructs verification method；

Fig. 2 is the structure chart of present invention construction checking device；

Fig. 3 is the safe Quick Response Code of public information that the embodiment of the present invention 1 generates；

Fig. 4 is the safe Quick Response Code of public information that the embodiment of the present invention 2 generates；

Fig. 5 is the safe Quick Response Code of public information that the embodiment of the present invention 3 generates；

Fig. 6 is the safe Quick Response Code of private information that the embodiment of the present invention 4 generates；

Fig. 7 is the safe Quick Response Code of private information that the embodiment of the present invention 5 generates；

Fig. 8 is the safe Quick Response Code of mixed information that the embodiment of the present invention 6 generates；

Specific embodiment

Verification method and device can be constructed, as Fig. 1 and Fig. 2 institute by the safe Quick Response Code of off-line verification disclosed in the embodiment of the present invention Show.

Implementation steps are as follows：

1st, input needs information and the type information of coding

Need coding information can include any combination in essential information, extension information, target information and multidate information.Basic letter Breath is generally the fix informations such as the network address of publisher, title.Multidate information is according to the generation that needs of concrete application, such as information life The information such as one-tenth time, period of validity, transaction number, dealing money, application parameter.Target information can include the network address, literary composition The information of the types such as this information.Extension information is passport NO., arbitrarily several in contact information；Type information is open Any one in information, private information, mixed information.

This function is made up of the information input unit in apparatus of the present invention and information memory cell.

2nd, to needing coding information to be digitally signed computing, cryptographic calculation

Digital signature computing uses the asymmetric public key such as ECC elliptic curve cipher system, DSA cryptographic system, rsa cryptosystem system close Code system.Asymmetric key cipher system is verified and encrypting and decrypting fortune to being digitally signed using public key and private key a pair of secret keys Calculate；Private key is preserved by key owners, and only owner can access；Public key is published using public medium, can be by the public Freely obtain；General by key sign and issue itself root certificate of mechanism by after public key and the Information Signature such as owner and label originator with Digital certificate form is issued；Public key and digital certificate are used for encryption and signature verification computing, and private key is used for deciphering and digital signature Computing.In Applied Digital certificate, the current state of digital certificate need to be checked whether effective；Can be by certificate issuance mechanism root certificate The certifying organization's inspection certificate validity specified, and generate the certificate status validity information within the setting time time limit；Application During digital certificate, should check whether validity information exceeds its setting time time limit, such as exceed time limit, then by certificate label Send out certifying organization's renewal certificate validity information that mechanism specifies.

Digital signature computing includes two steps：（1）The hash function commonly used using MD5, SHA1, SHA256 etc., is calculated Need the hashed value of coding information, form the finger print data needing coding information；（2）Finger print data with the private key pair information of publisher Carry out computing of signing.

Under equal Cipher Strength, ellipse curve public key cipher system has shorter key length and faster computing speed Degree, the inventive method preferably uses ECC elliptic curve cipher system and is digitally signed computing.The inventive method can be only to defeated Enter information and be digitally signed computing it is also possible to computing is digitally signed to whole combined informations.

Information cryptographic calculation uses the symmetric key cryptosystem such as AES, 3DES, RC4, IDEA or ECC, RSA etc. non-right Common key cryptosystem and ECDH, ECIES etc. is claimed to combine the cipher mode of symmetric cryptography and asymmetric cryptography.Strong in equal password In the case of degree, present invention preferably uses AES symmetric encryption method and ECC asymmet-ric encryption method.

The present invention, in the safe Quick Response Code of private information that construction is read by specific user, is encrypted to needing coding information Computing；The construction safe Quick Response Code of public information does not need to carry out information cryptographic calculation.When specific user does not have key to sign and issue mechanism During the unsymmetrical key pair signed and issued, it is encrypted using symmetric key algorithm；Sign and issue when specific user has key and signs and issues mechanism Unsymmetrical key pair when, from symmetric key, unsymmetrical key and symmetrical and asymmetric cryptography encryption side can be combined Method.The inventive method only can be encrypted computing it is also possible to be encrypted computing to whole combined informations to input information.

The present invention can adopt following two cipher modes：（1）The symmetric key specified with specific user or its public key pair Encryption information is needed to be encrypted computing；(2) with the first symmetric key generating that generated by client public key or random to needing to encrypt Information is encrypted, and the symmetric key specified with specific user or its public key are encrypted to the first symmetric key used. During using cipher mode (2), the private information Quick Response Code being read by one or more specified users can be generated, AES is joined Several inner preserve the symmetric key specified with each specific user or ciphertext that its public key is encrypted to the first symmetric key；Work as structure When the safe Quick Response Code of private information made only need to be read by a specific user, can arbitrarily select one of two kinds of cipher modes.

This function is by the digital signature in apparatus of the present invention and information cryptographic calculation unit, secure information storage unit, letter Breath input block, information memory cell are constituted.

3rd, input information, encryption information, digital signature, digital certificate and its validity information structuring combined information are used

Combined information includes step 1, the input information described in 2, encryption information, digital signature, digital certificate and its validity Information；According to the two-dimentional code type that need are issued be public information or private information Quick Response Code adopts various combination mode；In combination Information header preserves the information such as safe Quick Response Code mark, type, combination, compress mode.

When the information needing coding is the public information being available for any user's reading：By input information, digital signature, number Word certificate and its validity information connect and compose combined information by list separator.

When the information needing coding is the private information only being read by specific user：By the encryption information of input information, Digital signature, digital certificate and its validity information connect and compose combined information by list separator；Or first by input information, Digital signature, digital certificate and its validity information are connected by list separator, then are encrypted computing to the information after connecting, Using encryption information as combined information；

When the information needing coding is the mixed information that can be read by catergories of user：In public information or private information process side On the basis of method, independent signature and cryptographic calculation are carried out to extension information；Other letters outside extension information and extension information Breath can be read by different classes of user respectively.

After combined information construction complete, combined information can be compressed with computing or Base64 coding again；

This function is by the combined information construction operation unit in apparatus of the present invention, information memory cell, certificate store Constitute.

4th, combined information is carried out with Quick Response Code coding, generates safe Quick Response Code.

Using QR Code, Data Matrix, the conventional two dimension code encoding method such as Maxi Code, PDF417, using difference Size rank code system or multi-code form encode to combined information, and generation can the safe Quick Response Code of off-line verification.The two dimension generating A safe Quick Response Code can be embedded in code figure and identify figure.

This function is shown by the Quick Response Code encoding operation unit in apparatus of the present invention, information memory cell, image, information is defeated Go out unit to constitute.

5th, input safe 2 D code information, the combined information including by the identification of Quick Response Code coding rule

The safe Quick Response Code of public information can be read by any user, obtains disclosed combination letter by the identification of Quick Response Code coding rule Breath;The safe Quick Response Code of private information can only read the combined information after identification is encrypted by specified user.Safe Quick Response Code Input information transfer can be carried out using optical imagery scan mode；Bluetooth can also be adopted when optical imagery condition is not enough The information transferring methods such as wireless radiofrequency.

This function is by the picture sweep unit in apparatus of the present invention, information input unit, Quick Response Code identification arithmetic element, letter Breath memory cell is constituted.

6th, analysis deciphering combined information, obtains input information, digital signature, digital certificate and its validity information

According to information such as the two-dimentional code type of combined information head, compression combinations：

If combined information is compression or Base64 encoded infonnation, then it is original for first passing through decompression or Base64 decoded back Combined information；

As for the safe Quick Response Code of public information, during destructing, combined information is decomposed into by each independent information according to list separator；

As for the safe Quick Response Code of private information and only encrypted to input information, during destructing first according to list separator by combined information Be decomposed into each independent information, further according to the AES parameter in cipher-text information, with specific user's private key or its specify Symmetric key is decrypted computing to cipher-text information and obtains original input information；

Encrypt as the safe Quick Response Code of private information and to complete combination information, first according to the encryption in cipher-text information during destructing Algorithm parameter is decrypted computing to encryption information, then it is independent by list separator, the combined information after deciphering to be decomposed into each Information.

As for the safe Quick Response Code of mixed information, on the basis of public information or the safe Quick Response Code of private information, specific use Family can individually be decrypted and signature verification to extension information；Other users can not decipher extension information；

This function is by the combined information analysis destructing arithmetic element in apparatus of the present invention, information deciphering arithmetic element, information input Unit, information memory cell, certificate store are constituted.

7th, verify the validity of digital certificate, and with digital certificate authentication input information and digital signature

Sign and issue root certificate checking publisher's digital certificate of mechanism and its certificate validity certifying organization specifying with digital certificate Validity information, and verify input information and digital signature with digital certificate information.

According to the fingerprint algorithm parameter in digital certificate validity information, digital certificate is calculated by same hashing algorithm Finger print data, and compare with the finger print data in validity information, judge whether consistent；According to digital certificate validity information In signature algorithm parameter, using hashing algorithm therein calculate validity information hashed value, using signature algorithm therein Verify its signature with the root certificate of certificate validity certifying organization；According to the time limit of digital certificate validity information, judge Whether the generation time in input multidate information is located within generation time and the expired time of validity information；Above inspection is complete Portion passes through, then digital certificate is valid certificate.

According to the hash in digital signature and signature algorithm parameter information, calculate the hash data of input information, and use number The signing messages of word certification authentication hash data；If comprising the digital signature of complete combination information, calculate combined information Hash data, and the signing messages with digital certificate authentication hash data；If comprising domain name restriction etc. in digital certificate to use Limit, in checking target information, whether domain name is consistent；Verify that digital certificate owner's title with title in input essential information is No consistent；Whether checking current date is located between generation time and the expired time of input multidate information；Above checking is all Pass through, then input information data is complete, issue source consistent with digital certificate.

This function is single by the digital signature authentication arithmetic element in apparatus of the present invention, information memory cell, root certificate storage Unit, certificate store are constituted.

8th, the result judges and information output prompting

Digital certificate, input information and digital signature are all verified correctly, then safe Quick Response Code checking is correct, and coding information is originated Credible, otherwise its information issue source is insincere；To checking correctly safe Quick Response Code, code displaying information and Quick Response Code are issued Person's information is it is allowed to carry out the application operating related to this Quick Response Code；Otherwise point out this Quick Response Code issue source insincere, refusal with The related application operating of this Quick Response Code.

This function is made up of the result output information Tip element in apparatus of the present invention, information memory cell.

With reference to embodiment, the present invention is specifically described.

It is number of examples that key described in embodiment signs and issues the title of center, publisher, specific user etc., key, certificate etc. According to.For illustrating implementation steps, private key information is also listed in an embodiment；Private key information is stored in actual applications Secure storage section, only owner can access oneself.Consider the key length under equal Cipher Strength and arithmetic speed, real Apply and in example, preferably use ECC asymmetric cryptography system and AES symmetric cryptosystem；ECC adopts the prime field 256 that NIST recommends Standard ellipse password curve；Remaining asymmetric public key cryptographic system and symmetric key cryptosystem application mode are similar, only Corresponding signature verification and encrypting and decrypting computing need to simply be replaced, no longer repeat one by one in embodiment.

Embodiment 1：

ABC Bank, to its Web bank entry address, generates the safe Quick Response Code of public information that can be read by public user, uses Family can safe barcode scanning access bank system of web.

Specific implementation step is as follows：

1st, input need to encode information and type information

Coding information is needed to include essential information, target information, multidate information.Essential information is：Base:{Name:ABC Bank }, Target information is：OBJ:{URI:https://www.abc.com }, multidate information is：DYN:{Created:2016-1-1 12: 00:00|Expired:2026-1-1 12:00:00}.Type information is the safe Quick Response Code of public information.

Input information is connected with vertical line and bracket symbol, as shown in table 1.

Table 1 embodiment 1 needs coding information

[OBJ:{URI:https://www.abc.com}Base:{Name:ABC Bank}DYN:{Created:2016-1-1 12:00:00|Expired:2026-1-1 12:00:00}]

2nd, to needing coding information to be digitally signed computing, cryptographic calculation

Using SHA256 hashing algorithm, computational chart 1 needs the hashed value of coding information to be：

sha256: 9f2a8e9ace06537bb1521f5c26e686ac3d9a45ed78fa4dfdb8e8c633141e3734

The private key of publisher ABC Bank is：

prime256v1:3174fc59e7c3d5f41fa861448d921f098df1a3bf78838c72dd498375de605d1a

Using ECDSA signature algorithm, it is digitally signed computing with publisher's private key pair hashed value, and signature result is entered Row Base64 encodes, and the digital signature obtaining text formatting is as shown in table 2.

Table 2 embodiment 1 needs the digital signature of coding information

sha256ECDSA:MEUCIEJ4tglE7uvBReg6bWdr1RTAM9BG2gLaduINnDsGX3M4AiEAtXiTSRKc+ aKcyJFB8zED44VzDiBOIpVKyK0soGjPZ5A=

The Quick Response Code of the present embodiment construction is the safe Quick Response Code of public information, is not encrypted computing.

3rd, input information, encryption information, digital signature, digital certificate and its validity information structuring combined information are used

The digital certificate of publisher ABC Bank is as shown in table 3.

Table 3 embodiment 1 publisher's digital certificate

CERT:{MIIBnDCCAUMCAQowCQYHKoZIzj0EATBLMQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2h hbmdoYWkxEjAQBgNVBAoMCVJpZGdlIEluYzEVMBMGA1UEAwwMUmlkZ2UgU1FSIENBMB4XDTE1MDEw MTEyMjcwOFoXDTI0MTIyOTEyMjcwOFowazELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpM REwDwYDVQQKDAhBQkMgQmFuazETMBEGA1UECwwKU1FSIEJ1cmVhdTEhMB8GA1UEAwwYQUJDIEJhbm sgU1FSIENlcnRpZmljYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEg1eLbRe1jnm3dBCMK3H +X5If3smKAQBbzFfjpKqhCNxO5mNQwL0FJ5SGlrvAgs6F2mNFw2OLzCVYWnkbDjg7AzAJBgcqhkjO PQQBA0gAMEUCIQDaG6gz9QMpXgaJ32AYqCW+l6sZhGTOCqH+h8PUWkmzHgIgCb+ni4YLVGQGGHx3Y uLG//S+Qbgk1PTM9rdoZC0WSHY= }

Digital certificate validity information is as shown in table 4.

Table 4 embodiment 1 publisher's digital certificate validity information

VALID:{[fingerprint:sha1:4206bb0d3b52ecf1810729a5671e031544530588|Status: V|Issue:/C=CN/O=Ridge Inc/OU=SQR CA OCSP/CN=Ridge Inc SQR CA OCSP|url: https://ocsp.ridgeca.com|Created:2016-1-1 00:00|Expired:2016-1-15 00:00] sha256ECDSA:MEUCIQDna4d8UCzwdRsAOMLRNfw332bfodiQ6gFMPP+6/ PYAMAIgbWzfEtARWlxFp4s2427Z9OhCCwefUryCXc98ZGX+Wfk=}

Safe Quick Response Code mark, type, combination, compress mode information are：

SQR.P0100

Wherein, SQR is safe Quick Response Code mark, and P represents public information Quick Response Code, and 01 is compression combination, and 00 is standby letter Breath position.

Connect information above with vertical line and bracket, constitute combined information as shown in table 5.

Table 5 embodiment 1 combined information

SQR.P0100{[OBJ:{URI:https://www.abc.com}Base:{Name:ABC Bank}DYN:{Created: 2016-1-1 12:00:00|Expired:2026-1-1 12:00:00}]sha256ECDSA: MEUCIEJ4tglE7uvBReg6bWdr1RTAM9BG2gLaduINnDsGX3M4AiEAtXiTSRKc+ aKcyJFB8zED44VzDiBOIpVKyK0soGjPZ5A=}CERT: {MIIBnDCCAUMCAQowCQYHKoZIzj0EATBLMQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hhbmdoYWkx EjAQBgNVBAoMCVJpZGdlIEluYzEVMBMGA1UEAwwMUmlkZ2UgU1FSIENBMB4XDTE1MDEwMTEyMjcwO FoXDTI0MTIyOTEyMjcwOFowazELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMREwDwYDVQ QKDAhBQkMgQmFuazETMBEGA1UECwwKU1FSIEJ1cmVhdTEhMB8GA1UEAwwYQUJDIEJhbmsgU1FSIEN lcnRpZmljYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEg1eLbRe1jnm3dBCMK3H+ X5If3smKAQBbzFfjpKqhCNxO5mNQwL0FJ5SGlrvAgs6F2mNFw2OLzCVYWnkbDjg7AzAJBgcqhkjOP QQBA0gAMEUCIQDaG6gz9QMpXgaJ32AYqCW+l6sZhGTOCqH+h8PUWkmzHgIgCb+ ni4YLVGQGGHx3YuLG//S+Qbgk1PTM9rdoZC0WSHY=}VALID:{[fingerprint:sha1: 4206bb0d3b52ecf1810729a5671e031544530588|Status:V|Issue:/C=CN/O=Ridge Inc/OU= SQR CA OCSP/CN=Ridge Inc SQR CA OCSP|url:https://ocsp.ridgeca.com|Created: 2016-1-1 00:00|Expired:2016-1-15 00:00]sha256ECDSA: MEUCIQDna4d8UCzwdRsAOMLRNfw332bfodiQ6gFMPP+6/ PYAMAIgbWzfEtARWlxFp4s2427Z9OhCCwefUryCXc98ZGX+Wfk=}

4th, combined information is carried out with Quick Response Code coding, generates safe Quick Response Code

Using QR coded format, combined information is carried out with Quick Response Code coding, form two-dimension code pattern.As shown in Figure 3.Two generating A safe Quick Response Code can be embedded in dimension code figure and identify figure；In Quick Response Code, whether embedded mark figure does not affect safety two The checking of dimension code and security.

5th, input safe 2 D code information, the combined information including by the identification of Quick Response Code coding rule

Scan safe Quick Response Code as shown in Figure 3, be decoded according to QR coding rule, obtain combined information as shown in table 5.

6th, analysis deciphering combined information, obtains input information, digital signature, digital certificate and its validity information

According to information such as combined information head two dimension code type, combinations, by bound symbols such as vertical line and brackets, to combination Information is analyzed deconstructing, and obtains input information as shown in table 1- table 4, digital signature, digital certificate and its validity information.

This embodiment is public information Quick Response Code it is not necessary to decipher computing.

7th, verify the validity of digital certificate, and with digital certificate authentication input information and digital signature

Digital certificate signs and issues the root certificate of mechanism and its certificate validity certifying organization specifying as shown in table 6, table 7.Table 6, table 7 Shown root certificate is stored in the trusted root certificate store domain of checking device.

