CN106559219A - A kind of digital signature method and system and its intelligent terminal and operation system - Google Patents
A kind of digital signature method and system and its intelligent terminal and operation system Download PDFInfo
- Publication number
- CN106559219A CN106559219A CN201510633498.XA CN201510633498A CN106559219A CN 106559219 A CN106559219 A CN 106559219A CN 201510633498 A CN201510633498 A CN 201510633498A CN 106559219 A CN106559219 A CN 106559219A
- Authority
- CN
- China
- Prior art keywords
- digital signature
- operation system
- signature
- signed
- digital
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a kind of digital signature method and system and its intelligent terminal and operation system.Based on the digital signature method of the present invention generates digital signature information trusted graphical code by operation system, digital signature is completed after intelligent terminal's (such as mobile phone) scanning validation trusted graphical code, related signature information is sent to operation system, operation system feedback result completes digital signature procedure to PC browser.The process need not access PC key by control, the outer interaction of band between PC, intelligent terminal, operation system is set up by trusted graphical code, complete digital signature, improve user security experience, reduce customer digital certificate and use complexity, be a kind of safe new and innovative quadrature digital up-converter that operation system rapid deployment digital signature technology realizes data integrity, verity.
Description
Technical field
The present invention relates to internet security technology, more particularly, it relates to a kind of digital signature method and system
And its intelligent terminal and operation system.
Background technology
Digital signature be it is a kind of solve data integrity and the solution that sources can be traced back, it is advance by user
The digital certificate that the key of generation is applied to mechanism of trusted third party is guaranteeing the trusted identity of user, sender
Digital signature is formed through the hashed value that hashing algorithm is generated using private key encryption, recipient is public using sender
Key verifies decrypted hash value, and original text is hashed by same hashing algorithm, and two hashed values of contrast confirm number
The effectiveness of word signature.
At present in PC, internet, applications based on WEB accession page modes, internet, applications
Digital signature need by browser operation.Browser as PC and internet, applications interact into
Mouthful, in order to keep safety, need to being carried out sternly by the authority of internet access to personal computer local resource
Lattice are controlled, and are generally required and are supported local file operation, digital certificate key sheet by the control that third party signs
Ground is generated, is taken care of, the demand of application, needs digital certificate solution provider to provide corresponding third party
Control is operated to digital certificate, including the support to digital signature.
Digital signature is the mistake that digital certificate, key and digital signature are operated by browser digital certificate control
Journey, the storage mode of key can pass through software key container or the storage of the encryption hardware comprising encryption chip.
Thus, prior art needs user to download installation third party control on a web browser.Current PC
Operating system is related to LINUX of Microsoft WINDOWS, Fructus Mali pumilae MAC OS and different labels etc., clear
Device of looking at include Microsoft IE6,7,8,9,10, Fructus Mali pumilae safari, red fox firefox, Google chrome, with
And the customization version based on above-mentioned browser, the browser that for example manufacturer such as Tengxun, Qihoo, Baidu releases.
The security set difference of different operating system, different browsers, the security control of browser, the acceptance of control
The differences such as degree, mode, default treatment mode, bring substantial amounts of compatibility issue, cause digital certificate to exist
A large number of users experience problem in digital signature applications, reduces the popularization of digital certificate digital signature applications
Property, digital signature can not be timely and effective in the superiority of the aspects such as authenticating user identification, transaction integrality protection
Be applied.
There are the out-of-band communications such as MPKI (Managed Public Key Infrastructure) to complete numeral at present
The solution of signature application, the program is by MPKI mechanism by short message channel with data SMS push side
Formula is pushed to specified mobile phone number, and the SIM applied by built-in PKI completes digital signature.This side
Formula is limited due to data SMS carrying content, can only push signature hashed value and complete digital signature, and end side is not
It is able to verify that signature contents original text, it is impossible to verify that digital signature request is originated, there is third party attack risk.
The content of the invention
The technical problem to be solved in the present invention is, for the drawbacks described above of prior art, there is provided one kind is based on
The digital signature method and system of out-of-band communication and its intelligent terminal and operation system, it is not necessary to third party control
And data integrity and verity can be realized.
According to the first aspect of the invention, the present invention proposes a kind of digital signature side to solve its technical problem
Method, comprises the steps:
S1, by browser initiate user need the service request using digital signature;
S2, the service request is based on by operation system, obtains information to be signed and customer digital certificate only
One mark, produces the corresponding first signing messages hashed value of the information to be signed, and uses operation system number
Word certificate is carried out to the information to be signed, the first signing messages hashed value and customer digital certificate unique mark
Digital signature, generates the Digital signature service URL of the information after accessing the signature, and by the Digital signature service
URL encodes to form trusted graphical code;
S3, the trusted graphical code sent by browser-presented operation system;
S4, the trusted graphical code that browser-presented is scanned by intelligent terminal, decoding obtain Digital signature service
URL;
S5, signed the Digital signature service URL using customer digital certificate by intelligent terminal, and carry generation
Number signature access the Digital signature service URL;
S6, verify that by operation system number signature passes through after, send the Digital signature service URL
Corresponding information to be signed, the first signing messages hashed value, customer digital certificate unique mark and operation system
Digital signature is to intelligent terminal;
S7, verify that by intelligent terminal the operation system digital signature passes through after, according to the letter to be signed
Breath calculates the second signing messages hashed value, and in the second signing messages hashed value and the first signature for obtaining
When hashing information value is consistent, number signature is completed to the information to be signed, number signature is tied
Fruit is sent to operation system;
S8, number signature result is received by operation system, and in checking customer digital certificate and
After digital signature passes through, number signature result is returned to into browser.
In one embodiment according to a first aspect of the present invention, trusted graphical code is formed in step S2 and is entered
One step includes:The signing messages timestamp that the use operation system digital certificate is digitally signed is generated,
And encode to form the trusted graphical together with the Digital signature service URL by the signing messages timestamp
Code;
Step S4 is further included:Decoding obtains the signing messages timestamp;
Step S5 is further included:Verify the signing messages timestamp to confirm by intelligent terminal
State Digital signature service URL addresses it is errorless after, signed the Digital signature service URL using customer digital certificate, and
Carry the number signature for generating and access the Digital signature service URL.
In one embodiment according to a first aspect of the present invention, step S3 is further included:By browsing
Device shows that prompting user scans the information that the trusted graphical code completes digital signature using intelligent terminal.
According to the second aspect of the invention, the present invention proposes a kind of digital signature system to solve its technical problem
System, the browser, operation system and intelligent terminal including communication connection, wherein:
The browser is used to initiate the service request that user needs using digital signature, shows operation system base
In the trusted graphical code that the service request is formed and sent, and receive the number label of operation system return
Name result is completing the service request;
The operation system obtains information to be signed and use for the service request initiated based on browser
Family digital certificate unique mark, produces the corresponding first signing messages hashed value of the information to be signed, and makes
With operation system digital certificate to the information to be signed, the first signing messages hashed value and customer digital certificate
Unique mark is digitally signed, and generates the Digital signature service URL of the information after accessing the signature, and will
The Digital signature service URL encodes to form trusted graphical code;
The intelligent terminal is used for the trusted graphical code for scanning browser-presented, and decoding obtains Digital signature service
URL, and signed the Digital signature service URL using customer digital certificate, and carry the number of users of generation
Word signature accesses the Digital signature service URL;
The operation system is additionally operable to the access based on intelligent terminal to Digital signature service URL and verifies the user
After digital signature passes through, the corresponding information to be signed of the Digital signature service URL, the first signing messages are sent
Hashed value, customer digital certificate unique mark and operation system digital signature are to intelligent terminal;
After the intelligent terminal is additionally operable to verify that the operation system digital signature passes through, according to described to be signed
Information calculates the second signing messages hashed value, and in the second signing messages hashed value and the first label for obtaining
When name hashing information value is consistent, number signature is completed to the information to be signed, number is signed
As a result it is sent to operation system;
The operation system is additionally operable to receive the number signature result that intelligent terminal sends, in checking user
After digital certificate and digital signature pass through, number signature result is returned to into browser.
In one embodiment according to a second aspect of the present invention, the operation system forms trusted graphical code and enters one
Step includes:The signing messages timestamp that the use operation system digital certificate is digitally signed is generated, and
The signing messages timestamp is encoded to form the trusted graphical code together with the Digital signature service URL;
Intelligent terminal's decoding trusted graphical code is further included:Decoding obtains the signing messages time
Stamp;
Intelligent terminal's access signature service URL is further included:Verify the signing messages timestamp
After confirming that the Digital signature service URL addresses are errorless, signed the Digital signature service using customer digital certificate
URL, and carry the number signature access Digital signature service URL of generation.
In one embodiment according to a second aspect of the present invention, the browser is showing what operation system sent
During trusted graphical code, further show that prompting user is scanned the trusted graphical code using intelligent terminal and completed
The information of digital signature.
According to the third aspect of the invention we, the present invention proposes a kind of for numeral label to solve its technical problem
The intelligent terminal of name, including:
Scan module, for scanning the trusted graphical code of browser-presented, decoding obtains Digital signature service URL;
URL access modules, for being signed the Digital signature service URL using customer digital certificate, and are carried
The number signature of generation accesses the Digital signature service URL;
Receiver module, the corresponding information to be signed of the Digital signature service URL of reception operation system transmission,
First signing messages hashed value, customer digital certificate unique mark and operation system digital signature;
Digital Signature module, after verifying that the operation system digital signature passes through, according to described to be signed
Information calculates the second signing messages hashed value, and in the second signing messages hashed value and the first label for obtaining
When name hashing information value is consistent, number signature is completed to the information to be signed;
Sending module, for number signature result is sent to operation system.
In one embodiment according to a third aspect of the present invention, the scan module also decodes acquisition signing messages
Timestamp;
The URL access modules are verified the signing messages timestamp to confirm the Digital signature service URL
After address is errorless, is signed the Digital signature service URL using customer digital certificate, and carry the user of generation
Digital signature accesses the Digital signature service URL.
According to the fourth aspect of the invention, the present invention proposes a kind of for numeral label to solve its technical problem
The operation system of name, it is characterised in that include:
Trusted graphical code generation module, the user for being initiated based on browser need the industry using digital signature
Business request, obtains information to be signed and customer digital certificate unique mark, produces the information correspondence to be signed
The first signing messages hashed value, and using operation system digital certificate to the information to be signed, first sign
Name hashing information value and customer digital certificate unique mark are digitally signed, and generate after accessing the signature
The Digital signature service URL of information, and the Digital signature service URL is encoded to form trusted graphical code;
First sending module, is shown for trusted graphical code is sent to browser;
Digital signature service module, for receiving intelligent terminal by scanning the trusted graphical code to signature clothes
The access of business URL, and after checking number signature passes through, send the Digital signature service URL correspondences
Information to be signed, the first signing messages hashed value, customer digital certificate unique mark and operation system numeral
Sign to intelligent terminal;
Authentication module, for receiving the number signature result of intelligent terminal's transmission, and verifies number
Certificate and digital signature;
Second sending module, for browser will be returned to by the number signature result of checking.
In one embodiment according to a fourth aspect of the present invention, the trusted graphical code generation module also generates institute
State the signing messages timestamp being digitally signed using operation system digital certificate, and by the signing messages
Timestamp encodes to form the trusted graphical code together with the Digital signature service URL.
Implement digital signature method of the invention and system and its intelligent terminal and operation system with
Lower beneficial effect:
(1) used out-of-band data signature mechanism is set up by trusted graphical code:With trusted graphical code as tie,
The meeting interaction of operation system, intelligent terminal, browser is set up, the band of browser and operation system is completed
Outer digital signature applications, PC are used so as to avoid PC without digital certificate and key
Family Key Exposure and abuse problem;
(2) digital signature browser control part compatibility issue is solved by out-band method:By out-band method
Using digital certificate digital signature, it is to avoid the digital certificate digital signature skill that browser control part compatibility is brought
Art complexity and Consumer's Experience problem;
(3) realized with outer digital certificate signature mechanism by operation system and intelligent terminal:Operation system and
Intelligent terminal verifies the accordance of digital certificate user and trade user, in signature by digital signature authentication
The real effectiveness of appearance, is ensureing the effect system with outer digital signature with browser digital certificate and digital signature
On the premise of one, customer digital certificate, digital signature are reduced using complexity, and secure visual is improved.
Description of the drawings
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the flow chart of the digital signature method of one embodiment of the invention;
Fig. 2 is the interaction in one embodiment of the invention between browser, operation system and intelligent terminal
Schematic diagram;
Fig. 3 is the logic diagram of the digital signature system of one embodiment of the invention.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, below in conjunction with accompanying drawing and reality
Example is applied, the present invention will be described in further detail.It should be appreciated that specific embodiment described herein is only
Only to explain the present invention, it is not intended to limit the present invention.
The flow chart that Fig. 1 shows digital signature method according to an embodiment of the invention 100.Such as Fig. 1
Shown, the digital signature method 100 comprises the steps:
In step S110, initiating user by browser needs the service request using digital signature.For example,
User can pass through PC browser and the service request using digital signature is initiated to operation system.
In later step S120, the service request is based on by operation system, obtains information to be signed and use
Family digital certificate unique mark, produces the corresponding first signing messages hashed value of the information to be signed, and makes
With operation system digital certificate to the information to be signed, the first signing messages hashed value and customer digital certificate
Unique mark is digitally signed, and generates the Digital signature service URL of the information after accessing the signature, and will
The Digital signature service URL encodes to form trusted graphical code.
In later step S130, the trusted graphical code sent by browser-presented operation system.Meanwhile, it is clear
Look at device can also exhibition information remind user the trusted graphical code is scanned using intelligent terminal to complete digital label
Name.
In later step S140, the trusted graphical code of browser-presented is scanned by intelligent terminal, decoding is obtained
Obtain Digital signature service URL.
In later step S150, signed the Digital signature service URL using customer digital certificate by intelligent terminal,
And carry the number signature access Digital signature service URL of generation.
In later step S160, after verifying that the number signature passes through by operation system, send described
The corresponding information to be signed of Digital signature service URL, the first signing messages hashed value, customer digital certificate are unique
Mark and operation system digital signature are to intelligent terminal.
In later step S170, after verifying that the operation system digital signature passes through by intelligent terminal, according to
The information to be signed calculates the second signing messages hashed value, and the second signing messages hashed value with obtain
The first signing messages hashed value it is consistent when, the information to be signed is completed number signature, will use
Family digital signature result is sent to operation system.
In later step S180, the number signature result is received by operation system, and is used in checking
After family digital certificate and digital signature pass through, number signature result is returned to browser to complete
Service request.
Browser, business system in the digital signature method that Fig. 2 shows according to a specific embodiment of the invention
Interaction between system and intelligent terminal.It is concrete as shown in Figure 2:
First, in step S201, demand of the browser based on user is initiated using numeral label to operation system
The service request of name.
In later step S202, operation system obtains the information to be signed of user's submission (i.e. from service request
The content that needs are digitally signed) and customer digital certificate unique mark.
In later step S203, operation system produces the first signing messages based on the information to be signed for obtaining and dissipates
Train value.For example, operation system can treat signing messages using hash function such as MD5, SHA1 algorithm
Carry out being calculated the signing messages hashed value.
In later step S204, operation system using operation system digital certificate to above-mentioned information to be signed,
First signing messages hashed value and customer digital certificate unique mark are digitally signed, and obtain above- mentioned information
Operation system digital signature.
In later step S205, operation system generates Digital signature service URL and signing messages timestamp.Should
Digital signature service URL is the resource http address of the information after accessing the signature, can be according to certain volume
Code rule is generated.The signing messages timestamp is the time being digitally signed using operation system digital certificate
Point.
In later step S206, Digital signature service URL and signing messages timestamp are compiled by operation system together
Code forms trusted graphical code.The coded method of graphic code can be using well known to those skilled in the art various suitable
Coding techniques.
In later step S207, the trusted graphical code is sent to browser by operation system.
In later step S208, the trusted graphical code that browser-presented operation system sends, and also show that and sweep
The information of tracing shape code, completes digital label to point out user to scan the trusted graphical code using intelligent terminal
Name.
As, in step S209, intelligent terminal scans the trusted graphical of browser-presented based on the operation of user
Code, decoding obtain Digital signature service URL and signing messages timestamp.
In later step S210, intelligent terminal verifies the signing messages timestamp, that is, judge what business occurred
Time is reset and is faked to avoid the occurrence of, it is ensured that Digital signature service URL addresses are errorless.
In later step S211, intelligent terminal is signed to Digital signature service URL using customer digital certificate,
Generate number signature.
In later step S212, intelligent terminal carries the number signature access signature and services URL pair
The resource address answered.
In later step S213, operation system verifies the number signature entrained by the access request, with
Confirm customer digital certificate and the customer digital certificate unique mark corresponding to Digital signature service URL whether
Cause.Only in the case where the two is consistent, the digital signature of the present invention can be just completed.
In later step S214, in the case that in checking, the two is consistent, operation system is by Digital signature service URL
Corresponding information to be signed, the first signing messages hashed value, customer digital certificate unique mark and business system
System digital signature is sent to intelligent terminal.
In later step S215, the operation system digital signature that intelligent terminal's checking is received, to confirm to wait to sign
Name information, the first signing messages hashed value and customer digital certificate unique mark are truly without modification.
In later step S216, intelligent terminal produces the second signing messages based on the information to be signed for obtaining and dissipates
Train value.For example, intelligent terminal using with operation system identical hash function for example MD5, SHA1 calculate
Method is treated signing messages and carries out being calculated the signing messages hashed value.
In later step S217, the second signing messages hashed value and working that their own is produced by intelligent terminal
The first signature hashed value that business system is obtained is compared, and only in the case where the two is consistent, could continue
Complete number signature.
In later step S218, intelligent terminal uses Digital Signature Algorithm, treats signing messages and completes user
Digital signature.
In later step S219, number signature result is sent to operation system by intelligent terminal.
Number card in later step S220, entrained by operation system checking number signature result
Book and number signature, to confirm the authenticity and integrity of number signature result.
In later step S221, the number signature result by above-mentioned checking is returned to by operation system
Browser.
In later step S222, browser receive user digital signature result, finishing service request.
The present invention above-mentioned digital signature method, fully have references to international standard (PKI), national standard with
And the industry standard of correlation, with trusted graphical code as carrier, solve PC and use digital certificate, number
The browser control part compatibility issue of word signature, and MPKI is with signature request side and signature in outer digital signature
The problem of content verification, is ensureing consistent with browser digital certificate, digital signature effect with outer digital signature
Property on the premise of, establish a kind of customer digital certificate, digital signature use complexity reduce, secure visual
Property improve out-of-band communication data signature mechanism.
Based on digital signature method described above, the present invention also proposes a kind of digital signature system.Fig. 3
Show the logic diagram of digital signature system according to an embodiment of the invention 300.As shown in figure 3,
The digital signature system 300 includes browser 310, operation system 320 and the intelligent terminal for communicating to connect
330.Browser 310 for initiating the service request that user needs using digital signature to operation system 320,
Show the trusted graphical code that operation system 320 is formed based on the service request and sent, and receive business system
The number signature result that system 320 is returned is asked with finishing service.Operation system 320 is browsed for being based on
The service request that device 310 is initiated, obtains information to be signed and customer digital certificate unique mark, produces described
The corresponding first signing messages hashed value of information to be signed, and wait to sign to described using operation system digital certificate
Name information, the first signing messages hashed value and customer digital certificate unique mark are digitally signed, and generate and visit
The Digital signature service URL of the information after the signature is asked, and the Digital signature service URL is encoded to form credible
Graphic code is sent to browser 310.Prompting scanning browser 310 of the intelligent terminal 330 based on browser 310
The trusted graphical code of displaying, decoding obtain Digital signature service URL, and using customer digital certificate signature institute
Digital signature service URL is stated, and carries the number signature of generation and access the Digital signature service URL.Business
System 320 is additionally operable to the access checking number signature based on intelligent terminal 330 to Digital signature service URL,
And after being verified, send the information to be signed corresponding to Digital signature service URL, the first signing messages and dissipate
Train value, customer digital certificate unique mark and operation system digital signature are to intelligent terminal 330.Intelligent terminal
330 are additionally operable to verify the operation system digital signature for obtaining, and after being verified, according to described to be signed
Information calculates the second signing messages hashed value, and in the second signing messages hashed value and the first label for obtaining
When name hashing information value is consistent, number signature is completed to the information to be signed, number is signed
As a result it is sent to operation system 320.Operation system 320 receives the number label that intelligent terminal 330 sends
Name result, verify customer digital certificate and digital signature with confirm number signature result verity and
Then the number signature result is returned to browser 310 by integrity.Browser 310 receives user
Digital signature result, just can finishing service request.
It is concrete as shown in figure 3, operation system 320 further include trusted graphical code generation module 321, the
One sending module 322, digital signature service module 323, authentication module 324 and the second sending module 325.
Wherein, trusted graphical code generation module 321 needs to use digital signature based on the user that browser 310 is initiated
Service request, obtain information to be signed and customer digital certificate unique mark, produce the information to be signed
Corresponding first signing messages hashed value, and using operation system digital certificate to the information to be signed, the
One signing messages hashed value and customer digital certificate unique mark are digitally signed, and generate and access the signature
The Digital signature service URL of information afterwards, and the Digital signature service URL is encoded to form trusted graphical code.The
One sending module 322 is shown for trusted graphical code is sent to browser 310.Digital signature service
Module 323 is used to receive intelligent terminal 330 by scanning the trusted graphical code to Digital signature service URL's
Access, and after checking number signature passes through, send the Digital signature service URL corresponding to be signed
Information, the first signing messages hashed value, customer digital certificate unique mark and operation system digital signature are to intelligence
Can terminal 330.Authentication module 324 is used for the number signature result for receiving the transmission of intelligent terminal 330,
And verify customer digital certificate and digital signature.Second sending module 325 is for the use by checking is passed through
Family digital signature result returns to browser 310.
Specifically as shown in figure 3, intelligent terminal 330 further includes scan module 331, URL access modules
332nd, receiver module 333, Digital Signature module 334 and sending module 335.Wherein, scan module 331
For scanning the trusted graphical code of the displaying of browser 310, decoding obtains Digital signature service URL.URL is accessed
Module 332 is for being signed the Digital signature service URL using customer digital certificate, and carries the user of generation
Digital signature accesses the Digital signature service URL.Receiver module 333 is used for the institute for receiving operation system transmission
State the corresponding information to be signed of Digital signature service URL, the first signing messages hashed value, customer digital certificate only
One mark and operation system digital signature.Digital Signature module 334 is used to verify that the operation system numeral is signed
Name, and the second signing messages hashed value is calculated according to the information to be signed after being verified, and described
When second signing messages hashed value is consistent with the first signing messages hashed value for obtaining, to the information to be signed
Complete number signature.Sending module 335 for by number signature result be sent to operation system
320。
In further preferred embodiment, the trusted graphical code generation module 321 of operation system 320 is also generated
The signing messages timestamp that the use operation system digital certificate is digitally signed, and by the A.L.S.
Breath timestamp encodes to form the trusted graphical code together with the Digital signature service URL.Intelligent terminal 330
Scan module 331 scanning trusted graphical code can also decode acquisition signing messages timestamp, URL access mould
Block 332 before Digital signature service URL is accessed first was verified the signing messages timestamp to confirm signature
Service URL addresses are errorless.
The above-mentioned digital signature system of the present invention generates digital signature information trusted graphical code with operation system
Basis, completes digital signature after intelligent terminal's (such as mobile phone) scanning validation trusted graphical code, related
Signing messages is sent to operation system, and operation system feedback result completes digital signature to PC browser
Process.The process need not access PC key by control, set up personal electricity by trusted graphical code
The outer interaction of band between brain, intelligent terminal, operation system, completes digital signature, improves user security experience,
Reduce customer digital certificate and use complexity, be that a kind of operation system rapid deployment digital signature technology is realized
The safe new and innovative quadrature digital up-converter of data integrity, verity.
Presently preferred embodiments of the present invention is the foregoing is only, it is not to limit the present invention, all at this
Any modification, equivalent and improvement for being made within bright spirit and principle etc., should be included in the present invention
Protection domain within.
Claims (10)
1. a kind of digital signature method, it is characterised in that comprise the steps:
S1, by browser initiate user need the service request using digital signature;
S2, the service request is based on by operation system, obtains information to be signed and customer digital certificate only
One mark, produces the corresponding first signing messages hashed value of the information to be signed, and uses operation system number
Word certificate is carried out to the information to be signed, the first signing messages hashed value and customer digital certificate unique mark
Digital signature, generates the Digital signature service URL of the information after accessing the signature, and by the Digital signature service
URL encodes to form trusted graphical code;
S3, the trusted graphical code sent by browser-presented operation system;
S4, the trusted graphical code that browser-presented is scanned by intelligent terminal, decoding obtain Digital signature service
URL;
S5, signed the Digital signature service URL using customer digital certificate by intelligent terminal, and carry generation
Number signature access the Digital signature service URL;
S6, verify that by operation system number signature passes through after, send the Digital signature service URL
Corresponding information to be signed, the first signing messages hashed value, customer digital certificate unique mark and operation system
Digital signature is to intelligent terminal;
S7, verify that by intelligent terminal the operation system digital signature passes through after, according to the letter to be signed
Breath calculates the second signing messages hashed value, and in the second signing messages hashed value and the first signature for obtaining
When hashing information value is consistent, number signature is completed to the information to be signed, number signature is tied
Fruit is sent to operation system;
S8, number signature result is received by operation system, and in checking customer digital certificate and
After digital signature passes through, number signature result is returned to into browser.
2. digital signature method according to claim 1, it is characterised in that in step S2
Form trusted graphical code to further include:Generate what the use operation system digital certificate was digitally signed
Signing messages timestamp, and the signing messages timestamp is encoded into shape together with the Digital signature service URL
Into the trusted graphical code;
Step S4 is further included:Decoding obtains the signing messages timestamp;
Step S5 is further included:Verify the signing messages timestamp to confirm by intelligent terminal
State Digital signature service URL addresses it is errorless after, signed the Digital signature service URL using customer digital certificate, and
Carry the number signature for generating and access the Digital signature service URL.
3. digital signature method according to claim 1, it is characterised in that step S3 is entered
One step includes:The trusted graphical code is scanned using intelligent terminal by browser-presented prompting user and complete number
The information of word signature.
4. a kind of digital signature system, it is characterised in that the browser, operation system including communication connection
And intelligent terminal, wherein:
The browser is used to initiate the service request that user needs using digital signature, shows operation system base
In the trusted graphical code that the service request is formed and sent, and receive the number label of operation system return
Name result is completing the service request;
The operation system obtains information to be signed and use for the service request initiated based on browser
Family digital certificate unique mark, produces the corresponding first signing messages hashed value of the information to be signed, and makes
With operation system digital certificate to the information to be signed, the first signing messages hashed value and customer digital certificate
Unique mark is digitally signed, and generates the Digital signature service URL of the information after accessing the signature, and will
The Digital signature service URL encodes to form trusted graphical code;
The intelligent terminal is used for the trusted graphical code for scanning browser-presented, and decoding obtains Digital signature service
URL, and signed the Digital signature service URL using customer digital certificate, and carry the number of users of generation
Word signature accesses the Digital signature service URL;
The operation system is additionally operable to the access based on intelligent terminal to Digital signature service URL and verifies the user
After digital signature passes through, the corresponding information to be signed of the Digital signature service URL, the first signing messages are sent
Hashed value, customer digital certificate unique mark and operation system digital signature are to intelligent terminal;
After the intelligent terminal is additionally operable to verify that the operation system digital signature passes through, according to described to be signed
Information calculates the second signing messages hashed value, and in the second signing messages hashed value and the first label for obtaining
When name hashing information value is consistent, number signature is completed to the information to be signed, number is signed
As a result it is sent to operation system;
The operation system is additionally operable to receive the number signature result that intelligent terminal sends, in checking user
After digital certificate and digital signature pass through, number signature result is returned to into browser.
5. digital signature system according to claim 4, it is characterised in that the operation system shape
Further include into trusted graphical code:Generate the label that the use operation system digital certificate is digitally signed
Name information time stamp, and the signing messages timestamp is encoded to be formed together with the Digital signature service URL
The trusted graphical code;
Intelligent terminal's decoding trusted graphical code is further included:Decoding obtains the signing messages time
Stamp;
Intelligent terminal's access signature service URL is further included:Verify the signing messages timestamp
After confirming that the Digital signature service URL addresses are errorless, signed the Digital signature service using customer digital certificate
URL, and carry the number signature access Digital signature service URL of generation.
6. digital signature system according to claim 4, it is characterised in that the browser is in exhibition
When showing the trusted graphical code that operation system sends, further show that prompting user is described using intelligent terminal's scanning
Trusted graphical code is completing the information of digital signature.
7. a kind of intelligent terminal for digital signature, it is characterised in that include:
Scan module, for scanning the trusted graphical code of browser-presented, decoding obtains Digital signature service URL;
URL access modules, for being signed the Digital signature service URL using customer digital certificate, and are carried
The number signature of generation accesses the Digital signature service URL;
Receiver module, for receiving the corresponding letters to be signed of the Digital signature service URL of operation system transmission
Breath, the first signing messages hashed value, customer digital certificate unique mark and operation system digital signature;
Digital Signature module, after verifying that the operation system digital signature passes through, according to described to be signed
Information calculates the second signing messages hashed value, and in the second signing messages hashed value and the first label for obtaining
When name hashing information value is consistent, number signature is completed to the information to be signed;
Sending module, for number signature result is sent to operation system.
8. the intelligent terminal for digital signature according to claim 7, it is characterised in that described
Scan module also decodes acquisition signing messages timestamp;
The URL access modules are verified the signing messages timestamp to confirm the Digital signature service URL
After address is errorless, is signed the Digital signature service URL using customer digital certificate, and carry the user of generation
Digital signature accesses the Digital signature service URL.
9. a kind of operation system for digital signature, it is characterised in that include:
Trusted graphical code generation module, the user for being initiated based on browser need the industry using digital signature
Business request, obtains information to be signed and customer digital certificate unique mark, produces the information correspondence to be signed
The first signing messages hashed value, and using operation system digital certificate to the information to be signed, first sign
Name hashing information value and customer digital certificate unique mark are digitally signed, and generate after accessing the signature
The Digital signature service URL of information, and the Digital signature service URL is encoded to form trusted graphical code;
First sending module, is shown for trusted graphical code is sent to browser;
Digital signature service module, for receiving intelligent terminal by scanning the trusted graphical code to signature clothes
The access of business URL, and after checking number signature passes through, send the Digital signature service URL correspondences
Information to be signed, the first signing messages hashed value, customer digital certificate unique mark and operation system numeral
Sign to intelligent terminal;
Authentication module, for receiving the number signature result of intelligent terminal's transmission, and verifies number
Certificate and digital signature;
Second sending module, for browser will be returned to by the number signature result of checking.
10. the operation system for digital signature according to claim 9, it is characterised in that described
Trusted graphical code generation module also generates the signature that the use operation system digital certificate is digitally signed
Information time is stabbed, and the signing messages timestamp is encoded to form institute together with the Digital signature service URL
State trusted graphical code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510633498.XA CN106559219B (en) | 2015-09-29 | 2015-09-29 | A kind of digital signature method and system and its intelligent terminal and operation system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510633498.XA CN106559219B (en) | 2015-09-29 | 2015-09-29 | A kind of digital signature method and system and its intelligent terminal and operation system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106559219A true CN106559219A (en) | 2017-04-05 |
| CN106559219B CN106559219B (en) | 2019-05-10 |
Family
ID=58415953
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510633498.XA Active CN106559219B (en) | 2015-09-29 | 2015-09-29 | A kind of digital signature method and system and its intelligent terminal and operation system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106559219B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107786543A (en) * | 2017-09-28 | 2018-03-09 | 北京深思数盾科技股份有限公司 | The method that the local service component of intelligent cipher key equipment interacts with networked application programs |
| CN107968815A (en) * | 2017-10-25 | 2018-04-27 | 北京信安世纪科技股份有限公司 | A kind of method and device of security protection |
| WO2022116587A1 (en) * | 2020-12-02 | 2022-06-09 | 上海哔哩哔哩科技有限公司 | Web end data signature method and apparatus, and computer device |
| CN114866320A (en) * | 2022-05-06 | 2022-08-05 | 中国银行股份有限公司 | Method, device, equipment and storage medium for preventing url parameter from being tampered |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030177363A1 (en) * | 2002-03-15 | 2003-09-18 | Kaoru Yokota | Service providing system in which services are provided from service provider apparatus to service user apparatus via network |
| CN1996371A (en) * | 2006-11-30 | 2007-07-11 | 银联金融认证中心有限公司 | System for implementing inter-bank use of digital certificates and method therefor |
| CN101800642A (en) * | 2009-12-31 | 2010-08-11 | 卓望数码技术(深圳)有限公司 | Encoding and decoding methods, equipment and system of graphic codes |
| CN102779263A (en) * | 2012-06-19 | 2012-11-14 | 袁开国 | Credible two-dimensional code scheme based on public key infrastructure (PKI) and digital signature |
-
2015
- 2015-09-29 CN CN201510633498.XA patent/CN106559219B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030177363A1 (en) * | 2002-03-15 | 2003-09-18 | Kaoru Yokota | Service providing system in which services are provided from service provider apparatus to service user apparatus via network |
| CN1996371A (en) * | 2006-11-30 | 2007-07-11 | 银联金融认证中心有限公司 | System for implementing inter-bank use of digital certificates and method therefor |
| CN101800642A (en) * | 2009-12-31 | 2010-08-11 | 卓望数码技术(深圳)有限公司 | Encoding and decoding methods, equipment and system of graphic codes |
| CN102779263A (en) * | 2012-06-19 | 2012-11-14 | 袁开国 | Credible two-dimensional code scheme based on public key infrastructure (PKI) and digital signature |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107786543A (en) * | 2017-09-28 | 2018-03-09 | 北京深思数盾科技股份有限公司 | The method that the local service component of intelligent cipher key equipment interacts with networked application programs |
| CN107968815A (en) * | 2017-10-25 | 2018-04-27 | 北京信安世纪科技股份有限公司 | A kind of method and device of security protection |
| WO2022116587A1 (en) * | 2020-12-02 | 2022-06-09 | 上海哔哩哔哩科技有限公司 | Web end data signature method and apparatus, and computer device |
| CN114866320A (en) * | 2022-05-06 | 2022-08-05 | 中国银行股份有限公司 | Method, device, equipment and storage medium for preventing url parameter from being tampered |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106559219B (en) | 2019-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105099692B (en) | Security verification method and device, server and terminal | |
| CN106888089B (en) | method and system for electronic signature and mobile communication terminal for electronic signature | |
| CN105515783B (en) | Identity identifying method, server and certification terminal | |
| US10530582B2 (en) | Method and device for information system access authentication | |
| CN103295046B (en) | The method and apparatus generated and use safe Quick Response Code | |
| CN104765999B (en) | Method, terminal and server for processing user resource information | |
| CN106100850B (en) | Intelligent and safe chip signing messages transmission method and system based on two dimensional code | |
| CN103067402B (en) | The generation method and system of digital certificate | |
| CN108809658A (en) | A kind of digital signature method and system of the identity base based on SM2 | |
| CN101860540B (en) | Method and device for identifying legality of website service | |
| CN104618334A (en) | Method and system for generating and verifying dynamic two-dimensional code | |
| CN103237305B (en) | Password protection method for smart card on facing moving terminal | |
| CN105306211A (en) | Identity authentication method for client software | |
| CN104838629A (en) | Method and system for authenticating user using mobile device and by means of certificates | |
| CN103428001A (en) | Implicit type enhanced convenient WEB identity authentication method | |
| CN103297231A (en) | Identity authentication method and system | |
| CN106559219A (en) | A kind of digital signature method and system and its intelligent terminal and operation system | |
| CN104050431A (en) | Self-signing method and self-signing device for RFID chips | |
| CN109495268A (en) | A kind of two dimension code authentication method, device and computer readable storage medium | |
| CN104683107A (en) | Digital certificate storage method and device, and digital signature method and device | |
| CN103368831A (en) | Anonymous instant messaging system based on frequent visitor recognition | |
| WO2015109958A1 (en) | Data processing method based on negotiation key, and mobile phone | |
| CN110266641B (en) | Information reading method, system, device and computer readable storage medium | |
| KR101739446B1 (en) | User authentication system and user authentication method therefor | |
| CN103813321A (en) | Agreement key based data processing method and mobile phone |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |