CN107133526A - Application data guard method and device - Google Patents
Application data guard method and device Download PDFInfo
- Publication number
- CN107133526A CN107133526A CN201710221913.XA CN201710221913A CN107133526A CN 107133526 A CN107133526 A CN 107133526A CN 201710221913 A CN201710221913 A CN 201710221913A CN 107133526 A CN107133526 A CN 107133526A
- Authority
- CN
- China
- Prior art keywords
- data
- application data
- signature
- result data
- signature result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/629—Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention provides a kind of application data guard method and device, using short signature algorithm to needing application data to be protected to sign, generation signature result data, and the public key that open short signature algorithm is signed;By the signature result data and described it is stored in by protection application data in bar code or Quick Response Code;When verifying the bar code or Quick Response Code correctness, the public key signed according to the short signature algorithm is verified to the signature result data by protection application data;The application data guard method provided in the present invention and device; application data in safeguard protection bar code or Quick Response Code; application data is prevented to be tampered or be forged, and the data that produce of protection mechanism of application data are small, it is effectively save to bar code or the space hold of Quick Response Code.
Description
Technical field
The present invention relates to technical field of data security, more particularly to a kind of application data guard method and device.
Background technology
Bar code, Quick Response Code are all the modes that data are expressed using figure combination, and wherein bar code uses width
Multiple secret notes and blank arranged according to certain coding rule, to express a group information;Quick Response Code uses specific geometry
Figure is the chequered with black and white group information of avatars one being distributed on two-dimensional directional in plane according to certain rules.
The information content that General Two-Dimensional code table reaches is greater than bar code, but two kinds of coded systems have the limit of information capacity
System.In actual application, because of the limitation in terms of print area, resolution ratio, reading speed and error correcting capability, bar code
Actually active data volume with Quick Response Code is all little.In addition in many application scenarios, data is correct in bar code, Quick Response Code
Property and authenticity need to obtain effective guarantee.The issue for for example needing to ensure some product information is real and genuine,
Important transaction data in transaction is authentic and valid such as negotiator, the amount of money, time etc..
The content of the invention
The main object of the present invention is a kind of application data guard method of offer and device, safeguard protection bar code or two dimension
Application data in code.
The present invention proposes a kind of application data guard method, comprises the following steps:
Using short signature algorithm to needing application data to be protected to sign, generation signature result data, and disclose short
The public key that signature algorithm is signed;
By the signature result data and described it is stored in by protection application data in bar code or Quick Response Code;
When verifying the bar code or Quick Response Code correctness, the public key signed according to the short signature algorithm is to described
Verified by the signature result data in protection application data.
Further, the use short signature algorithm is to needing application data to be protected to sign, generation signature result
Data, and open short signature algorithm signed public key the step of include:
Choosing a class has the Bilinear map e efficiently calculated elliptic curve, and determines two ranks on the elliptic curve
For the point group G of prime number q1And G2, and selection point group G respectively1And G2In point P1And P2;
By P1With [s] P2With as the public key signed and carry out disclosure;Wherein [s] P2For s P of standard2It is added, s is
Random number;
Choose for user function H, is mapped to described on [1, q-1] by protection application data;
Calculate point [s/ (H (X)+s)] P1;Wherein X is described by protection application data;
By point [s/ (H (X)+s)] P on the elliptic curve1It is converted into Px or L | | Px data;Wherein, Px or L | | Px
I.e. as to the signature result data Y by protection application data, Px is point [s/ (H (X)+s)] P1X-axis data, L for use
The assistance data of one of data Py when it is determined that Px is as x-axis data in two y-axis data of correspondence.
Further, the Choose for user function H, by the step mapped to by protection application data on [1, q-1]
Including:
The long Bit String of a bit number than prime number q extended to using extension mechanism by protection application data X to described,
And it is converted into big number f;
Fmod (q-2)+1 is calculated, wherein mod is modular arithmetic.
Further, it is described that a bit than prime number q extended to using extension mechanism by protection application data X to described
The step of Bit String of number length, includes:
Using SHA2, SHA3 or SM3 hash algorithm as hash function, applied according to cipher key derivation function by described by protection
Data X derives the long Bit String of a bit number than prime number q.
Further, the checking bar code or during Quick Response Code correctness, is signed according to the short signature algorithm
The step of public key of name is verified to the signature result data by protection application data includes:
Obtain described by protection application data X and the signature result data Y from the bar code or Quick Response Code;
Calculated, and entered according to result of calculation and the short signature algorithm according to the value of the signature result data Y
The public key of row signature is verified to the signature result data Y.
Further, the value according to the signature result data Y is calculated, and according to result of calculation and described
The step of public key that short signature algorithm is signed is verified to the signature result data Y includes:
If the signature result data Y is L | | Px, Py is determined according to L and Px value;
Point [s/ (H (X)+s)] P is obtained according to Px, Py1;
Calculate e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2), and with U=e ([P1, [s] P2) be compared;
If e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) identical, then verify the signature
Result data Y is correct;If e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) different, then verify institute
State signature result data Y mistakes.
Further, the value according to the signature result data Y is calculated, and according to result of calculation and described
The step of public key that short signature algorithm is signed is verified to the signature result data Y includes:
If the signature result data Y is Px, corresponding two y-axis data Py is calculated according to Px;
Randomly choose one of y-axis data Py and obtain a point Z;
Calculate F=e (Z, [H (X)] P2+[s]P2), and with U=e ([P1, [s] P2) compare, if different carried out with 1/U again
Compare;
If F=e (Z, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) or 1/U it is identical, then verify it is described signature knot
Fruit data Y is correct;If F=e (Z, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) or 1/U it is different, then verify described
Signature result data Y mistakes.
Further, the prime number q is more than 2160, the random number s satisfactions 0<s<q.
Further, the elliptic curve has the Bilinear map e efficiently calculated, and it is embedded in number of times and is not less than 12;It is described
Elliptic curve includes BN curves, KSS-18 curves, BLS-24 curves, KSS-32 curves and KSS-36 curves.
Present invention also offers a kind of application data protection device, including:
Signature unit, for, to needing application data to be protected to sign, generating signature result using short signature algorithm
Data, and the public key that open short signature algorithm is signed;
Generation unit, for by the signature result data and described by protection application data being stored in bar code or two
Tie up in code;
Authentication unit, during for verifying the bar code or Quick Response Code correctness, is signed according to the short signature algorithm
The public key of name is verified to the signature result data by protection application data.
Further, the signature unit includes:
Subelement is chosen, there is the Bilinear map e efficiently calculated elliptic curve for choosing a class, and determine described ellipse
Two ranks are the point group G of prime number q on circular curve1And G2, and selection point group G respectively1And G2In point P1And P2;
Open subelement, for by P1With [s] P2With as the public key signed and carry out disclosure;Wherein [s] P2For mark
Quasi- s P2It is added, s is random number;
Subelement is mapped, for Choose for user function H, is mapped to described by protection application data on [1, q-1];
Computation subunit, for calculating point [s/ (H (X)+s)] P1;Wherein X is described by protection application data;
Conversion subunit, for by point [s/ (H (X)+s)] P on the elliptic curve1It is converted into Px or L | | Px data;
Wherein, Px or L | | Px is that Px is point [s/ (H (X)+s)] P as to the signature result data Y by protection application data1
X-axis data, L be for determine Px as during x-axis data correspondence two y-axis data in one of data Py supplementary number
According to.
Further, the mapping subelement includes:
Expansion module, for by protection application data X extending to a bit than prime number q using extension mechanism to described
The long Bit String of number, and it is converted into big number f;
Computing module, for calculating fmod (q-2)+1, wherein mod is modular arithmetic.
Further, the expansion module specifically for:
Using SHA2, SHA3 or SM3 algorithm as hash function, according to cipher key derivation function by described by protection application data
X derives the long Bit String of a bit number than prime number q, and is converted into big number f.
Further, the authentication unit includes:
Subelement is obtained, it is described by protection application data X and described for being obtained from the bar code or Quick Response Code
Sign result data Y;
Subelement is verified, for being calculated according to the value of the signature result data Y, and according to result of calculation and institute
The public key that short signature algorithm signed is stated to verify the signature result data Y.
Further, the checking subelement includes:
First determining module, is L for the signature result data Y | | Px, then Py is determined according to L and Px value;
First acquisition module, for obtaining point [s/ (H (X)+s)] P according to Px, Py1;
First computing module, for calculating e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2), and with U=e ([P1, [s]
P2) be compared;
First authentication module, if for e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) phase
Together, then verify that the signature result data Y is correct;If e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2) and U=e ([P1,
[s]P2) different, then verify the signature result data Y mistakes.
Further, the checking subelement includes:
Second determining module, if being Px for the signature result data Y, corresponding two y-axis are calculated according to Px
Data Py;
Second acquisition module, a point Z is obtained for randomly choosing one of y-axis data Py;
Second computing module, for calculating F=e (Z, [H (X)] P2+[s]P2), and with U=e ([P1, [s] P2) compare, such as
Fruit difference is compared with 1/U again;
Second authentication module, if for F=e (Z, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) or 1/U it is identical,
Then verify that the signature result data Y is correct;If F=e (Z, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) or 1/U it is equal
Difference, then verify the signature result data Y mistakes.
Further, the prime number q is more than 2160, the random number s satisfactions 0<s<q.
Further, the elliptic curve has the Bilinear map e efficiently calculated, and it is embedded in number of times and is not less than 12;It is described
Elliptic curve includes BN curves, KSS-18 curves, BLS-24 curves, KSS-32 curves and KSS-36 curves.
The application data guard method provided in the present invention and device, have the advantages that:
The application data guard method provided in the present invention and device, using short signature algorithm to needing application number to be protected
According to being signed, signature result data, and the public key that open short signature algorithm is signed are generated;By the signature result data
And described be stored in by protection application data in bar code or Quick Response Code;When verifying the bar code or Quick Response Code correctness,
The public key signed according to the short signature algorithm is verified to the signature result data by protection application data;
Application data in safeguard protection bar code or Quick Response Code of the present invention, prevents application data to be tampered or be forged, and to application
The data that the protection mechanisms of data is produced are small, effectively save to bar code or the space hold of Quick Response Code.
Brief description of the drawings
Fig. 1 is the application data guard method step schematic diagram in one embodiment of the invention;
Fig. 2 is the step S1 specific steps schematic diagrames in one embodiment of the invention;
Fig. 3 is the step S3 specific steps schematic diagrames in one embodiment of the invention;
Fig. 4 is the application data protection device structural representation in one embodiment of the invention;
Fig. 5 is the signature unit structural representation in one embodiment of the invention;
Fig. 6 is the mapping sub-unit structure schematic diagram in another embodiment of the present invention;
Fig. 7 is the authentication unit structural representation in one embodiment of the invention;
Fig. 8 is the checking sub-unit structure schematic diagram in one embodiment of the invention;
Fig. 9 is the checking sub-unit structure schematic diagram in another embodiment of the present invention.
The realization, functional characteristics and advantage of the object of the invention will be described further referring to the drawings in conjunction with the embodiments.
Embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singulative " one " used herein, " one
It is individual ", " described " " above-mentioned " and "the" may also comprise plural form.It is to be further understood that making in the specification of the present invention
Wording " comprising " refers to there is the feature, integer, step, operation, element, unit, module and/or component, but simultaneously
Do not preclude the presence or addition of other one or more features, integer, step, operation, element, unit, module, component and/or it
Group.It should be understood that when we claim element to be " connected " or during " coupled " to another element, it can be directly connected to or couple
To other elements, or there can also be intermediary element.In addition, " connection " used herein or " coupling " can include wirelessly connecting
Connect or wirelessly couple.Wording "and/or" used herein includes one or more associated listing the whole or any of item
Unit and all combination.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific terminology), with the general understanding identical meaning with the those of ordinary skill in art of the present invention.Should also
Understand, those terms defined in such as general dictionary, it should be understood that with the context with prior art
The consistent meaning of meaning, and unless by specific definitions as here, otherwise will not use idealization or excessively formal implication
To explain.
Reference picture 1, is the application data guard method step schematic diagram provided in one embodiment of the invention.
A kind of application data guard method is proposed in one embodiment of the invention, is comprised the following steps:
Step S1, using short signature algorithm to needing application data to be protected to sign, generation signature result data, and
The public key that open short signature algorithm is signed;
Step S2, by the signature result data and described by protection application data is stored in bar code or Quick Response Code
In;
Step S3, when verifying the bar code or Quick Response Code correctness, the public affairs signed according to the short signature algorithm
Key is verified to the signature result data by protection application data.
In the present embodiment, when generation side needs application data to be protected to add (printing) to bar code or two dimension
, it is necessary to be protected to the application data (needing application data to be protected, hereafter herewith consistent) when in code, prevent random
Distort.First by short signature algorithm to being signed by protection application data, generation signature result data, what it was additionally produced
Data are very small, without taking too many space, therefore can be with effectively save to bar code or the space hold of Quick Response Code, in bar shaped
, can maximized saving space, the bar code and Quick Response Code made in the case that code and Quick Response Code have information capacity limitation
More information can be expressed.In the present embodiment, the public key that also short signature algorithm is signed is disclosed.
Afterwards, then the signature result data and need application data (i.e. above-mentioned needs to be protected produced above-mentioned steps
Added in bar code or Quick Response Code by protection application data) be stored in bar code or Quick Response Code, it is to be understood that
There are other unprotected or data without protection added in bar code or Quick Response Code.Specifically, can be according to bar
The data that the create-rule of shape code or Quick Response Code adds above-mentioned data and other needs using the mode specified or by
According to certain format print in bar code strip shape code or Quick Response Code.To the generation of bar code or Quick Response Code in the present embodiment
Mode is not especially limited.
Finally, when acquisition side wants to read the data in bar code or Quick Response Code, it is necessary to verify the bar code or
Quick Response Code correctness.In the present embodiment, the public key signed according to short signature algorithm is to by the signature in protection application data
Result data is verified.Answering in the application data guard method safeguard protection bar code or Quick Response Code in the embodiment of the present invention
With data, application data is prevented to be tampered or be forged.
Reference picture 2, in the present embodiment, the use short signature algorithm are signed to need application data to be protected,
Generating signature result data, and disclose the step S1 for the public key that short signature algorithm is signed includes:
Step S11, choosing a class has the Bilinear map e efficiently calculated elliptic curve, and determines the elliptic curve
Upper two ranks are the point group G of prime number q1And G2, and selection point group G respectively1And G2In point P1And P2;Preferably, elliptic curve
With the Bilinear map e efficiently calculated, it is embedded in number of times and is not less than 12;Elliptic curve includes BN curves, KSS-18 curves, BLS-
24 curves, KSS-32 curves and KSS-36 curves.
Step S12, by P1With [s] P2With as the public key signed and carry out disclosure;Wherein [s] P2For s P of standard2
It is added, s is random number;Preferably, prime number q is more than 2160, random number s satisfactions 0<s<q.
Step S13, Choose for user function H, are mapped to described on [1, q-1] by protection application data;
Step S14, calculates point [s/ (H (X)+s)] P1;Wherein X is described by protection application data;
Step S15, by point [s/ (H (X)+s)] P on the elliptic curve1It is converted into Px or L | | Px data;Wherein, Px
Or L | | Px is that Px is point [s/ (H (X)+s)] P as to the signature result data Y by protection application data1X-axis number
According to L is for determining Px as the assistance data of one of data Py in two y-axis data of correspondence during x-axis data.
Specifically, the Choose for user function H, by the step S13 mapped to by protection application data on [1, q-1]
Including:
A, by protection application data X the long bit of a bit number than prime number q is extended to described using extension mechanism
String, and it is converted into big number f;
B, calculates fmod (q-2)+1, wherein mod is modular arithmetic.
Preferably, in the present embodiment, it is described to it is described by protection application data X using extension mechanism extend to one ratio
The step a of the Bit String of the bit number length of prime number q includes:
Using SHA2, SHA3 or SM3 hash algorithm as hash function, applied according to cipher key derivation function by described by protection
Data X derives the long Bit String of a bit number than prime number q.
Reference picture 3, in one embodiment, when the checking bar code or Quick Response Code correctness, according to the short label
The step S3 that the public key that name algorithm is signed is verified to the signature result data by protection application data includes:
Step S31, obtains described by protection application data X and the signature result from the bar code or Quick Response Code
Data Y;
Step S32, is calculated, and signed by the short signature algorithm according to the value of the signature result data Y
The public key of name is verified to the signature result data Y.
In the present embodiment, the application data acquisition side in bar code or Quick Response Code, first from the bar code or two dimension
Obtain described by protection application data X and the signature result data Y in code, while can also obtain that generation side announces is short
The public key that signature algorithm is signed, the public key signed according to result of calculation and the short signature algorithm is tied to the signature
Fruit data Y is verified, is verified, then illustrates that signature result data Y is correct, the bar code or Quick Response Code are authentic and valid
's;If checking does not pass through, illustrate that signature result data Y is incorrect, the bar code or Quick Response Code are untrue, invalid.This
Embodiment is conducive to the application data in safeguard protection bar code or Quick Response Code, prevents application data to be tampered or be forged.
In the present embodiment, different calculating are carried out according to the difference of above-mentioned signature result data Y value.
Specifically, in one embodiment, the value according to the signature result data Y is calculated, and according to calculating
And the public key signed of the short signature algorithm includes to the signature result data Y step S32 verified as a result:
A1, if the signature result data Y is L | | Px, Py is determined according to L and Px value;
A2, point [s/ (H (X)+s)] P on elliptic curve is obtained according to Px, Py1;
A3, calculates e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2), and with U=e ([P1, [s] P2) be compared;
A4, if e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) identical, then verify the label
Name result data Y is correct, and the bar code or Quick Response Code are authentic and valid;If e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]
P2) and U=e ([P1, [s] P2) it is different, then verify the signature result data Y mistakes, the bar code or Quick Response Code be it is untrue,
Invalid.
Further, in another embodiment, the value according to the signature result data Y is calculated, and according to
The step S32 that the public key that result of calculation and the short signature algorithm are signed is verified to the signature result data Y
Including:
B1, if the signature result data Y is Px, corresponding two y-axis data Py is calculated according to Px;
B2, randomly chooses one of y-axis data Py and obtains a point Z;
B3, calculates F=e (Z, [H (X)] P2+[s]P2), and with U=e ([P1, [s] P2) compare, if it is different again and 1/U
It is compared;
B4, if F=e (Z, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) or 1/U it is identical, then verify the signature
Result data Y is correct, and the bar code or Quick Response Code are authentic and valid;If F=e (Z, [H (X)] P2+[s]P2) and U=e ([P1,
[s]P2) or 1/U it is different, then verify it is described signature result data Y mistakes, the bar code or Quick Response Code are untrue, invalid
's.
Preferably, prime number q in the above-described embodiments is more than 2160, random number s satisfactions 0<s<q.
Preferably, elliptic curve in the above-described embodiments has the Bilinear map e efficiently calculated, and it is not small that it is embedded in number of times
In 12;The elliptic curve includes BN curves, KSS-18 curves, BLS-24 curves, KSS-32 curves and KSS-36 curves.
The above-mentioned application data guard method to be provided in the present invention, using short signature algorithm to needing application number to be protected
According to being signed, signature result data, and the public key that open short signature algorithm is signed are generated;By the signature result data
And described be stored in by protection application data in bar code or Quick Response Code;When verifying the bar code or Quick Response Code correctness,
The public key signed according to the short signature algorithm is verified to the signature result data by protection application data;
Application data in safeguard protection bar code or Quick Response Code of the present invention, prevents from being protected application data to be tampered or be forged, and
The data that the protection mechanism of application data is produced are small, effectively save to bar code or the space hold of Quick Response Code.
In order to be further illustrated to the application data guard method provided in the embodiment of the present invention, the embodiment of the present invention
In additionally provide a kind of application data protection device.
A kind of application data protection device is provided in reference picture 4, one embodiment of the invention, including:
Signature unit 10, for, to needing application data to be protected to sign, generation signature to be tied using short signature algorithm
Fruit data, and the public key that open short signature algorithm is signed;
Generation unit 20, for above-mentioned signature result data and above-mentioned application data to be stored in into bar code or Quick Response Code
In;
Authentication unit 30, during for verifying above-mentioned bar code or Quick Response Code correctness, is carried out according to above-mentioned short signature algorithm
The public key of signature is verified to the signature result data in above-mentioned application data.
In the present embodiment, when needing application data to be protected to add (printing) into bar code or Quick Response Code
When, it is necessary to protected to the application data, prevent from arbitrarily being distorted.First signature unit 10 using short signature algorithm to being protected
Shield application data is signed, and generation signature result data, the data that it is additionally produced are very small, without taking too many space,
Therefore there can be information capacity limitation in bar code and Quick Response Code with effectively save to bar code or the space hold of Quick Response Code
In the case of, the maximized saving space of energy, the bar code and Quick Response Code allow expresses more information.The present embodiment
In, the public key that also short signature algorithm is signed is disclosed.
Afterwards, generation unit 20 then produces above-mentioned steps signature result data and need application data to be protected
(i.e. above-mentioned need added in bar code or Quick Response Code by protection application data) is stored in bar code or Quick Response Code.Tool
Body, the data that can be added above-mentioned data and other needs according to the create-rule of bar code or Quick Response Code are using referring to
Fixed mode or according to certain format print in bar code strip shape code or Quick Response Code.In the present embodiment to bar code or
The generating mode of person's Quick Response Code is not especially limited.
Finally, when the data in bar code to be read or Quick Response Code, it is necessary to verify the bar code or Quick Response Code just
True property.In the present embodiment, the public key that authentication unit 30 is signed according to short signature algorithm is to by the label in protection application data
Name result data is verified.In application data protection device safeguard protection bar code or Quick Response Code in the embodiment of the present invention
Application data, prevents application data to be tampered or be forged.
Reference picture 5, specifically, above-mentioned signature unit 10 include:
Subelement 101 is chosen, there is the Bilinear map e efficiently calculated elliptic curve for choosing a class, and determine
State the point group G that two ranks on elliptic curve are prime number q1And G2, and selection point group G respectively1And G2In point P1And P2;It is preferred that
Ground, elliptic curve has the Bilinear map e efficiently calculated, and it is embedded in number of times and is not less than 12;Elliptic curve includes BN curves, KSS-
18 curves, BLS-24 curves and, KSS-32 curves and KSS-36 curves.
Open subelement 102, for by P1With [s] P2With as the public key signed and carry out disclosure;Wherein [s] P2
For s P of standard2It is added, s is random number;Preferably, prime number q is more than 2160, random number s satisfactions 0<s<q.
Subelement 103 is mapped, for Choose for user function H, above-mentioned application data is mapped on [1, q-1];
Computation subunit 104, for calculating point [s/ (H (X)+s)] P1;Wherein X is above-mentioned by protection application data;
Conversion subunit 105, for by point [s/ (H (X)+s)] P on above-mentioned elliptic curve1It is converted into Px or L | | Px numbers
According to;Wherein, Px or L | | Px is that Px is point [s/ (H (X)+s)] as to the above-mentioned signature result data Y by protection application data
P1X-axis data, L be for determine Px as during x-axis data correspondence two y-axis data in one of data Py auxiliary
Data.
Specifically, reference picture 6, above-mentioned mapping subelement 103 includes:
Expansion module 1031, for by protection application data X extending to one than prime number q using extension mechanism to above-mentioned
The Bit String of bit number length, and it is converted into big number f;
Computing module 1032, for calculating fmod (q-2)+1, wherein mod is modular arithmetic.
Preferably, above-mentioned expansion module 1031 specifically for:
Using SHA2, SHA3 or SM3 hash algorithm as hash function, applied according to cipher key derivation function by above-mentioned by protection
Data X derives the long Bit String of a bit number than prime number q, and is converted into big number f.
Further, reference picture 7, above-mentioned authentication unit 30 includes:
Obtain subelement 301, for obtained from above-mentioned bar code or Quick Response Code it is above-mentioned by protection application data X and
State signature result data Y;
Verify subelement 302, for being calculated according to above-mentioned signature result data Y value, and according to result of calculation with
And the public key that above-mentioned short signature algorithm is signed is verified to above-mentioned signature result data Y.
In the present embodiment, the application data acquisition side in bar code or Quick Response Code, first by obtain subelement 301 from
Obtain described by protection application data X and the signature result data Y in the bar code or Quick Response Code, while can also obtain
The public key that the short signature algorithm for taking generation side to announce is signed, checking subelement 302 is according to result of calculation and the short signature
The public key that algorithm is signed is verified to the signature result data Y, is verified, is then illustrated signature result data Y
Correctly, the bar code or Quick Response Code are authentic and valid;If checking does not pass through, illustrate that signature result data Y is incorrect, this
Shape code or Quick Response Code are untrue, invalid.The present embodiment is conducive to the application data in safeguard protection bar code or Quick Response Code,
Application data is prevented to be tampered or be forged.
In the present embodiment, checking subelement 302 carries out different meters according to the difference of above-mentioned signature result data Y value
Calculate.
Specifically, reference picture 8, in one embodiment, above-mentioned checking subelement 302 include:
First determining module 3021, is L for above-mentioned signature result data Y | | Px, then Py is determined according to L and Px value;
First acquisition module 3022, for obtaining point [s/ (H (X)+s)] P on elliptic curve according to Px, Py1;
First computing module 3023, for calculating e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2), and and U=e
([P1, [s] P2) be compared;
First authentication module 3024, if for e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2) and U=e ([P1, [s]
P2) identical, then verify that above-mentioned signature result data Y is correct, the bar code or Quick Response Code are authentic and valid;If e ([s/ (H (X)
+s)]P1, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) different, then verify above-mentioned signature result data Y mistakes, the bar shaped
Code or Quick Response Code be untrue, invalid.
Reference picture 9, in another embodiment, above-mentioned checking subelement 302 include:
Second determining module 3025, if being Px for above-mentioned signature result data Y, corresponding two are calculated according to Px
Y-axis data Py;
Second acquisition module 3026, a point Z is obtained for randomly choosing one of y-axis data Py;
Second computing module 3027, for calculating F=e (Z, [H (X)] P2+[s]P2), and with U=e ([P1, [s] P2) ratio
Compared with if difference is compared with 1/U again;
Second authentication module 3028, if for F=e (Z, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) or 1/U
It is identical, then verify that above-mentioned signature result data Y is correct, the bar code or Quick Response Code are authentic and valid;If F=e (Z, [H (X)]
P2+[s]P2) and U=e ([P1, [s] P2) or 1/U it is different, then verify above-mentioned signature result data Y mistakes, the bar code or
Quick Response Code is untrue, invalid.
Preferably, prime number q in the above-described embodiments is more than 2160, above-mentioned random number s satisfactions 0<s<q.
Preferably, elliptic curve in the above-described embodiments has the Bilinear map e efficiently calculated, and it is not small that it is embedded in number of times
In 12;Above-mentioned elliptic curve include BN curves, KSS-18 curves, BLS-24 curves and, KSS-32 curves and KSS-36 it is bent
Line.
In summary, it is the application data guard method and the device that provide in the embodiment of the present invention, uses short signature algorithm
To needing application data to be protected to sign, generation signature result data, and the public key that open short signature algorithm is signed;
Above-mentioned signature result data and above-mentioned application data are stored in bar code or Quick Response Code;Verify above-mentioned bar code or two dimension
During code correctness, the public key signed according to above-mentioned short signature algorithm is to the above-mentioned signature number of results by protection application data
According to being verified;Application data in safeguard protection bar code or Quick Response Code of the present invention, prevents from being protected application data to be tampered
Or be forged, and the data of the protection mechanism generation of application data are small, the effectively save space to bar code or Quick Response Code is accounted for
With.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the terminal of foregoing description,
The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
Those skilled in the art of the present technique be appreciated that can be realized with computer program instructions these structure charts and/or
The combination of each frame and these structure charts and/or the frame in block diagram and/or flow graph in block diagram and/or flow graph.This technology is led
Field technique personnel be appreciated that these computer program instructions can be supplied to all-purpose computer, special purpose computer or other
The processor of programmable data processing method is realized, so as to pass through the processing of computer or other programmable data processing methods
The scheme that device is specified in the frame or multiple frames to perform structure chart disclosed by the invention and/or block diagram and/or flow graph.
Those skilled in the art of the present technique are appreciated that in the various operations discussed in the present invention, method, flow
Step, measure, scheme can be replaced, changed, combined or deleted.Further, it is each with what is discussed in the present invention
Kind operation, method, other steps in flow, measure, scheme can also be replaced, changed, reset, decomposed, combined or deleted.
Further, it is of the prior art to have and the step in the various operations disclosed in the present invention, method, flow, measure, scheme
It can also be replaced, changed, reset, decomposed, combined or deleted.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the scope of the invention, it is every to utilize
Equivalent structure or equivalent flow conversion that description of the invention and accompanying drawing content are made, or directly or indirectly it is used in other correlations
Technical field, be included within the scope of the present invention.
Claims (18)
1. a kind of application data guard method, it is characterised in that comprise the following steps:
Using short signature algorithm to needing application data to be protected to sign, generation signature result data, and open short signature
The public key that algorithm is signed;
By the signature result data and described it is stored in by protection application data in bar code or Quick Response Code;
When verifying the bar code or Quick Response Code correctness, the public key signed according to the short signature algorithm is protected to described
Signature result data in shield application data is verified.
2. application data guard method according to claim 1, it is characterised in that the use short signature algorithm is to needing
Signed by protection application data, generation signature result data, and open short signature algorithm signed public key the step of
Including:
Choosing a class has the Bilinear map e efficiently calculated elliptic curve, and determines that two ranks are element on the elliptic curve
Number q point group G1And G2, and selection point group G respectively1And G2In point P1And P2;
By P1With [s] P2With as the public key signed and carry out disclosure;Wherein [s] P2For s P of standard2It is added, s is random
Number;
Choose for user function H, is mapped to described on [1, q-1] by protection application data;
Calculate point [s/ (H (X)+s)] P1;Wherein X is described by protection application data;
By point [s/ (H (X)+s)] P on the elliptic curve1It is converted into Px or L | | Px data;Wherein, Px or L | | Px is conduct
To the signature result data Y by protection application data, Px is point [s/ (H (X)+s)] P1X-axis data, L be for determining
Px as during x-axis data correspondence two y-axis data in one of data Py assistance data.
3. application data guard method according to claim 2, it is characterised in that the Choose for user function H, will be described
The step mapped to by protection application data on [1, q-1] includes:
The long Bit String of a bit number than prime number q extended to using extension mechanism by protection application data X to described, and will
It is converted to big number f;
Fmod (q-2)+1 is calculated, wherein mod is modular arithmetic.
4. application data guard method according to claim 3, it is characterised in that it is described to described by protection application data
The step of X extends to a bit number than prime number q long Bit String using extension mechanism includes:
Using SHA2, SHA3 or SM3 hash algorithm as hash function, according to cipher key derivation function by described by protection application data
X derives the long Bit String of a bit number than prime number q.
5. application data guard method according to claim 2, it is characterised in that the checking bar code or two dimension
During code correctness, the public key signed according to the short signature algorithm is to the signature number of results by protection application data
Include according to the step of checking:
Obtain described by protection application data X and the signature result data Y from the bar code or Quick Response Code;
Calculated, and signed according to result of calculation and the short signature algorithm according to the value of the signature result data Y
The public key of name is verified to the signature result data Y.
6. application data guard method according to claim 5, it is characterised in that described according to the signature result data
Y value is calculated, and the public key signed according to result of calculation and the short signature algorithm is to the signature number of results
The step of being verified according to Y includes:
If the signature result data Y is L | | Px, Py is determined according to L and Px value;
Point [s/ (H (X)+s)] P is obtained according to Px, Py1;
Calculate e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2), and with U=e ([P1, [s] P2) be compared;
If e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) identical, then verify the signature result
Data Y is correct;If e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) different, then verify the label
Name result data Y mistakes.
7. application data guard method according to claim 5, it is characterised in that described according to the signature result data
Y value is calculated, and the public key signed according to result of calculation and the short signature algorithm is to the signature number of results
The step of being verified according to Y includes:
If the signature result data Y is Px, corresponding two y-axis data Py is calculated according to Px;
Randomly choose one of y-axis data Py and obtain a point Z;
Calculate F=e (Z, [H (X)] P2+[s]P2), and with U=e ([P1, [s] P2) compare, if difference is compared with 1/U again;
If F=e (Z, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) or 1/U it is identical, then verify the signature result data
Y is correct;If F=e (Z, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) or 1/U it is different, then verify it is described signature knot
Fruit data Y mistakes.
8. the application data guard method according to claim any one of 2-7, it is characterised in that the prime number q is more than
2160, the random number s satisfactions 0<s<q.
9. the application data guard method according to claim any one of 2-7, it is characterised in that the elliptic curve has
The Bilinear map e efficiently calculated, it is embedded in number of times and is not less than 12;The elliptic curve includes BN curves, KSS-18 curves, BLS-
24 curves, KSS-32 curves and KSS-36 curves.
10. a kind of application data protection device, it is characterised in that including:
Signature unit, for, to needing application data to be protected to sign, generating signature result data using short signature algorithm,
And the public key that open short signature algorithm is signed;
Generation unit, for by the signature result data and described by protection application data being stored in bar code or Quick Response Code
In;
Authentication unit, during for verifying the bar code or Quick Response Code correctness, is signed according to the short signature algorithm
Public key is verified to the signature result data by protection application data.
11. application data protection device according to claim 10, it is characterised in that the signature unit includes:
Subelement is chosen, there is the Bilinear map e efficiently calculated elliptic curve for choosing a class, and is determined described oval bent
Two ranks are the point group G of prime number q on line1And G2, and selection point group G respectively1And G2In point P1And P2;
Open subelement, for by P1With [s] P2With as the public key signed and carry out disclosure;Wherein [s] P2For standard s
Individual P2It is added, s is random number;
Subelement is mapped, for Choose for user function H, is mapped to described by protection application data on [1, q-1];
Computation subunit, for calculating point [s/ (H (X)+s)] P1;Wherein X is described by protection application data;
Conversion subunit, for by point [s/ (H (X)+s)] P on the elliptic curve1It is converted into Px or L | | Px data;Wherein,
Px or L | | Px is that Px is point [s/ (H (X)+s)] P as to the signature result data Y by protection application data1X-axis
Data, L is for determining Px as the assistance data of one of data Py in two y-axis data of correspondence during x-axis data.
12. application data protection device according to claim 11, it is characterised in that the mapping subelement includes:
Expansion module, for by protection application data X to extend to a bit number than prime number q using extension mechanism long to described
Bit String, and be converted into big number f;
Computing module, for calculating fmod (q-2)+1, wherein mod is modular arithmetic.
13. application data protection device according to claim 12, it is characterised in that the expansion module specifically for:
Using SHA2, SHA3 or SM3 hash algorithm as hash function, according to cipher key derivation function by described by protection application data
X derives the long Bit String of a bit number than prime number q, and is converted into big number f.
14. application data protection device according to claim 11, it is characterised in that the authentication unit includes:
Subelement is obtained, it is described by protection application data X and the signature for being obtained from the bar code or Quick Response Code
Result data Y;
Subelement is verified, for being calculated according to the value of the signature result data Y, and according to result of calculation and described short
The public key that signature algorithm is signed is verified to the signature result data Y.
15. application data protection device according to claim 14, it is characterised in that the checking subelement includes:
First determining module, is L for the signature result data Y | | Px, then Py is determined according to L and Px value;
First acquisition module, for obtaining point [s/ (H (X)+s)] P according to Px, Py1;
First computing module, for calculating e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2), and with U=e ([P1, [s] P2) enter
Row compares;
First authentication module, if for e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) identical, then
The checking signature result data Y is correct;If e ([s/ (H (X)+s)] P1, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) no
Together, then the signature result data Y mistakes are verified.
16. application data protection device according to claim 14, it is characterised in that the checking subelement includes:
Second determining module, if being Px for the signature result data Y, corresponding two y-axis data are calculated according to Px
Py;
Second acquisition module, a point Z is obtained for randomly choosing one of y-axis data Py;
Second computing module, for calculating F=e (Z, [H (X)] P2+[s]P2), and with U=e ([P1, [s] P2) compare, if not
It is same to be compared again with 1/U;
Second authentication module, if for F=e (Z, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) or 1/U it is identical, then test
The card signature result data Y is correct;If F=e (Z, [H (X)] P2+[s]P2) and U=e ([P1, [s] P2) or 1/U is not
Together, then the signature result data Y mistakes are verified.
17. the application data protection device according to claim any one of 11-16, it is characterised in that the prime number q is more than
2160, the random number s satisfactions 0<s<q.
18. the application data protection device according to claim any one of 11-16, it is characterised in that the elliptic curve
With the Bilinear map e efficiently calculated, it is embedded in number of times and is not less than 12;The elliptic curve include BN curves, KSS-18 curves,
BLS-24 curves, KSS-32 curves and KSS-36 curves.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710221913.XA CN107133526A (en) | 2017-04-06 | 2017-04-06 | Application data guard method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710221913.XA CN107133526A (en) | 2017-04-06 | 2017-04-06 | Application data guard method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107133526A true CN107133526A (en) | 2017-09-05 |
Family
ID=59716557
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710221913.XA Pending CN107133526A (en) | 2017-04-06 | 2017-04-06 | Application data guard method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107133526A (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102932148A (en) * | 2012-10-25 | 2013-02-13 | 成都市易恒信科技有限公司 | System and method for preventing safety two-dimensional code counterfeiting on basis of combination of public key (CPK) authentication |
CN103269269A (en) * | 2013-05-08 | 2013-08-28 | 吴伟 | File encryption transmission method based on two-dimensional bar code technology |
CN103839097A (en) * | 2014-03-20 | 2014-06-04 | 武汉信安珞珈科技有限公司 | Method and device for generating two-dimension code based on digital signature |
CN104008322A (en) * | 2014-06-14 | 2014-08-27 | 河南融信数据有限公司 | Two-dimension code publisher identity authentication method based on reliable digital signature |
CN104021482A (en) * | 2013-03-01 | 2014-09-03 | 成都市易恒信科技有限公司 | Certificate false-proof verification method base on identification authentication technology |
CN104077625A (en) * | 2014-06-19 | 2014-10-01 | 中国科学院信息工程研究所 | Two-dimension code content verifying method based on electronic signature |
US20150358164A1 (en) * | 2014-06-10 | 2015-12-10 | Unisys Corporation | Systems and methods for qr code validation |
CN105608583A (en) * | 2014-11-21 | 2016-05-25 | 许丰 | Digital signature electronic label |
CN106408065A (en) * | 2016-09-05 | 2017-02-15 | 成都天钥科技有限公司 | Two-dimensional code encoding method and apparatus |
CN106452756A (en) * | 2016-11-08 | 2017-02-22 | 王栋 | Construction verification method and device capable of verifying security two-dimensional code offline |
-
2017
- 2017-04-06 CN CN201710221913.XA patent/CN107133526A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102932148A (en) * | 2012-10-25 | 2013-02-13 | 成都市易恒信科技有限公司 | System and method for preventing safety two-dimensional code counterfeiting on basis of combination of public key (CPK) authentication |
CN104021482A (en) * | 2013-03-01 | 2014-09-03 | 成都市易恒信科技有限公司 | Certificate false-proof verification method base on identification authentication technology |
CN103269269A (en) * | 2013-05-08 | 2013-08-28 | 吴伟 | File encryption transmission method based on two-dimensional bar code technology |
CN103839097A (en) * | 2014-03-20 | 2014-06-04 | 武汉信安珞珈科技有限公司 | Method and device for generating two-dimension code based on digital signature |
US20150358164A1 (en) * | 2014-06-10 | 2015-12-10 | Unisys Corporation | Systems and methods for qr code validation |
CN104008322A (en) * | 2014-06-14 | 2014-08-27 | 河南融信数据有限公司 | Two-dimension code publisher identity authentication method based on reliable digital signature |
CN104077625A (en) * | 2014-06-19 | 2014-10-01 | 中国科学院信息工程研究所 | Two-dimension code content verifying method based on electronic signature |
CN105608583A (en) * | 2014-11-21 | 2016-05-25 | 许丰 | Digital signature electronic label |
CN106408065A (en) * | 2016-09-05 | 2017-02-15 | 成都天钥科技有限公司 | Two-dimensional code encoding method and apparatus |
CN106452756A (en) * | 2016-11-08 | 2017-02-22 | 王栋 | Construction verification method and device capable of verifying security two-dimensional code offline |
Non-Patent Citations (1)
Title |
---|
程相国: "基于双线性对的签名体制的研究", 《中国优秀博士学位论文全文数据库(博士)•信息科技辑》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109741056B (en) | Method and device for uploading electronic certificate | |
US8751806B1 (en) | Method and apparatus to provide public key authentication with low complexity devices | |
CN110505046B (en) | Multi-data provider encrypted data cross-platform zero-knowledge verification method, device and medium | |
US20200074129A1 (en) | Combined two-dimensional code, electronic certificate carrier, and generation and reading apparatus and method | |
CN108833103B (en) | Method and system for secure communication between a radio frequency identification tag and a reading device | |
TWI335546B (en) | ||
CA2640992A1 (en) | Digital signatures on a smartcard | |
US8452973B2 (en) | Digital signature method, program, and apparatus | |
KR20070034500A (en) | Authentication of the subject using a signed signature within multiple data parts | |
CN104272319A (en) | Method for protecting data | |
CN103999402A (en) | Method and system for securely computing a base point in direct anonymous attestation | |
CN113112252B (en) | Resource transfer method and device based on block chain, electronic equipment and storage medium | |
CN106789091A (en) | The implementation method and device of a kind of Open XML documents digital signature and sign test | |
JP2022535764A (en) | certified text document | |
JPH11328269A (en) | Electronic coupon system and method for issuing and verifying electronic coupon | |
CN106934440A (en) | The method and system of embedding information in a kind of coding information | |
CN104320253A (en) | Two-dimension code authentication system and method based on CBS signature mechanism | |
CN117882334A (en) | Efficient hybridization of classical and postquantum signatures | |
CN101488246A (en) | Check verification method, check verification apparatus and check verification system | |
US20050206158A1 (en) | Certificate issuing method and certificate verifying method | |
CN107133526A (en) | Application data guard method and device | |
GB2407948A (en) | Encryption where there exists a computable bilinear map for two elements, using a smartcard | |
CN114629663B (en) | Block chain-based digital commodity transaction method and device | |
US20200213095A1 (en) | Method and device for the computer aided processing of a random bit pattern | |
EP2119097A2 (en) | Fast rsa signature verification |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170905 |
|
RJ01 | Rejection of invention patent application after publication |