Table 6 digital certificate signs and issues the root certificate of mechanism

-----BEGIN TRUSTED CERTIFICATE-----

MIIBfDCCASMCAQAwCQYHKoZIzj0EATBLMQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hhbmdoY WkxEjAQBgNVBAoMCVJpZGdlIEluYzEVMBMGA1UEAwwMUmlkZ2UgU1FSIENBMB4XDTE1MDEwMTEyMT AyMloXDTI0MTIyOTEyMTAyMlowSzELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMRIwEAY DVQQKDAlSaWRnZSBJbmMxFTATBgNVBAMMDFJpZGdlIFNRUiBDQTBZMBMGByqGSM49AgEGCCqGSM49 AwEHA0IABN1iZNfBidKkAm//Y1q1kOIYC6clWqCjUC3STrxZFXePW0pLx/ ObPMJGJMs2etwZIpgqvn7lPdGFZJqlaLboQw8wCQYHKoZIzj0EAQNIADBFAiBNVxIayCJUYJo6k29 6cyvR5u+GPo9Cnx4D1OAn9MyDqwIhAIgZ86v3H7vwiyxaBi27v0TAbAmJSO3wA3868ZtP9KY2

-----END TRUSTED CERTIFICATE-----

The root certificate of table 7 digital certificate validity certifying organization

-----BEGIN TRUSTED CERTIFICATE-----

MIIBiTCCAS8CAQEwCQYHKoZIzj0EATBLMQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hhbmdoY WkxEjAQBgNVBAoMCVJpZGdlIEluYzEVMBMGA1UEAwwMUmlkZ2UgU1FSIENBMB4XDTE1MDEwMTEyMT cyN1oXDTI0MTIyOTEyMTcyN1owVzELMAkGA1UEBhMCQ04xEjAQBgNVBAoMCVJpZGdlIEluYzEUMBI GA1UECwwLU1FSIENBIE9DU1AxHjAcBgNVBAMMFVJpZGdlIEluYyBTUVIgQ0EgT0NTUDBZMBMGByqG SM49AgEGCCqGSM49AwEHA0IABFfl+ 4xtyRasK6J2kJ9BWnMze1flwxJcwvqxKbLI4tQbgizqV7taTeZsceMD96qqbmO9JXB5tjOQU5m0au SbecUwCQYHKoZIzj0EAQNJADBGAiEA/ifW2onY5OPR/ bFFoxbtsM4CadeB7IKBfKZ5V6KswBECIQCb/avLSz2er7EkudMDa9oTTqfeIIPnt02/gwR4O1AV5g ==

-----END TRUSTED CERTIFICATE-----

According to the SHA1 hashing algorithm in digital certificate validity information, the hash data calculating digital certificate information is：

sha1:Finger in 4206bb0d3b52ecf1810729a5671e031544530588, with digital certificate validity information Line is identical.

Signing messages in digital certificate validity information is：

sha256ECDSA:MEUCIQDna4d8UCzwdRsAOMLRNfw332bfodiQ6gFMPP+6/ PYAMAIgbWzfEtARWlxFp4s2427Z9OhCCwefUryCXc98ZGX+Wfk=

Using the hashed value that SHA256 hashing algorithm calculates digital certificate validity information it is：

sha256: fbdc67e57284296c300023e8fa10bd6509d017e7e09dcafcb31216a3d519f380

Using the root certificate shown in ECDSA algorithm and table 6, table 7, verify the digital signature in digital certificate validity information；

The time limit of digital certificate validity information is as shown in table 4： 2016-1-1 00:00 to 2016-1-15 00:00；Defeated The generation time entering in multidate information is as shown in table 1：2016-1-1 12:00:00；Input information generates the time positioned at validity Within the time limit of information；

The validity of digital certificate can not also use above preferred off-line verification mode, and passes through certificate issuance mechanism root card The certificate validity certifying organization that book is specified carries out online verification；When not using off-line verification mode to verify certificate validity, group Certificate validity information in conjunction information can omit or only retain certificate hash value；

Above inspection is all passed through, then the digital certificate of publisher is valid certificate.

Hash in digital signature and signature algorithm parameter are sha256ECDSA, as shown in table 2.Using sha256 hash Algorithm calculates input information hash data：

sha256:9f2a8e9ace06537bb1521f5c26e686ac3d9a45ed78fa4dfdb8e8c633141e3734

Signing messages with the publisher's digital certificate authentication hash data shown in table 3；

Publisher digital certificate owner CN entitled ABC Bank SQR Certificate, title in input essential information ABC Bank, is the safe Quick Response Code specific credentials of mechanism ABC Bank；The effective time limit of input multidate information is as shown in table 1： 2016-1-1 12:00:00 to 2026-1-1 12:00:00, current time is located within the effective time limit of input information；

Above checking is all passed through, and input information data is complete, issues source consistent with digital certificate.

8th, the result judges and information output prompting

Numbers above certificate, input information and digital signature are all verified correctly, and this safe Quick Response Code checking is correct, coding information Source is credible.Display input information and Quick Response Code distributor information, point out Quick Response Code to be issued by ABC Bank it is allowed to access online Bank address.If this safe Quick Response Code is distorted or forged through any, above safety verification cannot be passed through, point out this safety Quick Response Code may be tampered or forge, and denied access encodes address correlation.

Embodiment 2：

ABC Pay payment platform, applies to taxi mobile payment, and generating for each taxi operation personnel can be by public user The safe Quick Response Code of public information reading, passenger safe barcode scanning can pay car rental cost.

Specific implementation step is as follows：

1st, input need to encode information and type information

Coding information is needed to include essential information, target information, multidate information.Essential information is：Base:{TaxiID:Shanghai A12345 |LicenseID:123456|UserID:12345678|Domain:Abcpay.com }, target information is：OBJ:{URI: https://sqr.abcpay.com/zrk1rjziurlr2w3ira }, multidate information is：DYN:{Created:2016-1-1 12:00:00|Expired:2017-1-1 12:00:00}.Type information is the safe Quick Response Code of public information.

Input information is connected with vertical line and bracket symbol, as shown in table 8.

Table 8 embodiment 2 needs coding information

[OBJ:{URI:https://sqr.abcpay.com/zrk1rjziurlr2w3ira}Base:{TaxiID:Shanghai A12345 |LicenseID:123456|UserID:12345678|Domain:abcpay.com}DYN:{Created:2016-1-1 12: 00:00|Expired:2017-1-1 12:00:00}]

The present embodiment needs coding information to comprise multibyte character Chinese character, and information coding is using UTF-8 coding.

2nd, to needing coding information to be digitally signed computing, cryptographic calculation

The present embodiment adopts alternatively possible combining form, and complete combined information is signed.For ease of logic statement, Digital signature procedure is merged into step 3 illustrate.

The Quick Response Code of the present embodiment construction is the safe Quick Response Code of public information, is not encrypted computing.

3rd, input information, encryption information, digital signature, digital certificate and its validity information structuring combined information are used

Safe Quick Response Code mark, type, combination, compress mode information are：SQR.P0200

Wherein, SQR is safe Quick Response Code mark, and P represents public information Quick Response Code, and 02 represents that 00 is standby to Global Information signature Use information bit.

With vertical line and bracket link information head, input information, digital certificate and its validity information, constitute information to be signed As shown in table 9.Wherein, digital certificate and its validity information are respectively CERT and VALID part.

Table 9 embodiment 2 information to be signed

SQR.P0200{[OBJ:{URI:https://sqr.abcpay.com/zrk1rjziurlr2w3ira}Base: {TaxiID:Shanghai A12345 | LicenseID:123456|UserID:12345678|Domain:abcpay.com}DYN: {Created:2016-1-1 12:00:00|Expired:2017-1-1 12:00:00}]}CERT: {MIIBmjCCAUECAQwwCQYHKoZIzj0EATBLMQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hhbmdoYWkx EjAQBgNVBAoMCVJpZGdlIEluYzEVMBMGA1UEAwwMUmlkZ2UgU1FSIENBMB4XDTE1MDEwMTEyNTU1N FoXDTI0MTIyOTEyNTU1NFowaTELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMRAwDgYDVQ QKDAdBQkMgUGF5MRMwEQYDVQQLDApTUVIgQnVyZWF1MSAwHgYDVQQDDBdBQkMgUGF5IFNRUiBDZXJ 0aWZpY2F0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMYWxfwoZix/ ktNjsGZ5rxrreWdiMsbrfQJTRfmGcbi2ANcx4gsvXY+VUC8xm4q5T4QeB/ 8xKkqARKd52tGLoKYwCQYHKoZIzj0EAQNIADBFAiEAjm5i1gbKxLY3O6OsAgmtZ/OZfMGlWVotA+ RYeRFcjgkCICXC1x6vdLA/fekE5oof1EWROTqGY70SBRed88EhOPfm}VALID:{[fingerprint: sha1:c8013a7663460284db88b7f5bbb11cc082e4209d|Status:V|Issue:/C=CN/O=Ridge Inc/OU=SQR CA OCSP/CN=Ridge Inc SQR CA OCSP|url:https://ocsp.ridgeca.com| Created:2016-1-1 00:00|Expired:2016-1-15 00:00]sha256ECDSA: MEUCIGFaxrDsRrLGB0STa33X/A7B+AQqkqbO5/9mZ+ EA9fNYAiEApb0xXmxFNxGzWhNOga3mooNaCchKFR74jK5TdiVsLHE=}

The private key of publisher ABC Pay is：

prime256v1: a52a6adef863f807086ec3d93c127b72a995d5e9a4c6bd14ee2c6d6669d7e e17

Using sha256ECDSA signature algorithm, it is digitally signed computing with publisher's private key pair hashed value, and to signature Result carries out Base64 coding, and the digital signature obtaining text formatting is as shown in table 10.

Table 10 embodiment 2 needs the digital signature of coding information

sha256ECDSA:MEUCIQCHdsWZRGf4jX3hjSpjBtsitHpCXrg5NDyzhdfAxtAA4AIgWVd+ nMtQcYW6iW+HMwX02ecllFjHnm2J82JP2rhY34s=

The signature result of table 10 Global Information is attached to information afterbody, the combined information of composition is as shown in table 11.

The combined information of table 11 embodiment 2

SQR.P0200{[OBJ:{URI:https://sqr.abcpay.com/zrk1rjziurlr2w3ira}Base: {TaxiID:Shanghai A12345 | LicenseID:123456|UserID:12345678|Domain:abcpay.com}DYN: {Created:2016-1-1 12:00:00|Expired:2017-1-1 12:00:00}]}CERT: {MIIBmjCCAUECAQwwCQYHKoZIzj0EATBLMQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hhbmdoYWkx EjAQBgNVBAoMCVJpZGdlIEluYzEVMBMGA1UEAwwMUmlkZ2UgU1FSIENBMB4XDTE1MDEwMTEyNTU1N FoXDTI0MTIyOTEyNTU1NFowaTELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMRAwDgYDVQ QKDAdBQkMgUGF5MRMwEQYDVQQLDApTUVIgQnVyZWF1MSAwHgYDVQQDDBdBQkMgUGF5IFNRUiBDZXJ 0aWZpY2F0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMYWxfwoZix/ ktNjsGZ5rxrreWdiMsbrfQJTRfmGcbi2ANcx4gsvXY+VUC8xm4q5T4QeB/ 8xKkqARKd52tGLoKYwCQYHKoZIzj0EAQNIADBFAiEAjm5i1gbKxLY3O6OsAgmtZ/OZfMGlWVotA+ RYeRFcjgkCICXC1x6vdLA/fekE5oof1EWROTqGY70SBRed88EhOPfm}VALID:{[fingerprint: sha1:c8013a7663460284db88b7f5bbb11cc082e4209d|Status:V|Issue:/C=CN/O=Ridge Inc/OU=SQR CA OCSP/CN=Ridge Inc SQR CA OCSP|url:https://ocsp.ridgeca.com| Created:2016-1-1 00:00|Expired:2016-1-15 00:00]sha256ECDSA: MEUCIGFaxrDsRrLGB0STa33X/A7B+AQqkqbO5/9mZ+ EA9fNYAiEApb0xXmxFNxGzWhNOga3mooNaCchKFR74jK5TdiVsLHE=}sha256ECDSA: MEUCIQCHdsWZRGf4jX3hjSpjBtsitHpCXrg5NDyzhdfAxtAA4AIgWVd+nMtQcYW6iW+ HMwX02ecllFjHnm2J82JP2rhY34s=

4th, combined information is carried out with Quick Response Code coding, generates safe Quick Response Code

Using QR coded format, combined information is carried out with Quick Response Code coding, form two-dimension code pattern, as shown in Figure 4.

5th, input safe 2 D code information, the combined information including by the identification of Quick Response Code coding rule

Scan safe Quick Response Code as shown in Figure 4, be decoded according to QR coding rule, obtain combination letter as shown in table 11 Breath.

6th, analysis deciphering combined information, obtains input information, digital signature, digital certificate and its validity information

According to information such as combined information head two dimension code type, combinations, by bound symbols such as vertical line and brackets, to combination Information is analyzed deconstructing, and obtains input information, digital certificate and its validity information, digital signature information.

This embodiment is public information Quick Response Code it is not necessary to decipher computing.

Using combination that Global Information is signed, above step completes information combination and destructing computing to the present embodiment, counts afterwards The verification step of word certificate validity and input information is same as Example 1, may be referred to embodiment 1 and implements, is not repeated to go to live in the household of one's in-laws on getting married State.

Empirical tests, when digital certificate, input information and digital signature all verify that correctly, this safe Quick Response Code is just verified Really, coding information source is credible.Display input information and Quick Response Code distributor information, points out Quick Response Code source credible it is allowed to logical Cross ABC Pay platform and pay expense.If this safe Quick Response Code is distorted or forged through any, cannot be tested by safety above Card, points out this safe Quick Response Code may be tampered or forge, and issue source is insincere, and refusal carries out delivery operation.

Embodiment 3:

ABC Mall shopping center, in user-pay, produces one in real time with apparatus of the present invention and comprises collect money Merchant name, day The safe Quick Response Code of public information of the information such as phase, the amount of money, effective time, user's barcode scanning gets final product secure payment.

Specific implementation step is as follows：

1st, input need to encode information and type information

Coding information is needed to include essential information, target information, multidate information.Essential information is：Base:{Name:ABC Mall| Addr:No.1288,ABC Rd.,Shanghai|Domain:Abcpay.com }, target information is：OBJ:{URI:https:// Pay.abcpay.com/dkri67zin9oo8tzxy9ojquz8mcaedhzcljix1jeu }, multidate information is：DYN: {Created:2016-5-1 12:00:00|Expired:2016-5-1 12:10:00|PaymentID: e7db7c48642c78a669fd|Total:580.00RMB}.Type information is the safe Quick Response Code of public information.

Input information is connected with vertical line and bracket symbol, as shown in table 12.

Table 12 embodiment 3 needs coding information

[OBJ:{URI:https://pay.abcpay.com/dkri67zin9oo8tzxy9ojquz8mcaedhzcljix1jeu }Base:{Name:ABC Mall|Addr:No.1288,ABC Rd.,Shanghai|Domain:abcpay.com}DYN: {Created:2016-5-1 12:00:00|Expired:2016-5-1 12:10:00|PaymentID:e7db7c48642c78 a669fd|Total:580.00RMB}]

2nd, to needing coding information to be digitally signed computing, cryptographic calculation

The private key of publisher ABC Mall is：

prime256v1:04fb934882d6e980367d7d74aa97f67b4503e8972caa0fcdf60904cb859be54c

Using sha256ECDSA signature algorithm, input information is carried out with computing of signing, the signature result after Base64 coding is such as Shown in table 13.

Table 13 embodiment 3 needs the digital signature of coding information

sha256ECDSA:MEYCIQDpCQGQXaj6Pv5FImHBmv13PRr0KzZRxtF0t7s0f0BFlwIhALR+ F7IEFM2l3WDgmQZAwms/RpPr+nXx6P8Nmuxnph8J

The Quick Response Code of the present embodiment construction is the safe Quick Response Code of public information, is not encrypted computing.

3rd, input information, encryption information, digital signature, digital certificate and its validity information structuring combined information are used

Safe Quick Response Code mark, type, combination, compress mode information are：SQR.P0100

Connect input information, digital signature, digital certificate and its validity information with vertical line and bracket, constitute combined information such as table Shown in 14.Wherein, digital certificate and its validity information are respectively CERT and VALID part.

Table 14 embodiment 3 combined information

SQR.P0100{[OBJ:{URI:https://pay.abcpay.com/dkri67zin9oo8tzxy9ojquz8mcaedh zcljix1jeu}Base:{Name:ABC Mall|Addr:No.1288,ABC Rd.,Shanghai|Domain:abcpay.co m}DYN:{Created:2016-5-1 12:00:00|Expired:2016-5-1 12:10:00|PaymentID: e7db7c48642c78a669fd|Total:580.00RMB}]sha256ECDSA: MEYCIQDpCQGQXaj6Pv5FImHBmv13PRr0KzZRxtF0t7s0f0BFlwIhALR+F7IEFM2l3WDgmQZAwms/ RpPr+nXx6P8Nmuxnph8J}CERT:{MIIBsTCCAVgCARAwCQYHKoZIzj0EATBgMQswCQYDVQQGEwJDTj ERMA8GA1UECAwIU2hhbmdoYWkxEDAOBgNVBAoMB0FCQyBQYXkxEzARBgNVBAsMClNRUiBCdXJlYXU xFzAVBgNVBAMMDkFCQyBQYXkgU1FSIENBMB4XDTE1MDEwMTEyMTIwM1oXDTI0MTIyOTEyMTIwM1ow azELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMREwDwYDVQQKDAhBQkMgTWFsbDETMBEGA 1UECwwKU1FSIEJ1cmVhdTEhMB8GA1UEAwwYQUJDIE1hbGwgU1FSIENlcnRpZmljYXRlMFkwEwYHKo ZIzj0CAQYIKoZIzj0DAQcDQgAEmHTPYJbPpvDSEwOnRsKHaPty7b2VGppJk1P3H6XIPeTVWod63nk AuwKmftLGR8hTwjruJKXJh34K+RghoIkXizAJBgcqhkjOPQQBA0gAMEUCIFOdSlTG9VzOaHlPeDHe HVRFgWqmjqvHYnKgfOzJmO2jAiEAo3ab+zXyzi5AY6NdAve8HAFa97kyS5GTmAAQfRmhmhM=} VALID:{[fingerprint:sha1:ab0004a74fb4d04bb7f2cb3f079ea0104ac7a715|Status:V| Issue:/C=CN/O=Ridge Inc/OU=SQR CA OCSP/CN=Ridge Inc SQR CA OCSP|url:https:// ocsp.ridgeca.com|Created:2016-4-30 00:00|Expired:2016-5-10 00:00]sha256ECDSA: MEYCIQCUffga2TZHhB3ZahNcqKS3bPfRfPEcscmkkGKo1gJRWAIhANxNJ1/ HESRCq9abOG20XQhXw4MfSQ6OeL7WKCN5JROz}

4th, combined information is carried out with Quick Response Code coding, generates safe Quick Response Code

Using QR coded format, combined information is carried out with Quick Response Code coding, form two-dimension code pattern, as shown in Figure 5.

Embodiment 1,2 has been described in detail the construction verification process of two kinds of various combination modes, the checking step of the present embodiment Suddenly same as Example 1, refer to embodiment 1, it is no longer repeated.

Empirical tests, when digital certificate, input information and digital signature all verify that correctly, this safe Quick Response Code is just verified Really, coding information source is credible.Display input information and Quick Response Code distributor information, point out Quick Response Code source credible it is allowed to sweep Code delivery operation.If this safe Quick Response Code is distorted or forged through any, above safety verification cannot be passed through, point out this peace Full Quick Response Code may be tampered or forge, and issue insincere, refusal to pay operation of originating.

In the present embodiment, the payment certificate of ABC Mall is signed and issued by ABC Pay, and the certificate of ABC Pay is by the root at the center of signing and issuing Certificate issuance.The inventive method only need to be able to comprise in combined information to issue with the off-line verification multistage digital certificate signing and issuing mechanism Person's terminal digital certificate information.The validity of certificate chain is by constructing apparatus of the present invention periodically by signing and issuing what mechanism's root certificate was specified Validation verification mechanism updates, and carries out off-line verification by the certificate validity information in combined information in checking device.Implement The multistage certification hierarchy of the present embodiment can also be adopted in example 2, generated in real time using apparatus of the present invention and comprise the letter such as car rental cost The secure payment Quick Response Code of breath, passenger can be paid the bill with the safe barcode scanning of off-line verification.

Embodiment 4：

ABC Instrument musical instrument manufacturing enterprise, produces, to each product of its production and sales, the secret stating its identification feature Information security Quick Response Code, this safe Quick Response Code of scanning input identifies that bought product is certified products or counterfeit product.

Specific implementation step is as follows：

1st, input need to encode information and type information

Coding information is needed to include essential information, target information, multidate information.Essential information is：Base:{Name:ABC Instrument }, target information is：OBJ:{URI:https://product.abcinstrument.com/ E92eab1319a8cde0dc61636a2ffc8eeb918a554b }, multidate information is：DYN:{InstrumentID: DH698JM12345678|Created:2016-1-1 12:00:00|Expired:2046-1-1 12:00:00| FeatureID:ae978e952021aa32a00ce4b615bee64531d14b74}.Type information is private information safety two Dimension code.

Input information is connected with vertical line and bracket symbol, as shown in Table 15.

Table 15 embodiment 4 needs coding information

[OBJ:{URI:https://product.abcinstrument.com/ e92eab1319a8cde0dc61636a2ffc8eeb918a554b}Base:{Name:ABC Instrument}DYN: {InstrumentID:DH698JM12345678|Created:2016-1-1 12:00:00|Expired:2046-1-1 12: 00:00|FeatureID:ae978e952021aa32a00ce4b615bee64531d14b74}]

2nd, to needing coding information to be digitally signed computing, cryptographic calculation；

The private key of publisher ABC Instrument is：

prime256v1:da2b5da79b3f71e76b57c7fb4e533f3b134007945ed4764fb09730b4a8a87026

Using ECDSA signature algorithm, it is digitally signed computing with publisher's private key pair hashed value, and signature result is entered Row Base64 encodes, and the digital signature obtaining text formatting is as shown in table 16.

Table 16 embodiment 4 needs the digital signature of coding information

sha256ECDSA:MEQCIAwe4bAXkEXjVAd2HO/YbUx78TMds2Ko4lyWBU54JQB9AiB5l916Id5bY +2VHgT+NTlS0U27OctHu4pKsrl1b7/TeA==

The present embodiment is that producer generates the product feature safe Quick Response Code of checking in the offline not yet sale of production.Now every Individual product is not had specific user and corresponds to it is impossible to be encrypted using the symmetric key that public key or its of specific user are specified. Using the symmetric key randomly generating in embodiment, as shown in table 17.This random cipher can scrape code side using password area coating Formula is produced on product quality certificate together with the safe Quick Response Code generating.

The random symmetric key that table 17 embodiment 4 adopts

8c6116c72bdb9bd9582b

Coding information is needed to be encrypted computing using key shown in AES128 symmetric key algorithm table 17 to shown in table 15.Encryption Cipher-text information after Base64 coding for the operation result, as shown in table 18.

Table 18 embodiment 4 cipher-text information

aes128cbc:U2FsdGVkX1+q+7J62SECOtx5m+HYwIZYRgTdbWdtPm1/rTJnEYn9k//y/ LiuYtmjKOAky2SV+hGlI+F5ZXq1K0+O+YVevLCNWLAE1bjSPFDJvN5PiIX8X2XiqH6yEYwpB+ t3fnogW9z/3MYeZEGIYN4vuIwqA1g4mNCEIhBizGTL6vkP7QSsWs2W/ CiQ7dhoN3cHNPNdZXJVZTB8g9j1y8sFocBwg3rgJtOmd/iCUcjGFtQECEu59ZJIOTMIomD+ TZbCoAv8xJ9Sgz/S8z3OnXOskY3tVROQwe1IxkBi7IE46aRUCWODFqQbqTf+ pghmAIoeLE7YX2O0vNYgafAdccRz8TpuS2gOCXnMQiseJxc=

3rd, input information, encryption information, digital signature, digital certificate and its validity information structuring combined information are used；

Safe Quick Response Code mark, type, combination, compress mode information are：SQR.R0100

Wherein, R represents the safe Quick Response Code of private information.

Connect two-dimentional terminal information, cipher-text information, digital signature, digital certificate and its validity letter with vertical line and bracket Breath, constitutes combined information as shown in table 19.Wherein, digital certificate and its validity information are respectively CERT and VALID part.

Table 19 embodiment 4 combined information

SQR.R0100{[aes128cbc:U2FsdGVkX1+q+7J62SECOtx5m+HYwIZYRgTdbWdtPm1/ rTJnEYn9k//y/LiuYtmjKOAky2SV+hGlI+F5ZXq1K0+O+ YVevLCNWLAE1bjSPFDJvN5PiIX8X2XiqH6yEYwpB+t3fnogW9z/ 3MYeZEGIYN4vuIwqA1g4mNCEIhBizGTL6vkP7QSsWs2W/ CiQ7dhoN3cHNPNdZXJVZTB8g9j1y8sFocBwg3rgJtOmd/iCUcjGFtQECEu59ZJIOTMIomD+ TZbCoAv8xJ9Sgz/S8z3OnXOskY3tVROQwe1IxkBi7IE46aRUCWODFqQbqTf+ pghmAIoeLE7YX2O0vNYgafAdccRz8TpuS2gOCXnMQiseJxc=]sha256ECDSA: MEQCIAwe4bAXkEXjVAd2HO/YbUx78TMds2Ko4lyWBU54JQB9AiB5l916Id5bY+2VHgT+ NTlS0U27OctHu4pKsrl1b7/TeA==}CERT: {MIIBqDCCAU8CAQ8wCQYHKoZIzj0EATBLMQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hhbmdoYWkx EjAQBgNVBAoMCVJpZGdlIEluYzEVMBMGA1UEAwwMUmlkZ2UgU1FSIENBMB4XDTE1MDEwMTEyNTgwM 1oXDTI0MTIyOTEyNTgwM1owdzELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMRcwFQYDVQ QKDA5BQkMgSW5zdHJ1bWVudDETMBEGA1UECwwKU1FSIEJ1cmVhdTEnMCUGA1UEAwweQUJDIEluc3R ydW1lbnQgU1FSIENlcnRpZmljYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1YXYafrzOlt1 AYBgPnmHX9cXxduzoKIVRQpi96LMZEM6RZTCe+ FaUTDULSJIXUsJwnnSDj9YdnEQwkgAMu94fjAJBgcqhkjOPQQBA0gAMEUCIHrQz+ x2CAAkXkMAXRffudb6ZL2VlgUU2gS/I2TJ9++ xAiEAwwwdjABwxJyI4mpsIKWwHK5Gl4Ks0s2AW7UXAScQunw=}VALID:{[fingerprint:sha1: b16238e819adefb88161424c924905ccbdbed7c5:|Status:V|Issue:/C=CN/O=Ridge Inc/OU =SQR CA OCSP/CN=Ridge Inc SQR CA OCSP|url:https://ocsp.ridgeca.com|Created: 2016-1-1 00:00|Expired:2016-1-7 00:00]sha256ECDSA: MEQCICu2xZItmaDIcur2IpUgtLQG00ymljX95UM0h36fAK6bAiBeHxiEpmFJPfXFNoeEcFNC+ V8Rr1CNA9mm2LOpG4XMvA==}

4th, combined information is carried out with Quick Response Code coding, generates safe Quick Response Code

Using QR coded format, combined information is carried out with Quick Response Code coding, form two-dimension code pattern, as shown in Figure 6.

5th, input safe 2 D code information, the combined information including by the identification of Quick Response Code coding rule

After user buys product, in quality of scanning certificate, safe Quick Response Code as shown in Figure 6, is solved according to QR coding rule Code, obtains combined information as shown in table 19.

6th, analysis deciphering combined information, obtains input information, digital signature, digital certificate and its validity information

According to information such as combined information head two dimension code type, combinations, by bound symbols such as vertical line and brackets, to combination Information is analyzed deconstructing, and obtains cipher-text information, digital signature, digital certificate and its validity information.

The random symmetric key obtaining in the acquisition certificate of quality being provided with producer, using the algorithm parameter in cipher-text information Information, is decrypted computing to cipher-text information, obtains input information as shown in Table 15.

The present embodiment adopts private information two dimension code type, is encrypted computing to input information, differs primarily in that and add Decryption processing and combination destructing process computing, the verification step of digital certificate validity and input information and embodiment 1 phase afterwards Same, may be referred to embodiment 1 and implement, it is no longer repeated.

Empirical tests, when digital certificate, input information and digital signature all verify that correctly, this safe Quick Response Code is just verified Really, coding information source is credible.Display input information and Quick Response Code distributor information, point out Quick Response Code source credible it is allowed to visit Ask that the address that producer issues checks that the corresponding feature image of this musical instrument and bought musical instrument are contrasted, and compare Quick Response Code coding The hashed value of musical instrument feature image in information is consistent with the hashed value that website picture shows, to confirm, whether purchase commodity are just Product.If this safe Quick Response Code is distorted or forged through any, above safety verification cannot be passed through, point out this safe Quick Response Code May be tampered or forge, issue the network address that source is insincere, encodes in denied access Quick Response Code, purchased product is fakement.

Embodiment 5：

ABC Inc company, generates the identification informations such as statement performance time play seat on the ticket of its organizations sales The safe Quick Response Code of private information, this safe Quick Response Code of scanning input can verify that authenticity of the tickets, and this safe Quick Response Code of companies scan can To realize fast and safely ticket checking, prevent forgery admission ticket from causing economic loss to user and company.

Specific implementation step is as follows：

1st, input need to encode information and type information

Coding information is needed to include essential information, target information, multidate information.Essential information is：Base:{Name:ABC Inc| URI:http://www.abcinc.com }, target information is：OBJ:{TXT:ABC Inc Ticket,Seat 15F,Room A1,2016-1-10 12:00 }, multidate information is：DYN:{TicketSN:10001234|Created:2016-1-1 12:00: 00|Expired:2016-1-10 13:00:00}.Type information is the safe Quick Response Code of private information.

Input information is connected with vertical line and bracket symbol, as shown in table 20.

Table 20 embodiment 5 needs coding information

[OBJ:{TXT:ABC Inc Ticket,Seat 15F,Room A1,2016-1-10 12:00}Base:{Name:ABC Inc|URI:http://www.abcinc.com}DYN:{TicketSN:10001234|Created:2016-1-1 12:00: 00|Expired:2016-1-10 13:00:00}]

2nd, to needing coding information to be digitally signed computing, cryptographic calculation；

The private key of publisher ABC Inc is：

prime256v1: d6dd233bd29ba2c1db1a22ce7621a65edca83c60ab1534b4ab6a2274cbb680dd

Using ECDSA signature algorithm, it is digitally signed computing with publisher's private key pair hashed value, and signature result is entered Row Base64 encodes, and the digital signature obtaining text formatting is as shown in table 21.

Table 21 embodiment 5 needs the digital signature of coding information

sha256ECDSA:MEUCICK5jWrBaKMX7/uOX0AFjQuRhk+e740Dj1A/ nB7j8dRJAiEA9Ye8ZRu9A3DsCzi4vlYWwG0dUGJoK+BgFjrAKtRa4D8=

For ease of company's ticket checking and user's checking authenticity of the tickets, the present embodiment adopts two-layer encrypted form, the private information of generation Safe Quick Response Code can read identification by company and the specified user of booking user two.

Initially with the first symmetric key randomly generating, as shown in table 22, with AES128 algorithm to needing shown in table 20 to compile Code information is encrypted computing.

The first symmetric key that table 22 embodiment 5 adopts

xJkJTonV4i50A

First cipher-text information after Base64 coding for the cryptographic calculation result is as shown in table 23.

Table 23 embodiment 5 first cipher-text information U2FsdGVkX1+bVU4RDHGr6FAVxpNqEnRFf3Y5XEoGpkkzHu jSgw6g1yVXASsXSYWTHYDeJMNNwgvuu57w1GXvtpM1fxrX//WmEpE5bF3w7VdV4m68AR88kJB55Gn RRK31w8b/LbjiygeB7b2lzCChbswukY1HlwMt2ZGkzETTfjE/UHeJ8dGRjBuD3Qbp6FjtMnO5JGE+ EroBXGnmAAcQp044ao35bkFrrfNo8c083L95n06M4+1iQCtlD2eHtaKuMvtw1eidM2Gdw5dMs/ 1syA==

Then use Elgamal unsymmetrical key ECC AES, with the safe Quick Response Code public key of ABC Inc company to above institute First symmetric key is encrypted computing.The cipher-text information that cryptographic calculation result encodes through Base64 is as shown in table 24.

The cipher-text information of table 24 embodiment 5 company ABC's ticket checking key

A0vrl0wByM6LGRA6xxY7RgEUPiSUO6qE+Nm9Z1BoSotaA3Hqw/LHWfVPmLb5S7hh+Eyq/ gWaaFpWL+FchLTDE7jU

The symmetric key arranging during user's booking is as shown in Table 25.Use this symmetric key, using AES128 symmetric key algorithm pair First symmetric key is encrypted computing, and cipher-text information after Base64 coding for the operation result is as shown in table 26.

The symmetric key that table 25 embodiment 5 user sets

user12345678

The cipher-text information of table 26 embodiment 5 user's ticket checking key

U2FsdGVkX19nk+kW2oaV0Xzb2VdIlNReTITwxZURkuU=

Connect algorithm parameter and the cipher-text information of above two-stage encryption with vertical line and bracket, obtain the cipher-text information of the present embodiment such as Shown in table 27.

Table 27 embodiment 5 cipher-text information

abcinc:Elgamal:A0vrl0wByM6LGRA6xxY7RgEUPiSUO6qE+Nm9Z1BoSotaA3Hqw/ LHWfVPmLb5S7hh+Eyq/gWaaFpWL+FchLTDE7jU|user1:aes128cbc:U2FsdGVkX19nk+ kW2oaV0Xzb2VdIlNReTITwxZURkuU=[aes128cbc:U2FsdGVkX1+ bVU4RDHGr6FAVxpNqEnRFf3Y5XEoGpkkzHujSgw6g1yVXASsXSYWTHYDeJMNNwgvuu57w1GXvtpM1 fxrX//WmEpE5bF3w7VdV4m68AR88kJB55GnRRK31w8b/ LbjiygeB7b2lzCChbswukY1HlwMt2ZGkzETTfjE/UHeJ8dGRjBuD3Qbp6FjtMnO5JGE+ EroBXGnmAAcQp044ao35bkFrrfNo8c083L95n06M4+1iQCtlD2eHtaKuMvtw1eidM2Gdw5dMs/ 1syA==]

3rd, input information, encryption information, digital signature, digital certificate and its validity information structuring combined information are used；

Safe Quick Response Code mark, type, combination, compress mode information are：SQR.R0100

Wherein, R represents the safe Quick Response Code of private information.

Connect two-dimentional terminal information, cipher-text information, digital signature, digital certificate and its validity letter with vertical line and bracket Breath, constitutes combined information as shown in table 28.Wherein, digital certificate and its validity information are respectively CERT and VALID part.

Table 28 embodiment 5 combined information

SQR.R0100{abcinc:Elgamal:A0vrl0wByM6LGRA6xxY7RgEUPiSUO6qE+ Nm9Z1BoSotaA3Hqw/LHWfVPmLb5S7hh+Eyq/gWaaFpWL+FchLTDE7jU|user1:aes128cbc: U2FsdGVkX19nk+kW2oaV0Xzb2VdIlNReTITwxZURkuU=[aes128cbc:U2FsdGVkX1+ bVU4RDHGr6FAVxpNqEnRFf3Y5XEoGpkkzHujSgw6g1yVXASsXSYWTHYDeJMNNwgvuu57w1GXvtpM1 fxrX//WmEpE5bF3w7VdV4m68AR88kJB55GnRRK31w8b/ LbjiygeB7b2lzCChbswukY1HlwMt2ZGkzETTfjE/UHeJ8dGRjBuD3Qbp6FjtMnO5JGE+ EroBXGnmAAcQp044ao35bkFrrfNo8c083L95n06M4+1iQCtlD2eHtaKuMvtw1eidM2Gdw5dMs/ 1syA==]sha256ECDSA:MEUCICK5jWrBaKMX7/uOX0AFjQuRhk+e740Dj1A/ nB7j8dRJAiEA9Ye8ZRu9A3DsCzi4vlYWwG0dUGJoK+BgFjrAKtRa4D8=}CERT: {MIIBmjCCAUECAQMwCQYHKoZIzj0EATBLMQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hhbmdoYWkx EjAQBgNVBAoMCVJpZGdlIEluYzEVMBMGA1UEAwwMUmlkZ2UgU1FSIENBMB4XDTE2MTAxNjE4MTA1N VoXDTI2MTAxNDE4MTA1NVowaTELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMRAwDgYDVQ QKDAdBQkMgSW5jMRMwEQYDVQQLDApTUVIgQnVyZWF1MSAwHgYDVQQDDBdBQkMgSW5jIFNRUiBDZXJ 0aWZpY2F0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNElX97H5p9wPULirnYwBFYww9NiTagR it49ZCaSYgILKGZQIt9zokVZkDoofP5yiveBU9m/ uuvV3S6hlxLl8b0wCQYHKoZIzj0EAQNIADBFAiBESaHU4yzdWgGI+ jyZORKSg6I2nJRYL1QK8cg9v3J+AQIhALH5vt6Lve4kLS8RvycZMtlCy4H3HRMzgKTc1AihM/ik} VALID:{[fingerprint:sha1:5ed29e05630b433aafb67ab6e0a13db142f6ca78|Status:V| Issue:/C=CN/O=Ridge Inc/OU=SQR CA OCSP/CN=Ridge Inc SQR CA OCSP|url:https:// ocsp.ridgeca.com|Created:2016-1-1 00:00|Expired:2016-1-15 00:00]sha256ECDSA: MEYCIQCVYVe33cR1louQS/WmByjdlcCgDcGfbzcFJsIEHtSuNQIhAI+hVtd/fCyZ0e5uWpp6/ Up9nu6GTBu0VqONDB4+rHly}

4th, combined information is carried out with Quick Response Code coding, generates safe Quick Response Code

Using QR coded format, combined information is carried out with Quick Response Code coding, form two-dimension code pattern, as shown in Figure 7.

5th, input safe 2 D code information, the combined information including by the identification of Quick Response Code coding rule

Scan safe Quick Response Code as shown in Figure 7, be decoded according to QR coding rule, obtain combination letter as shown in table 28 Breath.

6th, analysis deciphering combined information, obtains input information, digital signature, digital certificate and its validity information

According to information such as combined information head two dimension code type, combinations, by bound symbols such as vertical line and brackets, to combination Information is analyzed deconstructing, and obtains cipher-text information, digital signature, digital certificate and its validity information.

When after user's booking, oneself safe Quick Response Code of scanning verifies the authenticity of the admission ticket, input user as shown in Table 25 oneself sets Symmetric key and aes128cbc algorithm, as shown in table 26 ciphertext corresponding to user1 in cipher-text information be decrypted fortune Calculate, obtain the first symmetric key as shown in table 22；Then with this first symmetric key to as shown in table 23 in cipher-text information First cipher-text information is decrypted computing, obtains input information as shown in table 20.

During user's viewing performance admission, the safe Quick Response Code on ABC Inc companies scan user's admission ticket, public with ABC Inc The private key of department and Elgamal algorithm, it is non-right that as shown in table 24 cipher-text information corresponding to abcinc in cipher-text information carries out ECC Claim secret key decryption computing, obtain the first symmetric key as shown in table 22；Then with this first symmetric key in cipher-text information First cipher-text information as shown in table 23 is decrypted computing, obtains input information as shown in table 20.

During ABC Inc company's ticket checking, it is also possible to by user input set by it after the safe Quick Response Code on scanning user's admission ticket Fixed symmetric key, is then decrypted process using flow process same with user, obtains input information as shown in table 20.

The present embodiment adopts private information two dimension code type, is encrypted fortune using two-layer cipher mode to input information Calculate, differ primarily in that encryption and decryption is processed and combination destructing processes computing, afterwards the testing of digital certificate validity and input information Card step is same as Example 1, may be referred to embodiment 1 and implements, it is no longer repeated.

Empirical tests, digital certificate, input information and digital signature are all verified correctly, and this safe Quick Response Code checking is correct, Coding information source is credible.Display input information and Quick Response Code distributor information, point out Quick Response Code to originate credible, admission ticket is true, Can be with admission.If this safe Quick Response Code is distorted or forged through any, above safety verification cannot be passed through, point out this safety Quick Response Code may be tampered or forge, and issue source is insincere, and admission ticket is to forge, and refuses admission.

Embodiment 6：

XYZ Inc generates security information Quick Response Code to the train ticket sold, and is easy to mobile ticket checking and and checking passenger identity.Ticket The time of departure, printed in the information nominal value such as train number seat, be public information；The name of booking user but system of real name is ridden It is private information with ID card information, after such as being ridden using open form, discarding ticket is likely to result in passenger's privacy information and lets out Leakage.Therefore, the present embodiment adopts mixed information safety two dimension code type.

The safe Quick Response Code of mixed information is on the basis of the safe Quick Response Code of public information and the safe Quick Response Code of private information, Extension information in input information is carried out with single signature verification and encrypting and decrypting computing, algorithm and the basic phase of handling process With.The present embodiment repeats no more its same process, only provides combined information and the safety of its different piece and operation result Two-dimension code pattern.

In the present embodiment, input information is：

[OBJ:{TXT: G7032,Economy Class,Seat 15A,Coach 10,2016-1-5 06:18|From: Shanghai|To:Nanjing}Base:{Name:XYZ Inc|URI:http://www.xyzinc.com}DYN: {TicketSN:300000012345678|Created:2016-1-1 12:00:00|Expired:2016-1-6 00:00: 00}EXT:{IDNo:31011111111111888X|Name:LiMing}]

Wherein, EXT part is extension information.

The private key of publisher XYZ Inc is：

prime256v1: 185f17ca500c3ee115e0d31b51d8314751a2c9325777f640030d17ee9dcf7 ad2

EXT information is signed using sha256ECDSA algorithm, obtaining signing messages is：

sha256ECDSA:MEUCIQCez9GDoZa/daNdVGSlzAfQmj4MgS8o9gDRf4riGicq1wIgE0Lv56Ftx xUkXczWrRQAPiLOjKkgLjG2vFoxgJfcu50=

It is encrypted with the symmetric key LM12345678 setting during user's booking, the cipher-text information obtaining is：

aes128cbc:U2FsdGVkX186kV9MQ1CyCi+h26dmFhTYDr7kBK6GjsST7NBs8Lnh+CJV7kUk/ xkP6xRpBrZdor39GgaM1MOeEw==

Connect information above with vertical line and bracket, obtaining the present embodiment needs coding information as shown in table 29.

Table 29 embodiment 6 needs coding information

[OBJ:{TXT:G7032,Economy Class,Seat 15A,Coach 10,2016-1-5 06:18|From: Shanghai|To:Nanjing}Base:{Name:XYZ Inc|URI:http://www.xyzinc.com}DYN: {TicketSN:300000012345678|Created:2016-1-1 12:00:00|Expired:2016-1-6 00:00: 00}EXT:{[aes128cbc:U2FsdGVkX186kV9MQ1CyCi+h26dmFhTYDr7kBK6GjsST7NBs8Lnh+ CJV7kUk/xkP6xRpBrZdor39GgaM1MOeEw==]sha256ECDSA:MEUCIQCez9GDoZa/ daNdVGSlzAfQmj4MgS8o9gDRf4riGicq1wIgE0Lv56FtxxUkXczWrRQAPiLOjKkgLjG2vFoxgJfcu 50=}]

The digital signature needing coding information shown in computational chart 29 is：

sha256ECDSA:MEUCIGUXsg9exiigUucj5mHNIno8+DYZHRIj/ PEHvY5qDnc6AiEAteH7pLT0x17Pt9EwwvTDZkdhNruyEPeSnAuQeY93IHU=

Remaining constitution step is identical with the safe Quick Response Code of public information, obtains the combined information of the present embodiment as shown in table 30, its Middle information header H symbol represents the safe Quick Response Code of mixed information.

Table 30 embodiment 6 combined information

SQR.H0100{[OBJ:{TXT:G7032,Economy Class,Seat 15A,Coach 10,2016-1-5 06:18| From:Shanghai|To:Nanjing}Base:{Name:XYZ Inc|URI:http://www.xyzinc.com}DYN: {TicketSN:300000012345678|Created:2016-1-1 12:00:00|Expired:2016-1-6 00:00: 00}EXT:{[aes128cbc:U2FsdGVkX186kV9MQ1CyCi+h26dmFhTYDr7kBK6GjsST7NBs8Lnh+ CJV7kUk/xkP6xRpBrZdor39GgaM1MOeEw==]sha256ECDSA:MEUCIQCez9GDoZa/ daNdVGSlzAfQmj4MgS8o9gDRf4riGicq1wIgE0Lv56FtxxUkXczWrRQAPiLOjKkgLjG2vFoxgJfcu 50=}]sha256ECDSA:MEUCIGUXsg9exiigUucj5mHNIno8+DYZHRIj/ PEHvY5qDnc6AiEAteH7pLT0x17Pt9EwwvTDZkdhNruyEPeSnAuQeY93IHU=}CERT: {MIIBmzCCAUECAQ4wCQYHKoZIzj0EATBLMQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hhbmdoYWkx EjAQBgNVBAoMCVJpZGdlIEluYzEVMBMGA1UEAwwMUmlkZ2UgU1FSIENBMB4XDTE1MDEwMTEyNTgwM FoXDTI0MTIyOTEyNTgwMFowaTELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMRAwDgYDVQ QKDAdYWVogSW5jMRMwEQYDVQQLDApTUVIgQnVyZWF1MSAwHgYDVQQDDBdYWVogSW5jIFNRUiBDZXJ 0aWZpY2F0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAvAW5SS36lQ0dP+ O67irIJugBvKbfFVSev1/bW5NBXkP7CPHYpE6aBoQLpqj0etID6fR/ rjlEJsNB12f43wg6MwCQYHKoZIzj0EAQNJADBGAiEArsYQR7OjyRHePvXEphNO+fZH/ ho6E046ALEAcv/W3WwCIQCKclH4J+Uv438i3p3SSFj9owg5Hyw267QbIn9tsGar7A==}VALID: {[fingerprint:sha1:7b8d23eca88b092db080c98a443572f142560424|Status:V|Issue:/C =CN/O=Ridge Inc/OU=SQR CA OCSP/CN=Ridge Inc SQR CA OCSP|url:https:// ocsp.ridgeca.com|Created:2016-1-1 00:00|Expired:2016-1-7 00:00]sha256ECDSA: MEQCIFEfIoGnL0oBLUf6hcDYJUm1+YzQkTlzo0M9PGCljtixAiABxG4XtQFNyXU9CLfi32mBO0V8g sFk9XrXm7fd7Yo0ow==}

Two-dimension code pattern is generated to combined information shown in table 30, as shown in Figure 8.

During ticket checking, can be according to the safe Quick Response Code flow verification of embodiment 1 public information, the information of extension can for ciphertext To ignore；When needing to verify passenger identity information, after scanning the safe Quick Response Code of mixed information as shown in Figure 8, by user input Its symmetric key setting, is decrypted, to extension information ciphertext, the extension information original text obtaining inputting, and verifies extension information Digital signature；It is verified, illustrates that extension information is issued by XYZ Inc, information completely is not modified, and then check passenger Real name identity document etc. whether consistent with extension information.

The safe Quick Response Code of mixed information equally can build on the basis of private information Quick Response Code, and only specific user just may be used Decryption verification extends information.The signature verification of extension information and encrypting and decrypting computing equally can other be right using of the present invention Claim key and asymmetric key algorithm, no longer repeat one by one.

These are only the present invention construct verification method preferred implementation form, some conventional deformation application forms, for example In the built-in system application such as logistic storage management, digital certificate can be cached in and verify device digital certificate store area, two In dimension code combination information, digital certificate partly can omit；In the case of limited by the shape of publishing region, multi-code shape can be adopted Formula is issued；Under conditions of night or high-speed mobile etc. are unsatisfactory for optical scanner imaging, can wirelessly be waited using Bluetooth RF and pass Defeated mode realizes the transmission of safe 2 D code information.

Embodiment 7：

Fig. 2 can verify device embodiment 7 structural representation by off-line verification safe Quick Response Code construction for the present invention, is and embodiment 1- The corresponding device of 6 methods describeds, described device includes：

Information input unit S301, needs coding information and type information for input；

Secure information storage cell S 302, stores private key information for safety；

Information memory cell S303, for storage input information and operation result information in constructing apparatus；

Certificate store S304, for digital certificate in constructing apparatus and its validity information；

Digital signature and information cryptographic calculation cell S 305, for calculate digital signature, update digital certificate validity information and Information is encrypted；

Combined information construction and Quick Response Code encoding operation cell S 306, for tectonic association information and carry out Quick Response Code coding fortune Calculate；

Image display information output unit S307, for display and output safety 2 D code information；

Image scanning information input unit S401, for scanning and inputting safe 2 D code information；

Root certificate memory cell S402, signs and issues mechanism and its root certificate of specified validity certifying organization for storing key；

Information memory cell S403, for verifying storage input information and operation result information in device；

Certificate store S404, for verifying digital certificate and its validity information in device；

Digital signature authentication and information decrypting unit S405, for the number of information deciphering and digital certificate validity and input information Word signature verification；

Quick Response Code identification and combined information analysis destructing arithmetic element S406, enter for Quick Response Code code identification and to combined information Row analysis destructing computing；

Result output information Tip element S407, for the output of safe Quick Response Code the result and information alert.

Described device can be divided into constructing apparatus and checking two independent sub-devices of device, and wherein constructing apparatus are by S301- S307 unit forms, and checking device is made up of S401-S407 unit；A device can also be embodied as, including all of above list Unit, wherein constructs and verifies that the unit being used for information input, information Store and presentation of information in sub-device can share after merging Same unit.

Information input unit S301 and image scanning information input unit S401, can adopt keyboard, touch-screen, shooting The universal components such as head, scanner are realized.

Secure information storage cell S 302, can adopt safe storage chip, smart card, FPGA built-in ROM memory block etc. The security informations such as storage private key information.Wherein safe storage chip needs the outside computing unit of cooperation to run, using cipher mode Read and write safe storage chip, security is relatively low；Smart card or fpga chip storage, can be with the calculating list carrying inside it Unit carries out private key operation in chip internal, only carries out calculating the input and output of data and operation result, private key information can not be from core Read it is ensured that the security of private key information in piece.

Information memory cell S303, S403, certificate store S304, S404, root certificate memory cell S402, can To be realized using general memory cell.

Digital signature and information cryptographic calculation cell S 305, digital signature authentication and information decrypting unit S405, combination letter Breath construction and Quick Response Code encoding operation cell S 306, Quick Response Code identification and combined information analysis destructing arithmetic element S406 realize this The computings such as signature verification described in inventive method embodiment 1-6, encrypting and decrypting, combination destructing, can be using universal cpu, GPU fortune Calculate unit, it would however also be possible to employ DSP, FPGA, CPLD, asic chip are realized.

Image display information output unit S307 and result output information Tip element S407 can using generic liquid crystal screen, Touch-screen, buzzer, audio output unit etc. are realized.

From above-described embodiment, the invention has the advantages that：

Embodiments provide one kind and can construct verification method and device by the safe Quick Response Code of off-line verification, without network even Under the universal suitable environment connecing, you can the issue source of checking Quick Response Code, with safe and reliable use Quick Response Code.Using the present invention The safe Quick Response Code of construction verification method and device has advantages below：

1st, safe Quick Response Code coding information cannot distort, forges, deny；

To safe Quick Response Code coding information any modification all can not by security verification it is ensured that coding information complete Whole property and uniformity.Third party cannot generate safe Quick Response Code by spurious information issue source, and publisher also cannot deny safety simultaneously The true issue source of Quick Response Code.

2nd, safe Quick Response Code can its security of off-line verification；

Connection network is not needed to get final product the true of information integrity, uniformity and the information source of the safe Quick Response Code of off-line verification Property.Can also safety applications in the environment of there is no network or being not easy to online.

3rd, safe Quick Response Code can be issued the public information being read by the public and can also issue the private read by specific user Confidential information；

According to application needs, safe Quick Response Code can issue the safe Quick Response Code of the public information being read by the public can also issue by Private information and the safe Quick Response Code of mixed information that specific one or more user reads, and can be with its safety of off-line verification Property.The safe Quick Response Code of private information, on the basis of above security, also has non-reproduction simultaneously, and it can only be by publisher The user that specifies accesses checking, other third parties cannot reading of content or as application authority, replicate clone's private information safety Quick Response Code does not have practical significance.

The foregoing is only presently preferred embodiments of the present invention, be not limited to the present invention, all spirit in the present invention and Within principle, any modification, equivalent substitution and improvement done etc., should be included within the scope of the present invention.

Claims (10)

1. verification method can be constructed it is characterised in that methods described includes by the safe Quick Response Code of off-line verification：

Information and type information that input need to encode；

It is digitally signed computing, cryptographic calculation to needing coding information；

With input information, encryption information, digital signature, digital certificate and its validity information structuring combined information；

Combined information is carried out with Quick Response Code coding, generates safe Quick Response Code；

Input safe 2 D code information, the combined information including by the identification of Quick Response Code coding rule；

Analysis deciphering combined information, obtains input information, digital signature, digital certificate and its validity information；

The validity of checking digital certificate, and with digital certificate authentication input information and digital signature；

The result judges and information output prompting.

2. method according to claim 1 it is characterised in that, described input need coding information and type information include but It is not limited to：

Need coding information to be essential information, arbitrarily several in extension information, target information, multidate information；

Wherein, essential information is not with arbitrarily several in the title of single application change, address, domain-name information；Target information For arbitrarily several in target network address, publicity information；Multidate information be changed according to single application the generation time, effective when Between, arbitrarily several in Transaction Information, application parameter information；Extension information is passport NO., any in contact information Several；Type information is public information, private information, any one in mixed information.

3. method according to claim 1 it is characterised in that, used by described digital signature, signature verification, digital certificate Cryptographic system includes but is not limited to：

Digital signature, signature verification, digital certificate use asymmetric public key cryptographic system, using ECC elliptic curve cipher system, Any one in DSA cryptographic system, rsa cryptosystem system.

4. method according to claim 1 it is characterised in that, described information encryption, information deciphering cryptographic system used Including but not limited to：

Information encryption, information deciphering use symmetric key cryptosystem and asymmetric public key cryptographic system, using AES, 3DES, Arbitrarily several in RC4, IDEA, ECC, RSA, ECDH；The symmetric key specified with specific user or its public key and private key pair need Encryption information encrypts and decrypts computing, or with symmetric key that is being produced by client public key or randomly generating to need encrypt Information encrypts and decrypts computing, and used by the symmetric key specified with specific user or its public key and private key pair by user Symmetric key that is that public key produces or randomly generating encrypts and decrypts computing.

5. the method according to claim 1-4 any one it is characterised in that, described combined information includes but is not limited to：

Input information, encryption information, digital signature, digital certificate and its validity information；

Wherein, input information is the information of need coding and the type information of input；Encryption information be with the public key of specific user or Its symmetric key of specifying of person, can be to input information to the ciphertext needing after encryption information encryption and AES parameter information Or whole combined information is encrypted computing；Digital signature is to need authentication information to carry out computing of signing with publisher's private key pair As a result, it is possible to computing is digitally signed to input information or whole combined information；Digital certificate is to sign and issue mechanism by key Publisher's identity of digital signature identification and public key certificate；Digital certificate validity information is to sign and issue mechanism's root certificate through key to refer to The digital certificate current state information of fixed validation verification authority signature certification；

For dedicated system, digital certificate can be cached in the digital certificate store area of checking device, can save in combined information Slightly digital certificate information or only retention figures certificate hash value information；Digital certificate validity information can be multistage with off-line verification Sign and issue the digital certificate of structure, in combined information, only need to comprise publisher's terminal digital certificate information；If do not used preferably Off-line verification mode, digital certificate validity information can be omitted or only retention figures certificate hash value information.

6. the method according to claim 1-5 it is characterised in that the tectonic association of described combined information and analysis destructing side Method includes but is not limited to：

Preserve the information such as safe Quick Response Code mark, type, combination, compress mode in combined information head；

When the information needing coding is the public information being available for any user's reading：By input information, digital signature, numeral card Book and its validity information connect and compose combined information by list separator；Type according to combined information head and group during destructing Combined information is decomposed into each independent information by list separator by conjunction mode information；

When the information needing coding is the private information only being read by specific user：By the cipher-text information of input information, numeral Signature, digital certificate and its validity information connect and compose combined information by list separator；According to combined information head during destructing The type in portion and combination information, first pass through list separator and combined information are decomposed into each independent information, further according to ciphertext AES parameter in information, is decrypted computing to cipher-text information and obtains original input information；Can also be first by input letter Breath, digital signature, digital certificate and its validity information are connected by list separator, then are encrypted fortune to the information after connecting Calculate, using encryption information as combined information；During destructing, the type according to combined information head and combination information, first pass through close AES parameter in civilian information is decrypted computing to cipher-text information, further according to list separator by decipher after combined information It is decomposed into each independent information；

When the information needing coding is the mixed information that can be read by catergories of user：At information disclosed above or private information On the basis of reason method, extension information is carried out with independent encrypted signature and checking decryption processing；Extension information and extension information Outside other information can be read by different classes of user respectively；

To the information comprising multibyte character, can be with the Unicode coding using UTF-8 or UTF-16 form；

After combined information construction complete, combined information can be compressed with computing again or be converted to Base64 coding；Destructing When first the combined information of compression is carried out with decompression operation or Base64 decoding, then deconstruct by a combination thereof mode.

7. method according to claim 1 is it is characterised in that described Quick Response Code code identification and information I/O method Including but not limited to：

Using any one code recognition method in QR Code, Data Matrix, Maxi Code, PDF417；Using difference Size rank code system or multi-code form represent；A safe Quick Response Code mark figure can be embedded in the two-dimension code pattern generating Shape；Bluetooth RF radio transmitting method is adopted during using optical imagery scan transfer and optical imagery condition deficiency.

8. the method according to claim 1-6 is it is characterised in that described checking and result judge that information output method is：

Sign and issue the root certificate checking digital certificate information of mechanism and its certificate validity certifying organization specifying with digital certificate, and Verify input information and digital signature with digital certificate information；Verification method preferably uses off-line verification mode, it is possible to use The mode of the validation verification mechanism checking specified；Digital certificate, input information and digital signature all verify correct, then safety Quick Response Code checking is correct, and coding information source is credible, and otherwise its information issue source is insincere；Correct two-dimentional safely to verifying Code, code displaying information and Quick Response Code distributor information are it is allowed to carry out the application operating related to this Quick Response Code；Otherwise point out this Quick Response Code issues insincere, the refusal application operating related to this Quick Response Code of originating.

9. device can be verified it is characterised in that described device includes by off-line verification safe Quick Response Code construction：

Information input unit, needs coding information and type information for input；

Information memory cell, for storing input information and operation result information；

Secure information storage unit, stores private key information for safety；

Certificate store, for digital certificate and its validity information；

Root certificate memory cell, signs and issues mechanism and its root certificate of specified validity certifying organization for storing key；

Digital signature and information cryptographic calculation unit, for calculating digital signature, updating digital certificate validity information and information Encryption；

Combined information construction and Quick Response Code encoding operation unit, for tectonic association information and carry out Quick Response Code encoding operation；

Image display information output unit, for display and output safety 2 D code information；

Image scanning information input unit, for scanning and inputting safe 2 D code information；

Quick Response Code identification and combined information analysis destructing arithmetic element, are carried out for Quick Response Code code identification and to combined information point Analysis destructing computing；

Digital signature authentication and information decrypting unit, for the numeral label of information deciphering and digital certificate validity and input information Name checking；

Result output information Tip element, for the output of safe Quick Response Code the result and information alert.

10. device according to claim 9 is it is characterised in that described arithmetic element, signature unit, authentication unit, storage The calculation function of unit and secure storage unit and make include but is not limited to：

Information coding and decoding, signature verification, encrypting and decrypting, construction destructing arithmetic element calculation function are described in claim 3-8 Computing；Unit make includes general-use storage and arithmetic unit, dsp chip, fpga chip, CPLD chip, ASIC core Arbitrarily several in piece.