CN106559219B - A kind of digital signature method and system and its intelligent terminal and operation system - Google Patents
A kind of digital signature method and system and its intelligent terminal and operation system Download PDFInfo
- Publication number
- CN106559219B CN106559219B CN201510633498.XA CN201510633498A CN106559219B CN 106559219 B CN106559219 B CN 106559219B CN 201510633498 A CN201510633498 A CN 201510633498A CN 106559219 B CN106559219 B CN 106559219B
- Authority
- CN
- China
- Prior art keywords
- digital signature
- operation system
- signature
- digital
- signed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a kind of digital signature method and system and its intelligent terminal and operation systems.Digital signature method of the invention is based on operation system generation digital signature information trusted graphical code, by completing digital signature after intelligent terminal (such as mobile phone) scanning validation trusted graphical code, related signature information is sent to operation system, operation system feedback result completes digital signature procedure to PC browser.The process does not need to access PC key by control, by trusted graphical code establish between PC, intelligent terminal, operation system with outer interaction, complete digital signature, improve user security experience, customer digital certificate is reduced using complexity, is the safe new and innovative quadrature digital up-converter that a kind of operation system rapid deployment digital signature technology realizes data integrity, authenticity.
Description
Technical field
The present invention relates to internet security technologies, more specifically to a kind of digital signature method and system and its intelligence
It can terminal and operation system.
Background technique
Digital signature is a kind of solution for solving data integrity and sources can be traced back, is pre-generated by user
Key ensures the trusted identity of user to the digital certificate of mechanism, trusted third party application, and sender is passed through using private key encryption
The hashed value that hashing algorithm generates forms digital signature, and recipient uses sender's public key verifications decrypted hash value, and by same
Sample hashing algorithm hashes original text, compares the validity of two hashed value confirmation digital signature.
At present on PC, Internet application in a manner of WEB accession page based on, the digital signature of Internet application
It needs to pass through browser operation.Interactive entrance of the browser as PC and Internet application needs to keep safety
Strict control is carried out to by the permission of internet access to personal computer local resource, generally required through third party's signature
Control supports local file operation, the local generation of digital certificate key to take care of, the demand of application, needs digital certificate solution party
Case provider provides corresponding third party control and operates to digital certificate, including the support to digital signature.
Digital signature is that the process of digital certificate, key and digital signature is operated by browser digital certificate control, close
The storage mode of key can be by software key container or the encryption hardware comprising encryption chip stores.Thus, prior art side
Case needs user to download installation third party control on a web browser.PC operating system is related to Microsoft WINDOWS, apple at present
The LINUX etc. of fruit MAC OS and different labels, browser includes Microsoft IE6,7,8,9,10, apple safari, red fox
The manufacturers such as firefox, Google chrome and customization version, such as Tencent, Qihoo, Baidu based on above-mentioned browser push away
Browser out.Different operating system, the security setting of different browsers are different, the security control of browser, the receiving of control
The differences such as degree, mode, default treatment mode, bring a large amount of compatibility issue, cause digital certificate in digital signature applications
In a large number of users experience problem, reduce the popularization of digital certificate digital signature applications, digital signature is recognized in user identity
The superiority of card, transaction integrality protection etc. cannot timely and effectively be applied.
There are also out-of-band communications such as MPKI (Managed Public Key Infrastructure) to complete digital signature at present
The solution of application, the program are pushed to designated mobile phone in a manner of data SMS push by short message channel MPKI mechanism
Number completes digital signature by the SIM card that built-in PKI is applied.This mode, can only since data SMS carrying content is limited
Push signature hashed value completes digital signature, and terminal side is not able to verify that signature contents original text, is not able to verify that digital signature request
Source, there are third party attack risks.
Summary of the invention
The technical problem to be solved in the present invention is that in view of the above drawbacks of the prior art, providing a kind of based on outer logical
The digital signature method and system and its intelligent terminal and operation system of letter do not need third party control and to be able to achieve data complete
Property and authenticity.
According to the first aspect of the invention, the present invention is to solve its technical problem and propose a kind of digital signature method, is wrapped
Include following steps:
S1, the service request using digital signature is needed by browser initiation user;
S2, the service request is based on by operation system, obtains information to be signed and customer digital certificate unique identification, produced
The corresponding first signing messages hashed value of the information to be signed is given birth to, and using operation system digital certificate to the letter to be signed
Breath, the first signing messages hashed value and customer digital certificate unique identification are digitally signed, and are generated and are accessed the digital signature
The Digital signature service URL of information afterwards, and encode the Digital signature service URL to form trusted graphical code;
S3, the trusted graphical code sent by browser-presented operation system;
S4, the trusted graphical code that browser-presented is scanned by intelligent terminal, decoding obtain Digital signature service URL;
S5, it is signed the Digital signature service URL by intelligent terminal using customer digital certificate, and carries the number of generation
Signature accesses the Digital signature service URL;
S6, it is verified by operation system after number signature passes through, it is corresponding wait sign to send the Digital signature service URL
Name information, the first signing messages hashed value, customer digital certificate unique identification and operation system digital signature are to intelligent terminal;
S7, it is verified by intelligent terminal after the operation system digital signature passes through, calculates the according to the information to be signed
Two signing messages hashed values, and when the second signing messages hashed value is consistent with the first signing messages hashed value obtained,
Number signature is completed to the information to be signed, number signature result is sent to operation system;
S8, the number signature result is received by operation system, and in verifying customer digital certificate and digital signature
By rear, the number signature result is returned into browser.
Trusted graphical code is formed in one embodiment according to a first aspect of the present invention, in the step S2 further to wrap
It includes: generating the signing messages timestamp being digitally signed using operation system digital certificate, and by the signing messages
Timestamp encodes together with the Digital signature service URL and forms the trusted graphical code;
The step S4 further comprises: decoding obtains the signing messages timestamp;
The step S5 further comprises: verifying the signing messages timestamp by intelligent terminal to confirm the signature clothes
Be engaged in the address URL it is errorless after, signed the Digital signature service URL using customer digital certificate, and carry the number signature of generation
Access the Digital signature service URL.
In one embodiment according to a first aspect of the present invention, the step S3 further comprises: being mentioned by browser-presented
Show that user scans the trusted graphical code using intelligent terminal to complete the information of digital signature.
According to the second aspect of the invention, the present invention is to solve its technical problem and propose a kind of digital signature system, is wrapped
Include browser, operation system and the intelligent terminal of communication connection, in which:
The browser is used to initiate user and needs service request using digital signature, and it is described to show that operation system is based on
The trusted graphical code that service request is formed and sent, and it is described to complete to receive the number signature result of operation system return
Service request;
The operation system is used for the service request initiated based on browser, obtains information and number to be signed
Certificate unique identification is generated the corresponding first signing messages hashed value of the information to be signed, and is demonstrate,proved using operation system number
Book is digitally signed information, the first signing messages hashed value and the customer digital certificate unique identification to be signed, generates
The Digital signature service URL of information after accessing the digital signature, and encode the Digital signature service URL to form trusted graphical code;
The intelligent terminal is used to scan the trusted graphical code of browser-presented, and decoding obtains Digital signature service URL, and makes
It is signed the Digital signature service URL with customer digital certificate, and the number signature for carrying generation accesses the Digital signature service
URL;
The operation system is also used to verify the number to the access of Digital signature service URL based on intelligent terminal and sign
By rear, the corresponding information to be signed of the Digital signature service URL, the first signing messages hashed value, customer digital certificate are sent only
One mark and operation system digital signature are to intelligent terminal;
The intelligent terminal is also used to verify after the operation system digital signature passes through, according to the information meter to be signed
The second signing messages hashed value is calculated, and consistent with the first signing messages hashed value obtained in the second signing messages hashed value
When, number signature is completed to the information to be signed, number signature result is sent to operation system;
The operation system is also used to receive the number signature result of intelligent terminal transmission, in verifying number card
After book and digital signature pass through, the number signature result is returned into browser.
In one embodiment according to a second aspect of the present invention, the operation system forms trusted graphical code and further wraps
It includes: generating the signing messages timestamp being digitally signed using operation system digital certificate, and by the signing messages
Timestamp encodes together with the Digital signature service URL and forms the trusted graphical code;
The intelligent terminal decoding trusted graphical code further comprises: decoding obtains the signing messages timestamp;
The intelligent terminal access signature service URL further comprises: verifying the signing messages timestamp to confirm
State the address Digital signature service URL it is errorless after, signed the Digital signature service URL using customer digital certificate, and carry the user of generation
Digital signature accesses the Digital signature service URL.
In one embodiment according to a second aspect of the present invention, the browser is in the credible figure for showing that operation system is sent
When shape code, further show that prompt user scans the trusted graphical code using intelligent terminal to complete the information of digital signature.
According to the third aspect of the invention we, the present invention is to solve its technical problem and propose a kind of intelligence for digital signature
Energy terminal, comprising:
Scan module, for scanning the trusted graphical code of browser-presented, decoding obtains Digital signature service URL;
URL access modules for using customer digital certificate to sign the Digital signature service URL, and carry the user of generation
Digital signature accesses the Digital signature service URL;
Receiving module receives the corresponding information to be signed of the Digital signature service URL, the first A.L.S. that operation system is sent
Cease hashed value, customer digital certificate unique identification and operation system digital signature;
Digital Signature module, for verifying after the operation system digital signature passes through, according to the information meter to be signed
The second signing messages hashed value is calculated, and consistent with the first signing messages hashed value obtained in the second signing messages hashed value
When, number signature is completed to the information to be signed;
Sending module, for number signature result to be sent to operation system.
In one embodiment according to a third aspect of the present invention, the scan module, which also decodes, obtains the signing messages time
Stamp;
After the URL access modules verify the signing messages timestamp to confirm that the address the Digital signature service URL is errorless,
It is signed the Digital signature service URL using customer digital certificate, and the number signature for carrying generation accesses the Digital signature service
URL。
According to the fourth aspect of the invention, the present invention is to solve its technical problem and propose a kind of industry for digital signature
Business system characterized by comprising
Trusted graphical code generation module, the user for being initiated based on browser need to ask using the business of digital signature
It asks, obtains information to be signed and customer digital certificate unique identification, generate corresponding first signing messages of the information to be signed
Hashed value, and information, the first signing messages hashed value and the number to be signed are demonstrate,proved using operation system digital certificate
Book unique identification is digitally signed, and generates the Digital signature service URL of the information after accessing the digital signature, and by the signature
Service URL encodes to form trusted graphical code;
First sending module is shown for trusted graphical code to be sent to browser;
Digital signature service module, for receiving intelligent terminal by scanning the trusted graphical code to Digital signature service URL
Access send the corresponding information to be signed of the Digital signature service URL, the first label and after verifying number signature passes through
Name hashing information value, customer digital certificate unique identification and operation system digital signature are to intelligent terminal;
Authentication module, for receive intelligent terminal transmission number signature result, and verify customer digital certificate and
Digital signature;
Second sending module, for browser will to be returned to by the number signature result of verifying.
In one embodiment according to a fourth aspect of the present invention, the trusted graphical code generation module also generates the use
The signing messages timestamp that operation system digital certificate is digitally signed, and by the signing messages timestamp and the signature
Service URL is encoded together forms the trusted graphical code.
Implement digital signature method according to the present invention and system and its intelligent terminal and operation system with beneficial below
Effect:
(1) used out-of-band data signature mechanism is established by trusted graphical code: using trusted graphical code as tie, establishes business
The meeting interactive process of system, intelligent terminal, browser, complete browser and operation system with outer digital signature applications, it is personal
Computer does not have to digital certificate and key, so as to avoid PC user's Key Exposure and abuse problem;
(2) digital signature browser control part compatibility issue is solved by out-of-band way: number is used by out-of-band way
Certificate number signature, avoids browser control part compatibility bring digital certificate digital signature technology complexity and user experience
Problem;
(3) it is realized by operation system and intelligent terminal with outer digital certificate signature mechanism: operation system and intelligent terminal
By digital signature authentication, the accordance of digital certificate user and trade user are verified, the real effectiveness of signature contents is being protected
Under the premise of demonstrate,proving the effect unification with outer digital signature and browser digital certificate and digital signature, customer digital certificate, number
Signature is reduced using complexity, and secure visual improves.
Detailed description of the invention
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is the flow chart of the digital signature method of one embodiment of the invention;
Fig. 2 is the signal of the interactive process between browser in one embodiment of the invention, operation system and intelligent terminal
Figure;
Fig. 3 is the logic diagram of the digital signature system of one embodiment of the invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
Fig. 1 shows the flow chart of digital signature method 100 according to an embodiment of the invention.As shown in Figure 1, the number
Word endorsement method 100 includes the following steps:
In step S110, user is initiated by browser and needs the service request using digital signature.For example, user Ke Tong
PC browser is crossed to initiate to use the service request of digital signature to operation system.
In later step S120, the service request is based on by operation system, obtains information and number card to be signed
Book unique identification generates the corresponding first signing messages hashed value of the information to be signed, and uses operation system digital certificate
Information, the first signing messages hashed value and the customer digital certificate unique identification to be signed are digitally signed, generates and visits
The Digital signature service URL of information after asking the digital signature, and encode the Digital signature service URL to form trusted graphical code.
In later step S130, the trusted graphical code that is sent by browser-presented operation system.Meanwhile browser can also be opened up
Show information reminding user and scans the trusted graphical code using intelligent terminal to complete digital signature.
In later step S140, the trusted graphical code of browser-presented is scanned by intelligent terminal, decoding obtains signature clothes
Be engaged in URL.
In later step S150, signed the Digital signature service URL by intelligent terminal using customer digital certificate, and carry life
At number signature access the Digital signature service URL.
In later step S160, is verified after number signature passes through by operation system, send the Digital signature service
URL corresponding information, the first signing messages hashed value, customer digital certificate unique identification and operation system digital signature to be signed
To intelligent terminal.
In later step S170, verified after the operation system digital signature passes through by intelligent terminal, according to described wait sign
Name information calculates the second signing messages hashed value, and dissipates in the second signing messages hashed value and the first signing messages obtained
When train value is consistent, number signature is completed to the information to be signed, number signature result is sent to operation system.
In later step S180, the number signature result is received by operation system, and in verifying number card
After book and digital signature pass through, the number signature result is returned into browser and is requested with finishing service.
Fig. 2 shows browser, operation system and intelligence in digital signature method accord to a specific embodiment of that present invention
Interactive process between energy terminal.It is specific as shown in Figure 2:
Firstly, browser initiates to use the business of digital signature to operation system based on the demand of user in step S201
Request.
In later step S202, operation system obtained from service request user submission information to be signed (need into
The content of row digital signature) and customer digital certificate unique identification.
In later step S203, operation system generates the first signing messages hashed value based on the information to be signed of acquisition.Example
Such as, operation system hash function such as MD5, SHA1 algorithm can be used to treat signing messages and be calculated the signing messages and dissipate
Train value.
In later step S204, operation system is using operation system digital certificate to above-mentioned information to be signed, the first signature
Hashing information value and customer digital certificate unique identification are digitally signed, and obtain the operation system digital signature of above- mentioned information.
In later step S205, operation system generates Digital signature service URL and signing messages timestamp.Digital signature service URL
It is the resource http address of the information after the access digital signature, can be generated according to certain coding rule.The signing messages
Timestamp is the time point being digitally signed using operation system digital certificate.
In later step S206, operation system Digital signature service URL and signing messages timestamp are encoded together formed it is credible
Graphic code.Various suitable coding techniques well known to those skilled in the art can be used in the coding method of graphic code.
In later step S207, which is sent to browser by operation system.
In later step S208, the trusted graphical code that browser-presented operation system is sent, and also show that scanning figure shape code
Prompt information, with prompt user using intelligent terminal scan the trusted graphical code complete digital signature.
As in step S209, the trusted graphical code of operation scanning browser-presented of the intelligent terminal based on user is decoded
Obtain Digital signature service URL and signing messages timestamp.
In later step S210, intelligent terminal verifies the signing messages timestamp, that is, judges the time of business generation to keep away
Exempt to occur resetting and fake, it is ensured that the address Digital signature service URL is errorless.
In later step S211, intelligent terminal signs to Digital signature service URL using customer digital certificate, generates user
Digital signature.
In later step S212, intelligent terminal is with carrying the corresponding resource of number signature access signature service URL
Location.
In later step S213, operation system verifies the signature of number entrained by the access request, to confirm user
Whether digital certificate and customer digital certificate unique identification corresponding to Digital signature service URL are consistent.It is only consistent in the two
In the case of, digital signature of the invention could be completed.
In later step S214, in both verifyings under unanimous circumstances, operation system by corresponding to Digital signature service URL to
Signing messages, the first signing messages hashed value, customer digital certificate unique identification and operation system digital signature are sent to intelligence
Terminal.
In later step S215, intelligent terminal verifies the operation system digital signature that receives, to confirm information to be signed, the
One signing messages hashed value and customer digital certificate unique identification are really without modification.
In later step S216, intelligent terminal generates the second signing messages hashed value based on the information to be signed of acquisition.Example
Such as, intelligent terminal use hash function identical with operation system such as MD5, SHA1 algorithm is treated signing messages and calculate
To the signing messages hashed value.
In later step S217, the second signing messages hashed value that intelligent terminal produces their own is obtained with from operation system
The the first signature hashed value obtained is compared, and only under the two unanimous circumstances, can just continue to complete number signature.
In later step S218, intelligent terminal uses Digital Signature Algorithm, treats signing messages and completes number signature.
In later step S219, number signature result is sent to operation system by intelligent terminal.
In later step S220, operation system verifies customer digital certificate and user entrained by number signature result
Digital signature, to confirm the authenticity and integrity of the number signature result.
In later step S221, operation system will return to browser by the number signature result of above-mentioned verifying.
In later step S222, browser receives number signature result, finishing service request.
Above-mentioned digital signature method of the invention sufficiently has references to international standard (PKI), national standard and relevant row
Industry standard, using trusted graphical code as carrier, the browser control part for solving PC using digital certificate, digital signature is compatible
Property problem and MPKI the problem of being verified with signature request side in outer digital signature and signature contents, guaranteeing with outer digital signature
Under the premise of browser digital certificate, digital signature same effect, a kind of customer digital certificate is established, digital signature makes
With the out-of-band communication data signature mechanism that complexity reduces, secure visual improves.
Based on digital signature method described above, the present invention also proposes a kind of digital signature system.Fig. 3 shows basis
The logic diagram of the digital signature system 300 of one embodiment of the invention.As shown in figure 3, the digital signature system 300 includes logical
Believe browser 310, operation system 320 and the intelligent terminal 330 of connection.Browser 310 is used to initiate user to operation system 320
The service request using digital signature is needed, shows the credible figure that operation system 320 is formed and sent based on the service request
Shape code, and the number signature result for receiving the return of operation system 320 is requested with finishing service.Operation system 320 is used for base
In the service request that browser 310 is initiated, information to be signed and customer digital certificate unique identification are obtained, is generated described to be signed
The corresponding first signing messages hashed value of information, and using operation system digital certificate to the information to be signed, the first signature
Hashing information value and customer digital certificate unique identification are digitally signed, and generate the label of the information after accessing the digital signature
Name service URL, and the Digital signature service URL encoded to form trusted graphical code and be sent to browser 310.330 base of intelligent terminal
The trusted graphical code that browser 310 is shown is scanned in the prompt of browser 310, decoding obtains Digital signature service URL, and uses use
Digital signature service URL described in the digital certificate signature of family, and the number signature for carrying generation accesses the Digital signature service URL.Industry
Business system 320 is also used to the access verifying number signature based on intelligent terminal 330 to Digital signature service URL, and logical in verifying
Later, information to be signed corresponding to Digital signature service URL, the first signing messages hashed value, customer digital certificate is sent uniquely to mark
Know and operation system digital signature is to intelligent terminal 330.Intelligent terminal 330 is also used to verify the operation system number label of acquisition
Name, and after being verified, the second signing messages hashed value is calculated according to the information to be signed, and in second A.L.S.
When breath hashed value is consistent with the first signing messages hashed value obtained, number signature is completed to the information to be signed, it will
Number signature result is sent to operation system 320.Operation system 320 receives the number label that intelligent terminal 330 is sent
Name is as a result, verify customer digital certificate and digital signature to confirm the authenticity and integrity of the number signature result, so
The number signature result is returned into browser 310 afterwards.Browser 310 receives number signature result, can complete
Service request.
Specifically as shown in figure 3, operation system 320 further comprises trusted graphical code generation module 321, the first sending module
322, digital signature service module 323, authentication module 324 and the second sending module 325.Wherein, trusted graphical code generation module
321 users initiated based on browser 310 need the service request using digital signature, obtain information and number to be signed
Certificate unique identification is generated the corresponding first signing messages hashed value of the information to be signed, and is demonstrate,proved using operation system number
Book is digitally signed information, the first signing messages hashed value and the customer digital certificate unique identification to be signed, generates
The Digital signature service URL of information after accessing the digital signature, and encode the Digital signature service URL to form trusted graphical code.
First sending module 322 is shown for trusted graphical code to be sent to browser 310.Digital signature service module 323 is used
Pass through the access for scanning the trusted graphical code to Digital signature service URL in receiving intelligent terminal 330, and in verifying number label
After name passes through, the corresponding information to be signed of the Digital signature service URL, the first signing messages hashed value, customer digital certificate are sent
Unique identification and operation system digital signature are to intelligent terminal 330.Authentication module 324 is used to receive the transmission of intelligent terminal 330
Number signature result, and verify customer digital certificate and digital signature.Second sending module 325 will be for that will pass through verifying
The number signature result returns to browser 310.
Specifically as shown in figure 3, intelligent terminal 330 further comprises scan module 331, URL access modules 332, receives mould
Block 333, Digital Signature module 334 and sending module 335.Wherein, scan module 331 be used for scan browser 310 displaying can
Believe graphic code, decoding obtains Digital signature service URL.URL access modules 332 are used for signature clothes of signing using customer digital certificate
Be engaged in URL, and the number signature for carrying generation accesses the Digital signature service URL.Receiving module 333 is for receiving operation system
The corresponding information to be signed of the Digital signature service URL sent, the first signing messages hashed value, customer digital certificate unique identification
With operation system digital signature.Digital Signature module 334 is used to verify the operation system digital signature, and after being verified
Calculate the second signing messages hashed value according to the information to be signed, and the second signing messages hashed value and obtain the
When one signing messages hashed value is consistent, number signature is completed to the information to be signed.Sending module 335 is used for user
Digital signature result is sent to operation system 320.
In further preferred embodiment, the trusted graphical code generation module 321 of operation system 320 also generates the use
The signing messages timestamp that operation system digital certificate is digitally signed, and by the signing messages timestamp and the signature
Service URL is encoded together forms the trusted graphical code.The scan module 331 of intelligent terminal 330, which scans trusted graphical code, may be used also
Decoding obtains signing messages timestamp, and URL access modules 332 first verify the A.L.S. before accessing Digital signature service URL
Timestamp is ceased to confirm that the address Digital signature service URL is errorless.
Above-mentioned digital signature system of the invention is led to based on operation system generation digital signature information trusted graphical code
Digital signature is completed after crossing intelligent terminal (such as mobile phone) scanning validation trusted graphical code, related signature information is sent to business system
System, operation system feedback result to PC browser complete digital signature procedure.The process does not need to access by control
PC key, by trusted graphical code establish between PC, intelligent terminal, operation system with outer interaction, complete number
Word signature improves user security experience, reduces customer digital certificate using complexity, is a kind of operation system rapid deployment
Digital signature technology realizes the safe new and innovative quadrature digital up-converter of data integrity, authenticity.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.
Claims (10)
1. a kind of digital signature method, which comprises the steps of:
S1, the service request using digital signature is needed by browser initiation user;
S2, the service request is based on by operation system, obtains information to be signed and customer digital certificate unique identification, generate institute
State the corresponding first signing messages hashed value of information to be signed, and using operation system digital certificate to the information to be signed,
First signing messages hashed value and customer digital certificate unique identification are digitally signed, and are generated after accessing the digital signature
The Digital signature service URL of information, and encode the Digital signature service URL to form trusted graphical code;
S3, the trusted graphical code sent by browser-presented operation system;
S4, the trusted graphical code that browser-presented is scanned by intelligent terminal, decoding obtain Digital signature service URL;
S5, it is signed the Digital signature service URL by intelligent terminal using customer digital certificate, and carries the number signature of generation
Access the Digital signature service URL;
S6, it is verified by operation system after number signature passes through, sends the corresponding letter to be signed of the Digital signature service URL
Breath, the first signing messages hashed value, customer digital certificate unique identification and operation system digital signature are to intelligent terminal;
S7, it is verified by intelligent terminal after the operation system digital signature passes through, the second label is calculated according to the information to be signed
Name hashing information value, and when the second signing messages hashed value is consistent with the first signing messages hashed value obtained, to institute
It states information to be signed and completes number signature, number signature result is sent to operation system;
S8, the number signature result is received by operation system, and pass through in verifying customer digital certificate and digital signature
Afterwards, the number signature result is returned into browser.
2. digital signature method according to claim 1, which is characterized in that in the step S2 formed trusted graphical code into
One step includes: to generate the signing messages timestamp being digitally signed using operation system digital certificate, and by the label
Name information time stamp coding together with the Digital signature service URL forms the trusted graphical code;
The step S4 further comprises: decoding obtains the signing messages timestamp;
The step S5 further comprises: verifying the signing messages timestamp by intelligent terminal to confirm the Digital signature service
It after the address URL is errorless, is signed the Digital signature service URL using customer digital certificate, and the number signature for carrying generation is visited
Ask the Digital signature service URL.
3. digital signature method according to claim 1, which is characterized in that the step S3 further comprises: by browsing
Device shows that prompt user scans the trusted graphical code using intelligent terminal to complete the information of digital signature.
4. a kind of digital signature system, which is characterized in that browser, operation system and intelligent terminal including communication connection,
In:
The browser is used to initiate user and needs service request using digital signature, shows that operation system is based on the business
The trusted graphical code that request is formed and sent, and the number signature result of operation system return is received to complete the business
Request;
The operation system is used for the service request initiated based on browser, obtains information to be signed and customer digital certificate
Unique identification generates the corresponding first signing messages hashed value of the information to be signed, and uses operation system digital certificate pair
The information to be signed, the first signing messages hashed value and customer digital certificate unique identification are digitally signed, and generate access
The Digital signature service URL of information after the digital signature, and encode the Digital signature service URL to form trusted graphical code;
The intelligent terminal is used to scan the trusted graphical code of browser-presented, and decoding obtains Digital signature service URL, and uses use
Digital signature service URL described in the digital certificate signature of family, and the number signature for carrying generation accesses the Digital signature service URL;
The operation system, which is also used to verify the number signature to the access of Digital signature service URL based on intelligent terminal, to be passed through
Afterwards, the corresponding information to be signed of the Digital signature service URL, the first signing messages hashed value, customer digital certificate is sent uniquely to mark
Know and operation system digital signature is to intelligent terminal;
The intelligent terminal is also used to verify after the operation system digital signature passes through, and calculates the according to the information to be signed
Two signing messages hashed values, and when the second signing messages hashed value is consistent with the first signing messages hashed value obtained,
Number signature is completed to the information to be signed, number signature result is sent to operation system;
The operation system be also used to receive intelligent terminal transmission number signature result, verifying customer digital certificate and
After digital signature passes through, the number signature result is returned into browser.
5. digital signature system according to claim 4, which is characterized in that the operation system formed trusted graphical code into
One step includes: to generate the signing messages timestamp being digitally signed using operation system digital certificate, and by the label
Name information time stamp coding together with the Digital signature service URL forms the trusted graphical code;
The intelligent terminal decoding trusted graphical code further comprises: decoding obtains the signing messages timestamp;
The intelligent terminal access signature service URL further comprises: verifying the signing messages timestamp to confirm the label
After the name service address URL is errorless, signed the Digital signature service URL using customer digital certificate, and carry the number of generation
Signature accesses the Digital signature service URL.
6. digital signature system according to claim 4, which is characterized in that the browser is showing operation system transmission
Trusted graphical code when, further show that prompt user using intelligent terminal scans the trusted graphical code to complete digital signature
Information.
7. a kind of intelligent terminal for digital signature characterized by comprising
Scan module, for scanning the trusted graphical code of browser-presented, decoding obtains Digital signature service URL;
URL access modules for using customer digital certificate to sign the Digital signature service URL, and carry the number of generation
Signature accesses the Digital signature service URL;
Receiving module, for receiving the corresponding information to be signed of the Digital signature service URL, the first A.L.S. of operation system transmission
Cease hashed value, customer digital certificate unique identification and operation system digital signature;
Digital Signature module calculates the according to the information to be signed for verifying after the operation system digital signature passes through
Two signing messages hashed values, and when the second signing messages hashed value is consistent with the first signing messages hashed value obtained,
Number signature is completed to the information to be signed;
Sending module, for number signature result to be sent to operation system.
8. the intelligent terminal according to claim 7 for digital signature, which is characterized in that the scan module also decodes
Obtain signing messages timestamp;
After the URL access modules verify the signing messages timestamp to confirm that the address the Digital signature service URL is errorless, use
The customer digital certificate signature Digital signature service URL, and the number signature for carrying generation accesses the Digital signature service URL.
9. a kind of operation system for digital signature characterized by comprising
Trusted graphical code generation module, the user for being initiated based on browser are needed the service request using digital signature, obtained
Information to be signed and customer digital certificate unique identification are obtained, the corresponding first signing messages hash of the information to be signed is generated
Value, and using operation system digital certificate to information, the first signing messages hashed value and the customer digital certificate to be signed only
One mark is digitally signed, and generates the Digital signature service URL of the information after accessing the digital signature, and by the Digital signature service
URL encodes to form trusted graphical code;
First sending module is shown for trusted graphical code to be sent to browser;
Digital signature service module, for receiving intelligent terminal by scanning visit of the trusted graphical code to Digital signature service URL
It asks, and after verifying number signature passes through, sends the corresponding information to be signed of the Digital signature service URL, the first A.L.S.
Hashed value, customer digital certificate unique identification and operation system digital signature are ceased to intelligent terminal;
Authentication module for receiving the number signature result of intelligent terminal transmission, and verifies customer digital certificate and number
Signature;
Second sending module, for browser will to be returned to by the number signature result of verifying.
10. the operation system according to claim 9 for digital signature, which is characterized in that the trusted graphical code is raw
Also generate the signing messages timestamp being digitally signed using operation system digital certificate at module, and by the signature
Information time stamp coding together with the Digital signature service URL forms the trusted graphical code.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510633498.XA CN106559219B (en) | 2015-09-29 | 2015-09-29 | A kind of digital signature method and system and its intelligent terminal and operation system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510633498.XA CN106559219B (en) | 2015-09-29 | 2015-09-29 | A kind of digital signature method and system and its intelligent terminal and operation system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106559219A CN106559219A (en) | 2017-04-05 |
CN106559219B true CN106559219B (en) | 2019-05-10 |
Family
ID=58415953
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510633498.XA Active CN106559219B (en) | 2015-09-29 | 2015-09-29 | A kind of digital signature method and system and its intelligent terminal and operation system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106559219B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107786543A (en) * | 2017-09-28 | 2018-03-09 | 北京深思数盾科技股份有限公司 | The method that the local service component of intelligent cipher key equipment interacts with networked application programs |
CN107968815B (en) * | 2017-10-25 | 2021-05-14 | 北京信安世纪科技股份有限公司 | Safety protection method and device |
CN112600803B (en) * | 2020-12-02 | 2022-07-19 | 上海哔哩哔哩科技有限公司 | Web end data signature method and device and computer equipment |
CN114866320A (en) * | 2022-05-06 | 2022-08-05 | 中国银行股份有限公司 | Method, device, equipment and storage medium for preventing url parameter from being tampered |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1996371A (en) * | 2006-11-30 | 2007-07-11 | 银联金融认证中心有限公司 | System for implementing inter-bank use of digital certificates and method therefor |
CN101800642A (en) * | 2009-12-31 | 2010-08-11 | 卓望数码技术(深圳)有限公司 | Encoding and decoding methods, equipment and system of graphic codes |
CN102779263A (en) * | 2012-06-19 | 2012-11-14 | 袁开国 | Credible two-dimensional code scheme based on public key infrastructure (PKI) and digital signature |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7254705B2 (en) * | 2002-03-15 | 2007-08-07 | Matsushita Electric Industrial Co., Ltd. | Service providing system in which services are provided from service provider apparatus to service user apparatus via network |
-
2015
- 2015-09-29 CN CN201510633498.XA patent/CN106559219B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1996371A (en) * | 2006-11-30 | 2007-07-11 | 银联金融认证中心有限公司 | System for implementing inter-bank use of digital certificates and method therefor |
CN101800642A (en) * | 2009-12-31 | 2010-08-11 | 卓望数码技术(深圳)有限公司 | Encoding and decoding methods, equipment and system of graphic codes |
CN102779263A (en) * | 2012-06-19 | 2012-11-14 | 袁开国 | Credible two-dimensional code scheme based on public key infrastructure (PKI) and digital signature |
Also Published As
Publication number | Publication date |
---|---|
CN106559219A (en) | 2017-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101331316B1 (en) | Method and apparatus to create a secure web browsing environment with privilege signing | |
JP7083892B2 (en) | Mobile authentication interoperability of digital certificates | |
Razzak | Spamming the Internet of Things: A Possibility and its probable Solution | |
KR101133829B1 (en) | Verifying authenticity of webpages | |
CN111355726B (en) | Identity authorization login method and device, electronic equipment and storage medium | |
EP2213044B1 (en) | Method of providing assured transactions using secure transaction appliance and watermark verification | |
WO2015180691A1 (en) | Key agreement method and device for verification information | |
CN106559219B (en) | A kind of digital signature method and system and its intelligent terminal and operation system | |
CN106911684B (en) | Authentication method and system | |
CN104662864A (en) | User-convenient authentication method and apparatus using a mobile authentication application | |
CN102546171A (en) | Secure element authentication | |
CN109495268B (en) | Two-dimensional code authentication method and device and computer readable storage medium | |
CN106921496A (en) | A kind of digital signature method and system | |
CN106464496A (en) | Method and system for creating a certificate to authenticate a user identity | |
WO2015180689A1 (en) | Method and apparatus for acquiring verification information | |
CN111683103A (en) | Information interaction method and device | |
JP6462121B2 (en) | Method for accessing services, corresponding first device, second device and system | |
CN109362074A (en) | The method of h5 and server-side safety communication in a kind of mixed mode APP | |
KR20120053929A (en) | The agent system for digital signature using sign private key with double encryption and method thereof features to store in web storage | |
KR20150011305A (en) | Biometric authentication electronic signature registration methods using an instant messenger | |
CN102404337A (en) | Data encryption method and device | |
CN113434882A (en) | Communication protection method and device of application program, computer equipment and storage medium | |
CN103368831A (en) | Anonymous instant messaging system based on frequent visitor recognition | |
KR100848966B1 (en) | Method for authenticating and decrypting of short message based on public key | |
CA2793422C (en) | Hypertext link verification in encrypted e-mail for mobile devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |