CN106559219B - A kind of digital signature method and system and its intelligent terminal and operation system - Google Patents

A kind of digital signature method and system and its intelligent terminal and operation system Download PDF

Info

Publication number
CN106559219B
CN106559219B CN201510633498.XA CN201510633498A CN106559219B CN 106559219 B CN106559219 B CN 106559219B CN 201510633498 A CN201510633498 A CN 201510633498A CN 106559219 B CN106559219 B CN 106559219B
Authority
CN
China
Prior art keywords
digital signature
operation system
signature
digital
signed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510633498.XA
Other languages
Chinese (zh)
Other versions
CN106559219A (en
Inventor
刘志诚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aspire Digital Technologies Shenzhen Co Ltd
Original Assignee
Aspire Digital Technologies Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aspire Digital Technologies Shenzhen Co Ltd filed Critical Aspire Digital Technologies Shenzhen Co Ltd
Priority to CN201510633498.XA priority Critical patent/CN106559219B/en
Publication of CN106559219A publication Critical patent/CN106559219A/en
Application granted granted Critical
Publication of CN106559219B publication Critical patent/CN106559219B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to a kind of digital signature method and system and its intelligent terminal and operation systems.Digital signature method of the invention is based on operation system generation digital signature information trusted graphical code, by completing digital signature after intelligent terminal (such as mobile phone) scanning validation trusted graphical code, related signature information is sent to operation system, operation system feedback result completes digital signature procedure to PC browser.The process does not need to access PC key by control, by trusted graphical code establish between PC, intelligent terminal, operation system with outer interaction, complete digital signature, improve user security experience, customer digital certificate is reduced using complexity, is the safe new and innovative quadrature digital up-converter that a kind of operation system rapid deployment digital signature technology realizes data integrity, authenticity.

Description

A kind of digital signature method and system and its intelligent terminal and operation system
Technical field
The present invention relates to internet security technologies, more specifically to a kind of digital signature method and system and its intelligence It can terminal and operation system.
Background technique
Digital signature is a kind of solution for solving data integrity and sources can be traced back, is pre-generated by user Key ensures the trusted identity of user to the digital certificate of mechanism, trusted third party application, and sender is passed through using private key encryption The hashed value that hashing algorithm generates forms digital signature, and recipient uses sender's public key verifications decrypted hash value, and by same Sample hashing algorithm hashes original text, compares the validity of two hashed value confirmation digital signature.
At present on PC, Internet application in a manner of WEB accession page based on, the digital signature of Internet application It needs to pass through browser operation.Interactive entrance of the browser as PC and Internet application needs to keep safety Strict control is carried out to by the permission of internet access to personal computer local resource, generally required through third party's signature Control supports local file operation, the local generation of digital certificate key to take care of, the demand of application, needs digital certificate solution party Case provider provides corresponding third party control and operates to digital certificate, including the support to digital signature.
Digital signature is that the process of digital certificate, key and digital signature is operated by browser digital certificate control, close The storage mode of key can be by software key container or the encryption hardware comprising encryption chip stores.Thus, prior art side Case needs user to download installation third party control on a web browser.PC operating system is related to Microsoft WINDOWS, apple at present The LINUX etc. of fruit MAC OS and different labels, browser includes Microsoft IE6,7,8,9,10, apple safari, red fox The manufacturers such as firefox, Google chrome and customization version, such as Tencent, Qihoo, Baidu based on above-mentioned browser push away Browser out.Different operating system, the security setting of different browsers are different, the security control of browser, the receiving of control The differences such as degree, mode, default treatment mode, bring a large amount of compatibility issue, cause digital certificate in digital signature applications In a large number of users experience problem, reduce the popularization of digital certificate digital signature applications, digital signature is recognized in user identity The superiority of card, transaction integrality protection etc. cannot timely and effectively be applied.
There are also out-of-band communications such as MPKI (Managed Public Key Infrastructure) to complete digital signature at present The solution of application, the program are pushed to designated mobile phone in a manner of data SMS push by short message channel MPKI mechanism Number completes digital signature by the SIM card that built-in PKI is applied.This mode, can only since data SMS carrying content is limited Push signature hashed value completes digital signature, and terminal side is not able to verify that signature contents original text, is not able to verify that digital signature request Source, there are third party attack risks.
Summary of the invention
The technical problem to be solved in the present invention is that in view of the above drawbacks of the prior art, providing a kind of based on outer logical The digital signature method and system and its intelligent terminal and operation system of letter do not need third party control and to be able to achieve data complete Property and authenticity.
According to the first aspect of the invention, the present invention is to solve its technical problem and propose a kind of digital signature method, is wrapped Include following steps:
S1, the service request using digital signature is needed by browser initiation user;
S2, the service request is based on by operation system, obtains information to be signed and customer digital certificate unique identification, produced The corresponding first signing messages hashed value of the information to be signed is given birth to, and using operation system digital certificate to the letter to be signed Breath, the first signing messages hashed value and customer digital certificate unique identification are digitally signed, and are generated and are accessed the digital signature The Digital signature service URL of information afterwards, and encode the Digital signature service URL to form trusted graphical code;
S3, the trusted graphical code sent by browser-presented operation system;
S4, the trusted graphical code that browser-presented is scanned by intelligent terminal, decoding obtain Digital signature service URL;
S5, it is signed the Digital signature service URL by intelligent terminal using customer digital certificate, and carries the number of generation Signature accesses the Digital signature service URL;
S6, it is verified by operation system after number signature passes through, it is corresponding wait sign to send the Digital signature service URL Name information, the first signing messages hashed value, customer digital certificate unique identification and operation system digital signature are to intelligent terminal;
S7, it is verified by intelligent terminal after the operation system digital signature passes through, calculates the according to the information to be signed Two signing messages hashed values, and when the second signing messages hashed value is consistent with the first signing messages hashed value obtained, Number signature is completed to the information to be signed, number signature result is sent to operation system;
S8, the number signature result is received by operation system, and in verifying customer digital certificate and digital signature By rear, the number signature result is returned into browser.
Trusted graphical code is formed in one embodiment according to a first aspect of the present invention, in the step S2 further to wrap It includes: generating the signing messages timestamp being digitally signed using operation system digital certificate, and by the signing messages Timestamp encodes together with the Digital signature service URL and forms the trusted graphical code;
The step S4 further comprises: decoding obtains the signing messages timestamp;
The step S5 further comprises: verifying the signing messages timestamp by intelligent terminal to confirm the signature clothes Be engaged in the address URL it is errorless after, signed the Digital signature service URL using customer digital certificate, and carry the number signature of generation Access the Digital signature service URL.
In one embodiment according to a first aspect of the present invention, the step S3 further comprises: being mentioned by browser-presented Show that user scans the trusted graphical code using intelligent terminal to complete the information of digital signature.
According to the second aspect of the invention, the present invention is to solve its technical problem and propose a kind of digital signature system, is wrapped Include browser, operation system and the intelligent terminal of communication connection, in which:
The browser is used to initiate user and needs service request using digital signature, and it is described to show that operation system is based on The trusted graphical code that service request is formed and sent, and it is described to complete to receive the number signature result of operation system return Service request;
The operation system is used for the service request initiated based on browser, obtains information and number to be signed Certificate unique identification is generated the corresponding first signing messages hashed value of the information to be signed, and is demonstrate,proved using operation system number Book is digitally signed information, the first signing messages hashed value and the customer digital certificate unique identification to be signed, generates The Digital signature service URL of information after accessing the digital signature, and encode the Digital signature service URL to form trusted graphical code;
The intelligent terminal is used to scan the trusted graphical code of browser-presented, and decoding obtains Digital signature service URL, and makes It is signed the Digital signature service URL with customer digital certificate, and the number signature for carrying generation accesses the Digital signature service URL;
The operation system is also used to verify the number to the access of Digital signature service URL based on intelligent terminal and sign By rear, the corresponding information to be signed of the Digital signature service URL, the first signing messages hashed value, customer digital certificate are sent only One mark and operation system digital signature are to intelligent terminal;
The intelligent terminal is also used to verify after the operation system digital signature passes through, according to the information meter to be signed The second signing messages hashed value is calculated, and consistent with the first signing messages hashed value obtained in the second signing messages hashed value When, number signature is completed to the information to be signed, number signature result is sent to operation system;
The operation system is also used to receive the number signature result of intelligent terminal transmission, in verifying number card After book and digital signature pass through, the number signature result is returned into browser.
In one embodiment according to a second aspect of the present invention, the operation system forms trusted graphical code and further wraps It includes: generating the signing messages timestamp being digitally signed using operation system digital certificate, and by the signing messages Timestamp encodes together with the Digital signature service URL and forms the trusted graphical code;
The intelligent terminal decoding trusted graphical code further comprises: decoding obtains the signing messages timestamp;
The intelligent terminal access signature service URL further comprises: verifying the signing messages timestamp to confirm State the address Digital signature service URL it is errorless after, signed the Digital signature service URL using customer digital certificate, and carry the user of generation Digital signature accesses the Digital signature service URL.
In one embodiment according to a second aspect of the present invention, the browser is in the credible figure for showing that operation system is sent When shape code, further show that prompt user scans the trusted graphical code using intelligent terminal to complete the information of digital signature.
According to the third aspect of the invention we, the present invention is to solve its technical problem and propose a kind of intelligence for digital signature Energy terminal, comprising:
Scan module, for scanning the trusted graphical code of browser-presented, decoding obtains Digital signature service URL;
URL access modules for using customer digital certificate to sign the Digital signature service URL, and carry the user of generation Digital signature accesses the Digital signature service URL;
Receiving module receives the corresponding information to be signed of the Digital signature service URL, the first A.L.S. that operation system is sent Cease hashed value, customer digital certificate unique identification and operation system digital signature;
Digital Signature module, for verifying after the operation system digital signature passes through, according to the information meter to be signed The second signing messages hashed value is calculated, and consistent with the first signing messages hashed value obtained in the second signing messages hashed value When, number signature is completed to the information to be signed;
Sending module, for number signature result to be sent to operation system.
In one embodiment according to a third aspect of the present invention, the scan module, which also decodes, obtains the signing messages time Stamp;
After the URL access modules verify the signing messages timestamp to confirm that the address the Digital signature service URL is errorless, It is signed the Digital signature service URL using customer digital certificate, and the number signature for carrying generation accesses the Digital signature service URL。
According to the fourth aspect of the invention, the present invention is to solve its technical problem and propose a kind of industry for digital signature Business system characterized by comprising
Trusted graphical code generation module, the user for being initiated based on browser need to ask using the business of digital signature It asks, obtains information to be signed and customer digital certificate unique identification, generate corresponding first signing messages of the information to be signed Hashed value, and information, the first signing messages hashed value and the number to be signed are demonstrate,proved using operation system digital certificate Book unique identification is digitally signed, and generates the Digital signature service URL of the information after accessing the digital signature, and by the signature Service URL encodes to form trusted graphical code;
First sending module is shown for trusted graphical code to be sent to browser;
Digital signature service module, for receiving intelligent terminal by scanning the trusted graphical code to Digital signature service URL Access send the corresponding information to be signed of the Digital signature service URL, the first label and after verifying number signature passes through Name hashing information value, customer digital certificate unique identification and operation system digital signature are to intelligent terminal;
Authentication module, for receive intelligent terminal transmission number signature result, and verify customer digital certificate and Digital signature;
Second sending module, for browser will to be returned to by the number signature result of verifying.
In one embodiment according to a fourth aspect of the present invention, the trusted graphical code generation module also generates the use The signing messages timestamp that operation system digital certificate is digitally signed, and by the signing messages timestamp and the signature Service URL is encoded together forms the trusted graphical code.
Implement digital signature method according to the present invention and system and its intelligent terminal and operation system with beneficial below Effect:
(1) used out-of-band data signature mechanism is established by trusted graphical code: using trusted graphical code as tie, establishes business The meeting interactive process of system, intelligent terminal, browser, complete browser and operation system with outer digital signature applications, it is personal Computer does not have to digital certificate and key, so as to avoid PC user's Key Exposure and abuse problem;
(2) digital signature browser control part compatibility issue is solved by out-of-band way: number is used by out-of-band way Certificate number signature, avoids browser control part compatibility bring digital certificate digital signature technology complexity and user experience Problem;
(3) it is realized by operation system and intelligent terminal with outer digital certificate signature mechanism: operation system and intelligent terminal By digital signature authentication, the accordance of digital certificate user and trade user are verified, the real effectiveness of signature contents is being protected Under the premise of demonstrate,proving the effect unification with outer digital signature and browser digital certificate and digital signature, customer digital certificate, number Signature is reduced using complexity, and secure visual improves.
Detailed description of the invention
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is the flow chart of the digital signature method of one embodiment of the invention;
Fig. 2 is the signal of the interactive process between browser in one embodiment of the invention, operation system and intelligent terminal Figure;
Fig. 3 is the logic diagram of the digital signature system of one embodiment of the invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
Fig. 1 shows the flow chart of digital signature method 100 according to an embodiment of the invention.As shown in Figure 1, the number Word endorsement method 100 includes the following steps:
In step S110, user is initiated by browser and needs the service request using digital signature.For example, user Ke Tong PC browser is crossed to initiate to use the service request of digital signature to operation system.
In later step S120, the service request is based on by operation system, obtains information and number card to be signed Book unique identification generates the corresponding first signing messages hashed value of the information to be signed, and uses operation system digital certificate Information, the first signing messages hashed value and the customer digital certificate unique identification to be signed are digitally signed, generates and visits The Digital signature service URL of information after asking the digital signature, and encode the Digital signature service URL to form trusted graphical code.
In later step S130, the trusted graphical code that is sent by browser-presented operation system.Meanwhile browser can also be opened up Show information reminding user and scans the trusted graphical code using intelligent terminal to complete digital signature.
In later step S140, the trusted graphical code of browser-presented is scanned by intelligent terminal, decoding obtains signature clothes Be engaged in URL.
In later step S150, signed the Digital signature service URL by intelligent terminal using customer digital certificate, and carry life At number signature access the Digital signature service URL.
In later step S160, is verified after number signature passes through by operation system, send the Digital signature service URL corresponding information, the first signing messages hashed value, customer digital certificate unique identification and operation system digital signature to be signed To intelligent terminal.
In later step S170, verified after the operation system digital signature passes through by intelligent terminal, according to described wait sign Name information calculates the second signing messages hashed value, and dissipates in the second signing messages hashed value and the first signing messages obtained When train value is consistent, number signature is completed to the information to be signed, number signature result is sent to operation system.
In later step S180, the number signature result is received by operation system, and in verifying number card After book and digital signature pass through, the number signature result is returned into browser and is requested with finishing service.
Fig. 2 shows browser, operation system and intelligence in digital signature method accord to a specific embodiment of that present invention Interactive process between energy terminal.It is specific as shown in Figure 2:
Firstly, browser initiates to use the business of digital signature to operation system based on the demand of user in step S201 Request.
In later step S202, operation system obtained from service request user submission information to be signed (need into The content of row digital signature) and customer digital certificate unique identification.
In later step S203, operation system generates the first signing messages hashed value based on the information to be signed of acquisition.Example Such as, operation system hash function such as MD5, SHA1 algorithm can be used to treat signing messages and be calculated the signing messages and dissipate Train value.
In later step S204, operation system is using operation system digital certificate to above-mentioned information to be signed, the first signature Hashing information value and customer digital certificate unique identification are digitally signed, and obtain the operation system digital signature of above- mentioned information.
In later step S205, operation system generates Digital signature service URL and signing messages timestamp.Digital signature service URL It is the resource http address of the information after the access digital signature, can be generated according to certain coding rule.The signing messages Timestamp is the time point being digitally signed using operation system digital certificate.
In later step S206, operation system Digital signature service URL and signing messages timestamp are encoded together formed it is credible Graphic code.Various suitable coding techniques well known to those skilled in the art can be used in the coding method of graphic code.
In later step S207, which is sent to browser by operation system.
In later step S208, the trusted graphical code that browser-presented operation system is sent, and also show that scanning figure shape code Prompt information, with prompt user using intelligent terminal scan the trusted graphical code complete digital signature.
As in step S209, the trusted graphical code of operation scanning browser-presented of the intelligent terminal based on user is decoded Obtain Digital signature service URL and signing messages timestamp.
In later step S210, intelligent terminal verifies the signing messages timestamp, that is, judges the time of business generation to keep away Exempt to occur resetting and fake, it is ensured that the address Digital signature service URL is errorless.
In later step S211, intelligent terminal signs to Digital signature service URL using customer digital certificate, generates user Digital signature.
In later step S212, intelligent terminal is with carrying the corresponding resource of number signature access signature service URL Location.
In later step S213, operation system verifies the signature of number entrained by the access request, to confirm user Whether digital certificate and customer digital certificate unique identification corresponding to Digital signature service URL are consistent.It is only consistent in the two In the case of, digital signature of the invention could be completed.
In later step S214, in both verifyings under unanimous circumstances, operation system by corresponding to Digital signature service URL to Signing messages, the first signing messages hashed value, customer digital certificate unique identification and operation system digital signature are sent to intelligence Terminal.
In later step S215, intelligent terminal verifies the operation system digital signature that receives, to confirm information to be signed, the One signing messages hashed value and customer digital certificate unique identification are really without modification.
In later step S216, intelligent terminal generates the second signing messages hashed value based on the information to be signed of acquisition.Example Such as, intelligent terminal use hash function identical with operation system such as MD5, SHA1 algorithm is treated signing messages and calculate To the signing messages hashed value.
In later step S217, the second signing messages hashed value that intelligent terminal produces their own is obtained with from operation system The the first signature hashed value obtained is compared, and only under the two unanimous circumstances, can just continue to complete number signature.
In later step S218, intelligent terminal uses Digital Signature Algorithm, treats signing messages and completes number signature.
In later step S219, number signature result is sent to operation system by intelligent terminal.
In later step S220, operation system verifies customer digital certificate and user entrained by number signature result Digital signature, to confirm the authenticity and integrity of the number signature result.
In later step S221, operation system will return to browser by the number signature result of above-mentioned verifying.
In later step S222, browser receives number signature result, finishing service request.
Above-mentioned digital signature method of the invention sufficiently has references to international standard (PKI), national standard and relevant row Industry standard, using trusted graphical code as carrier, the browser control part for solving PC using digital certificate, digital signature is compatible Property problem and MPKI the problem of being verified with signature request side in outer digital signature and signature contents, guaranteeing with outer digital signature Under the premise of browser digital certificate, digital signature same effect, a kind of customer digital certificate is established, digital signature makes With the out-of-band communication data signature mechanism that complexity reduces, secure visual improves.
Based on digital signature method described above, the present invention also proposes a kind of digital signature system.Fig. 3 shows basis The logic diagram of the digital signature system 300 of one embodiment of the invention.As shown in figure 3, the digital signature system 300 includes logical Believe browser 310, operation system 320 and the intelligent terminal 330 of connection.Browser 310 is used to initiate user to operation system 320 The service request using digital signature is needed, shows the credible figure that operation system 320 is formed and sent based on the service request Shape code, and the number signature result for receiving the return of operation system 320 is requested with finishing service.Operation system 320 is used for base In the service request that browser 310 is initiated, information to be signed and customer digital certificate unique identification are obtained, is generated described to be signed The corresponding first signing messages hashed value of information, and using operation system digital certificate to the information to be signed, the first signature Hashing information value and customer digital certificate unique identification are digitally signed, and generate the label of the information after accessing the digital signature Name service URL, and the Digital signature service URL encoded to form trusted graphical code and be sent to browser 310.330 base of intelligent terminal The trusted graphical code that browser 310 is shown is scanned in the prompt of browser 310, decoding obtains Digital signature service URL, and uses use Digital signature service URL described in the digital certificate signature of family, and the number signature for carrying generation accesses the Digital signature service URL.Industry Business system 320 is also used to the access verifying number signature based on intelligent terminal 330 to Digital signature service URL, and logical in verifying Later, information to be signed corresponding to Digital signature service URL, the first signing messages hashed value, customer digital certificate is sent uniquely to mark Know and operation system digital signature is to intelligent terminal 330.Intelligent terminal 330 is also used to verify the operation system number label of acquisition Name, and after being verified, the second signing messages hashed value is calculated according to the information to be signed, and in second A.L.S. When breath hashed value is consistent with the first signing messages hashed value obtained, number signature is completed to the information to be signed, it will Number signature result is sent to operation system 320.Operation system 320 receives the number label that intelligent terminal 330 is sent Name is as a result, verify customer digital certificate and digital signature to confirm the authenticity and integrity of the number signature result, so The number signature result is returned into browser 310 afterwards.Browser 310 receives number signature result, can complete Service request.
Specifically as shown in figure 3, operation system 320 further comprises trusted graphical code generation module 321, the first sending module 322, digital signature service module 323, authentication module 324 and the second sending module 325.Wherein, trusted graphical code generation module 321 users initiated based on browser 310 need the service request using digital signature, obtain information and number to be signed Certificate unique identification is generated the corresponding first signing messages hashed value of the information to be signed, and is demonstrate,proved using operation system number Book is digitally signed information, the first signing messages hashed value and the customer digital certificate unique identification to be signed, generates The Digital signature service URL of information after accessing the digital signature, and encode the Digital signature service URL to form trusted graphical code. First sending module 322 is shown for trusted graphical code to be sent to browser 310.Digital signature service module 323 is used Pass through the access for scanning the trusted graphical code to Digital signature service URL in receiving intelligent terminal 330, and in verifying number label After name passes through, the corresponding information to be signed of the Digital signature service URL, the first signing messages hashed value, customer digital certificate are sent Unique identification and operation system digital signature are to intelligent terminal 330.Authentication module 324 is used to receive the transmission of intelligent terminal 330 Number signature result, and verify customer digital certificate and digital signature.Second sending module 325 will be for that will pass through verifying The number signature result returns to browser 310.
Specifically as shown in figure 3, intelligent terminal 330 further comprises scan module 331, URL access modules 332, receives mould Block 333, Digital Signature module 334 and sending module 335.Wherein, scan module 331 be used for scan browser 310 displaying can Believe graphic code, decoding obtains Digital signature service URL.URL access modules 332 are used for signature clothes of signing using customer digital certificate Be engaged in URL, and the number signature for carrying generation accesses the Digital signature service URL.Receiving module 333 is for receiving operation system The corresponding information to be signed of the Digital signature service URL sent, the first signing messages hashed value, customer digital certificate unique identification With operation system digital signature.Digital Signature module 334 is used to verify the operation system digital signature, and after being verified Calculate the second signing messages hashed value according to the information to be signed, and the second signing messages hashed value and obtain the When one signing messages hashed value is consistent, number signature is completed to the information to be signed.Sending module 335 is used for user Digital signature result is sent to operation system 320.
In further preferred embodiment, the trusted graphical code generation module 321 of operation system 320 also generates the use The signing messages timestamp that operation system digital certificate is digitally signed, and by the signing messages timestamp and the signature Service URL is encoded together forms the trusted graphical code.The scan module 331 of intelligent terminal 330, which scans trusted graphical code, may be used also Decoding obtains signing messages timestamp, and URL access modules 332 first verify the A.L.S. before accessing Digital signature service URL Timestamp is ceased to confirm that the address Digital signature service URL is errorless.
Above-mentioned digital signature system of the invention is led to based on operation system generation digital signature information trusted graphical code Digital signature is completed after crossing intelligent terminal (such as mobile phone) scanning validation trusted graphical code, related signature information is sent to business system System, operation system feedback result to PC browser complete digital signature procedure.The process does not need to access by control PC key, by trusted graphical code establish between PC, intelligent terminal, operation system with outer interaction, complete number Word signature improves user security experience, reduces customer digital certificate using complexity, is a kind of operation system rapid deployment Digital signature technology realizes the safe new and innovative quadrature digital up-converter of data integrity, authenticity.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.

Claims (10)

1. a kind of digital signature method, which comprises the steps of:
S1, the service request using digital signature is needed by browser initiation user;
S2, the service request is based on by operation system, obtains information to be signed and customer digital certificate unique identification, generate institute State the corresponding first signing messages hashed value of information to be signed, and using operation system digital certificate to the information to be signed, First signing messages hashed value and customer digital certificate unique identification are digitally signed, and are generated after accessing the digital signature The Digital signature service URL of information, and encode the Digital signature service URL to form trusted graphical code;
S3, the trusted graphical code sent by browser-presented operation system;
S4, the trusted graphical code that browser-presented is scanned by intelligent terminal, decoding obtain Digital signature service URL;
S5, it is signed the Digital signature service URL by intelligent terminal using customer digital certificate, and carries the number signature of generation Access the Digital signature service URL;
S6, it is verified by operation system after number signature passes through, sends the corresponding letter to be signed of the Digital signature service URL Breath, the first signing messages hashed value, customer digital certificate unique identification and operation system digital signature are to intelligent terminal;
S7, it is verified by intelligent terminal after the operation system digital signature passes through, the second label is calculated according to the information to be signed Name hashing information value, and when the second signing messages hashed value is consistent with the first signing messages hashed value obtained, to institute It states information to be signed and completes number signature, number signature result is sent to operation system;
S8, the number signature result is received by operation system, and pass through in verifying customer digital certificate and digital signature Afterwards, the number signature result is returned into browser.
2. digital signature method according to claim 1, which is characterized in that in the step S2 formed trusted graphical code into One step includes: to generate the signing messages timestamp being digitally signed using operation system digital certificate, and by the label Name information time stamp coding together with the Digital signature service URL forms the trusted graphical code;
The step S4 further comprises: decoding obtains the signing messages timestamp;
The step S5 further comprises: verifying the signing messages timestamp by intelligent terminal to confirm the Digital signature service It after the address URL is errorless, is signed the Digital signature service URL using customer digital certificate, and the number signature for carrying generation is visited Ask the Digital signature service URL.
3. digital signature method according to claim 1, which is characterized in that the step S3 further comprises: by browsing Device shows that prompt user scans the trusted graphical code using intelligent terminal to complete the information of digital signature.
4. a kind of digital signature system, which is characterized in that browser, operation system and intelligent terminal including communication connection, In:
The browser is used to initiate user and needs service request using digital signature, shows that operation system is based on the business The trusted graphical code that request is formed and sent, and the number signature result of operation system return is received to complete the business Request;
The operation system is used for the service request initiated based on browser, obtains information to be signed and customer digital certificate Unique identification generates the corresponding first signing messages hashed value of the information to be signed, and uses operation system digital certificate pair The information to be signed, the first signing messages hashed value and customer digital certificate unique identification are digitally signed, and generate access The Digital signature service URL of information after the digital signature, and encode the Digital signature service URL to form trusted graphical code;
The intelligent terminal is used to scan the trusted graphical code of browser-presented, and decoding obtains Digital signature service URL, and uses use Digital signature service URL described in the digital certificate signature of family, and the number signature for carrying generation accesses the Digital signature service URL;
The operation system, which is also used to verify the number signature to the access of Digital signature service URL based on intelligent terminal, to be passed through Afterwards, the corresponding information to be signed of the Digital signature service URL, the first signing messages hashed value, customer digital certificate is sent uniquely to mark Know and operation system digital signature is to intelligent terminal;
The intelligent terminal is also used to verify after the operation system digital signature passes through, and calculates the according to the information to be signed Two signing messages hashed values, and when the second signing messages hashed value is consistent with the first signing messages hashed value obtained, Number signature is completed to the information to be signed, number signature result is sent to operation system;
The operation system be also used to receive intelligent terminal transmission number signature result, verifying customer digital certificate and After digital signature passes through, the number signature result is returned into browser.
5. digital signature system according to claim 4, which is characterized in that the operation system formed trusted graphical code into One step includes: to generate the signing messages timestamp being digitally signed using operation system digital certificate, and by the label Name information time stamp coding together with the Digital signature service URL forms the trusted graphical code;
The intelligent terminal decoding trusted graphical code further comprises: decoding obtains the signing messages timestamp;
The intelligent terminal access signature service URL further comprises: verifying the signing messages timestamp to confirm the label After the name service address URL is errorless, signed the Digital signature service URL using customer digital certificate, and carry the number of generation Signature accesses the Digital signature service URL.
6. digital signature system according to claim 4, which is characterized in that the browser is showing operation system transmission Trusted graphical code when, further show that prompt user using intelligent terminal scans the trusted graphical code to complete digital signature Information.
7. a kind of intelligent terminal for digital signature characterized by comprising
Scan module, for scanning the trusted graphical code of browser-presented, decoding obtains Digital signature service URL;
URL access modules for using customer digital certificate to sign the Digital signature service URL, and carry the number of generation Signature accesses the Digital signature service URL;
Receiving module, for receiving the corresponding information to be signed of the Digital signature service URL, the first A.L.S. of operation system transmission Cease hashed value, customer digital certificate unique identification and operation system digital signature;
Digital Signature module calculates the according to the information to be signed for verifying after the operation system digital signature passes through Two signing messages hashed values, and when the second signing messages hashed value is consistent with the first signing messages hashed value obtained, Number signature is completed to the information to be signed;
Sending module, for number signature result to be sent to operation system.
8. the intelligent terminal according to claim 7 for digital signature, which is characterized in that the scan module also decodes Obtain signing messages timestamp;
After the URL access modules verify the signing messages timestamp to confirm that the address the Digital signature service URL is errorless, use The customer digital certificate signature Digital signature service URL, and the number signature for carrying generation accesses the Digital signature service URL.
9. a kind of operation system for digital signature characterized by comprising
Trusted graphical code generation module, the user for being initiated based on browser are needed the service request using digital signature, obtained Information to be signed and customer digital certificate unique identification are obtained, the corresponding first signing messages hash of the information to be signed is generated Value, and using operation system digital certificate to information, the first signing messages hashed value and the customer digital certificate to be signed only One mark is digitally signed, and generates the Digital signature service URL of the information after accessing the digital signature, and by the Digital signature service URL encodes to form trusted graphical code;
First sending module is shown for trusted graphical code to be sent to browser;
Digital signature service module, for receiving intelligent terminal by scanning visit of the trusted graphical code to Digital signature service URL It asks, and after verifying number signature passes through, sends the corresponding information to be signed of the Digital signature service URL, the first A.L.S. Hashed value, customer digital certificate unique identification and operation system digital signature are ceased to intelligent terminal;
Authentication module for receiving the number signature result of intelligent terminal transmission, and verifies customer digital certificate and number Signature;
Second sending module, for browser will to be returned to by the number signature result of verifying.
10. the operation system according to claim 9 for digital signature, which is characterized in that the trusted graphical code is raw Also generate the signing messages timestamp being digitally signed using operation system digital certificate at module, and by the signature Information time stamp coding together with the Digital signature service URL forms the trusted graphical code.
CN201510633498.XA 2015-09-29 2015-09-29 A kind of digital signature method and system and its intelligent terminal and operation system Active CN106559219B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510633498.XA CN106559219B (en) 2015-09-29 2015-09-29 A kind of digital signature method and system and its intelligent terminal and operation system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510633498.XA CN106559219B (en) 2015-09-29 2015-09-29 A kind of digital signature method and system and its intelligent terminal and operation system

Publications (2)

Publication Number Publication Date
CN106559219A CN106559219A (en) 2017-04-05
CN106559219B true CN106559219B (en) 2019-05-10

Family

ID=58415953

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510633498.XA Active CN106559219B (en) 2015-09-29 2015-09-29 A kind of digital signature method and system and its intelligent terminal and operation system

Country Status (1)

Country Link
CN (1) CN106559219B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107786543A (en) * 2017-09-28 2018-03-09 北京深思数盾科技股份有限公司 The method that the local service component of intelligent cipher key equipment interacts with networked application programs
CN107968815B (en) * 2017-10-25 2021-05-14 北京信安世纪科技股份有限公司 Safety protection method and device
CN112600803B (en) * 2020-12-02 2022-07-19 上海哔哩哔哩科技有限公司 Web end data signature method and device and computer equipment
CN114866320A (en) * 2022-05-06 2022-08-05 中国银行股份有限公司 Method, device, equipment and storage medium for preventing url parameter from being tampered

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1996371A (en) * 2006-11-30 2007-07-11 银联金融认证中心有限公司 System for implementing inter-bank use of digital certificates and method therefor
CN101800642A (en) * 2009-12-31 2010-08-11 卓望数码技术(深圳)有限公司 Encoding and decoding methods, equipment and system of graphic codes
CN102779263A (en) * 2012-06-19 2012-11-14 袁开国 Credible two-dimensional code scheme based on public key infrastructure (PKI) and digital signature

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7254705B2 (en) * 2002-03-15 2007-08-07 Matsushita Electric Industrial Co., Ltd. Service providing system in which services are provided from service provider apparatus to service user apparatus via network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1996371A (en) * 2006-11-30 2007-07-11 银联金融认证中心有限公司 System for implementing inter-bank use of digital certificates and method therefor
CN101800642A (en) * 2009-12-31 2010-08-11 卓望数码技术(深圳)有限公司 Encoding and decoding methods, equipment and system of graphic codes
CN102779263A (en) * 2012-06-19 2012-11-14 袁开国 Credible two-dimensional code scheme based on public key infrastructure (PKI) and digital signature

Also Published As

Publication number Publication date
CN106559219A (en) 2017-04-05

Similar Documents

Publication Publication Date Title
KR101331316B1 (en) Method and apparatus to create a secure web browsing environment with privilege signing
JP7083892B2 (en) Mobile authentication interoperability of digital certificates
Razzak Spamming the Internet of Things: A Possibility and its probable Solution
KR101133829B1 (en) Verifying authenticity of webpages
CN111355726B (en) Identity authorization login method and device, electronic equipment and storage medium
EP2213044B1 (en) Method of providing assured transactions using secure transaction appliance and watermark verification
WO2015180691A1 (en) Key agreement method and device for verification information
CN106559219B (en) A kind of digital signature method and system and its intelligent terminal and operation system
CN106911684B (en) Authentication method and system
CN104662864A (en) User-convenient authentication method and apparatus using a mobile authentication application
CN102546171A (en) Secure element authentication
CN109495268B (en) Two-dimensional code authentication method and device and computer readable storage medium
CN106921496A (en) A kind of digital signature method and system
CN106464496A (en) Method and system for creating a certificate to authenticate a user identity
WO2015180689A1 (en) Method and apparatus for acquiring verification information
CN111683103A (en) Information interaction method and device
JP6462121B2 (en) Method for accessing services, corresponding first device, second device and system
CN109362074A (en) The method of h5 and server-side safety communication in a kind of mixed mode APP
KR20120053929A (en) The agent system for digital signature using sign private key with double encryption and method thereof features to store in web storage
KR20150011305A (en) Biometric authentication electronic signature registration methods using an instant messenger
CN102404337A (en) Data encryption method and device
CN113434882A (en) Communication protection method and device of application program, computer equipment and storage medium
CN103368831A (en) Anonymous instant messaging system based on frequent visitor recognition
KR100848966B1 (en) Method for authenticating and decrypting of short message based on public key
CA2793422C (en) Hypertext link verification in encrypted e-mail for mobile devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant