CN107204854A - A kind of digital signature method based on USB TOKEN - Google Patents
A kind of digital signature method based on USB TOKEN Download PDFInfo
- Publication number
- CN107204854A CN107204854A CN201710520668.2A CN201710520668A CN107204854A CN 107204854 A CN107204854 A CN 107204854A CN 201710520668 A CN201710520668 A CN 201710520668A CN 107204854 A CN107204854 A CN 107204854A
- Authority
- CN
- China
- Prior art keywords
- server
- signature
- token
- usb
- digital signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Abstract
The invention discloses a kind of digital signature method based on USB TOKEN, USB TOKEN are inserted in client, carrying out the long of socket by middleware and server is connected the file progress digital signature realized to high in the clouds.While normal document signing is met, USB TOKEN and the separation signed documents are realized again, the need for greatly having expanded the various actual environments that digital certificate signs documents.It is supplied to a kind of extraordinary Consumer's Experience of user and the sense of security of digital certificate stamped signature.
Description
Technical field
The present invention relates to digital signature method.
Background technology
Under the situation that current web universe develops on a large scale, Network Mobility, Internet of Things networking, terminal variation, network application
The features such as popular, cloud service are increasingly highlighted, but thing followed information security issue is also all the more obvious, on the one hand each
Informatization Service, virtual information service is planted to be continuously increased;On the other hand, corresponding information security technology is not but general by masses
All over using.
In the application of numerous safe practices, the encryption and authentication of electronic document are an important applications, mutual
Networking epoch, people transmit various electronic documents in a network, there is the possibility divulged a secret and be forged at any time, particularly some weights
The electronic document wanted, such as contract, legal documents etc..It is very to carry out digital certificate signature and encryption to these important documents
Important thing, although say current electronic document stamped signature technology all comparative maturities, but will by sign test server of such as signing,
The special equipments such as stamped signature server, but these special encryption devices are bad is understood by masses, and also be difficult to by common big
Crowd is applied, thus research and development be easier by popular understanding and operation application technology be very important.
The content of the invention
It is an object of the invention to provide one kind with USB-TOKEN (loading digital certificate), in client to high in the clouds text
The method that part carries out digital signature, realizes USB-TOKEN and the separation signed documents.
Digital signature method based on USB-TOKEN,
Realizing the technical scheme of above-mentioned purpose is:
A kind of digital signature method based on USB-TOKEN, USB-TOKEN is inserted in client, passes through middleware and clothes
Being engaged in, (two programs on network realize the exchange of data by a two-way communication connection to device progress socket, this connection
One end be referred to as a socket) long connection realize digital signature carried out to the file in high in the clouds.
In the above-mentioned digital signature method based on USB-TOKEN, including:
User controls middleware to be connected with the length that server carries out socket by the browser of client;
User is uploaded by the browser of client to be treated stamped signature document to server or treats stamped signature document in itself in server
On;
Server return treat stamped signature document hash (typically translate into " hash ", or Hash, by a kind of random length
Message is compressed into the function of the eap-message digest of a certain regular length by hash) value is to middleware;
Middleware calls the private key in USB-TOKEN to carry out encrypted signature to HASH values, and returns to signature value to server;
Server treat stamped signature document carry out digital signature, and by the document after stamped signature be back to client browser or
Stay on the server.
In the above-mentioned digital signature method based on USB-TOKEN, user is defeated after client insertion USB-TOKEN
Enter respective certificate password;
When middleware returns to signature value to server, secondary encryption is carried out to signature value;Signature value of the server to reception
It is decrypted.
In the above-mentioned digital signature method based on USB-TOKEN, BS frameworks are used between browser and server
(Browser/Server, Browser/Server Mode) http agreements are communicated;
Communicated between middleware and server using CS (Cl ient/Server, client-server) socket.
The beneficial effects of the invention are as follows:The present invention passes through middleware and server by inserting USB-TOKEN in client
The long of socket is carried out to connect and realize the file progress digital signature to high in the clouds.While normal document signing is met,
USB-TOKEN and the separation signed documents are realized again, have greatly expanded the various actual environments that digital certificate signs documents
Need.On the one hand, the various compatibility issues of conventional client digital certificate stamped signature have been broken away from.On the other hand, it is to avoid tradition
High in the clouds stamped signature digital certificate not within the hand of a user, and do not need user's input cryptographic certificate, further improves user
The security of digital certificate.For another angle, this is supplied to user's one kind of digital certificate stamped signature extraordinary
Consumer's Experience and the sense of security, help this advanced electronic signature technology of Electronic Signature to be able to popularity, and one is entered for encryption industry
Step is understood by ordinary populace provides important foundation with operating.
Brief description of the drawings
Fig. 1 is the connection diagram between client and server in the present invention;
Fig. 2 is the simple process figure of the digital signature method of the present invention;
Fig. 3 is the particular flow sheet of the digital signature method of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the invention will be further described.
Fig. 1 to Fig. 3 is referred to, the digital signature method of the invention based on USB-TOKEN combines USB-TOKEN hard
The multiple technologies such as part reading, the transmission of digital certificate encryption technology, Electronic Signature technology, http agreements, socket communications, are safety
Sign high in the clouds file and provide a kind of efficiently stamped signature scheme of safety, and possess fabulous customer experience sense, help simultaneously
Client understands, it is quick, efficiently, conveniently apply digital signature.The typical application scenarios of high in the clouds file are for example:Laboratory examination & approval detection
Report, and examining report is generated in service end.
The digital signature method of the present invention, mainly by inserting USB-TOKEN in client, passes through middleware and server
The long connection realization for carrying out socket carries out digital signature to the file in high in the clouds.Specifically include the following steps:
Step S1, user is clicked on by the browser of client and uploads document, and browser notifies middleware Connection Service, clear
Look between device and server and to be communicated using BS framework http agreements.The length that middleware carries out socket with server is connected.
User inputs respective certificate password after client insertion USB-TOKEN.Middleware is C++ middlewares.
Step S2, user is uploaded by the browser of client to be treated stamped signature document to server or treats that stamped signature document exists in itself
On server.First communicated using BS framework http agreements, the socket connections kept are then determined whether on request, are carried out
Significant data is transmitted, it is ensured that the safety and stability of transmission.
Step S3, server, which is returned, treats the hash values of stamped signature document to middleware.Especially sign the big file in high in the clouds when
Wait, it is only necessary to obtain the hash values of file, middleware is passed to by socket and is digitally signed, return again to high in the clouds and signed
Chapter, greatly accelerates the speed of big document signing.
Step S4, middleware calls private key in USB-TOKEN to carry out encrypted signature to HASH values, and return signature value to
Server;Secondary encryption now is carried out to signature value.The signature value of reception is decrypted server.
Step S5, server treats stamped signature document and carries out digital signature, and the document after stamped signature is back into client
Browser retains on the server.
Above example is used for illustrative purposes only, rather than limitation of the present invention, about the technology people of technical field
Member, without departing from the spirit and scope of the present invention, can also make various conversion or modification, therefore all equivalent
Technical scheme should also belong to scope of the invention, should be limited by each claim.
Claims (4)
1. a kind of digital signature method based on USB-TOKEN, it is characterised in that USB-TOKEN is inserted in client, in
Between part and server carry out the long of socket and be connected the file progress digital signature realized to high in the clouds.
2. the digital signature method according to claim 1 based on USB-TOKEN, it is characterised in that including:
User controls middleware to be connected with the length that server carries out socket by the browser of client;
User is uploaded by the browser of client to be treated stamped signature document to server or treats stamped signature document in itself on the server;
Server, which is returned, treats the hash values of stamped signature document to middleware;
Middleware calls the private key in USB-TOKEN to carry out encrypted signature to HASH values, and returns to signature value to server;
Server treats stamped signature document and carries out digital signature, and the document after stamped signature is back into the browser of client or stayed in
On server.
3. the digital signature method according to claim 2 based on USB-TOKEN, it is characterised in that user is in client
Insert after USB-TOKEN, input respective certificate password;
When middleware returns to signature value to server, secondary encryption is carried out to signature value;Server is carried out to the signature value of reception
Decryption.
4. the digital signature method according to claim 2 based on USB-TOKEN, it is characterised in that
Communicated between browser and server using BS framework http agreements;
Communicated between middleware and server using CS socket.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710520668.2A CN107204854A (en) | 2017-06-30 | 2017-06-30 | A kind of digital signature method based on USB TOKEN |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710520668.2A CN107204854A (en) | 2017-06-30 | 2017-06-30 | A kind of digital signature method based on USB TOKEN |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107204854A true CN107204854A (en) | 2017-09-26 |
Family
ID=59910428
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710520668.2A Pending CN107204854A (en) | 2017-06-30 | 2017-06-30 | A kind of digital signature method based on USB TOKEN |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107204854A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109919579A (en) * | 2019-02-27 | 2019-06-21 | 上海棕榈电脑系统有限公司 | Electronic document contracting method, device, storage medium and equipment |
CN110532808A (en) * | 2019-08-20 | 2019-12-03 | 江西金格科技股份有限公司 | A kind of electronic signature method based on electronic document image object |
CN111641605A (en) * | 2020-05-16 | 2020-09-08 | 中信银行股份有限公司 | Electronic signature method and system based on dynamic password |
CN113360878A (en) * | 2020-03-06 | 2021-09-07 | 深圳法大大网络科技有限公司 | Signature method, device, server and medium |
CN114221759A (en) * | 2021-11-29 | 2022-03-22 | 成都卫士通信息产业股份有限公司 | Remote monitoring deployment method and device, electronic equipment and storage medium |
CN114221759B (en) * | 2021-11-29 | 2024-04-12 | 成都卫士通信息产业股份有限公司 | Remote monitoring deployment method and device, electronic equipment and storage medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101246565A (en) * | 2007-07-31 | 2008-08-20 | 北京科翰软件有限公司 | Web page electric signature intermediate part system |
CN102291808A (en) * | 2011-06-03 | 2011-12-21 | 莫雅静 | Network communication method, communication equipment and middleware of communication equipment |
CN102324008A (en) * | 2011-09-23 | 2012-01-18 | 郑州信大捷安信息技术股份有限公司 | Web bank's FTP client FTP and method of application based on USB safety storing encrypted card |
CN103457736A (en) * | 2013-08-29 | 2013-12-18 | 无锡华御信息技术有限公司 | System and method for receiving and sending official document based on WEB |
EP2098962B1 (en) * | 2008-03-04 | 2014-05-21 | Apple Inc. | Synchronization server process |
CN105429754A (en) * | 2014-09-23 | 2016-03-23 | 西部安全认证中心有限责任公司 | Management method and system of national standard electronic seal |
CN102946314B (en) * | 2012-11-08 | 2016-04-20 | 成都卫士通信息产业股份有限公司 | A kind of client-side user identity authentication method based on browser plug-in |
CN106452793A (en) * | 2016-11-21 | 2017-02-22 | 航天信息股份有限公司 | Method and system of electronic signature |
-
2017
- 2017-06-30 CN CN201710520668.2A patent/CN107204854A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101246565A (en) * | 2007-07-31 | 2008-08-20 | 北京科翰软件有限公司 | Web page electric signature intermediate part system |
EP2098962B1 (en) * | 2008-03-04 | 2014-05-21 | Apple Inc. | Synchronization server process |
CN102291808A (en) * | 2011-06-03 | 2011-12-21 | 莫雅静 | Network communication method, communication equipment and middleware of communication equipment |
CN102324008A (en) * | 2011-09-23 | 2012-01-18 | 郑州信大捷安信息技术股份有限公司 | Web bank's FTP client FTP and method of application based on USB safety storing encrypted card |
CN102946314B (en) * | 2012-11-08 | 2016-04-20 | 成都卫士通信息产业股份有限公司 | A kind of client-side user identity authentication method based on browser plug-in |
CN103457736A (en) * | 2013-08-29 | 2013-12-18 | 无锡华御信息技术有限公司 | System and method for receiving and sending official document based on WEB |
CN105429754A (en) * | 2014-09-23 | 2016-03-23 | 西部安全认证中心有限责任公司 | Management method and system of national standard electronic seal |
CN106452793A (en) * | 2016-11-21 | 2017-02-22 | 航天信息股份有限公司 | Method and system of electronic signature |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109919579A (en) * | 2019-02-27 | 2019-06-21 | 上海棕榈电脑系统有限公司 | Electronic document contracting method, device, storage medium and equipment |
CN109919579B (en) * | 2019-02-27 | 2022-02-25 | 上海棕榈电脑系统有限公司 | Electronic document signing method, device, storage medium and equipment |
CN110532808A (en) * | 2019-08-20 | 2019-12-03 | 江西金格科技股份有限公司 | A kind of electronic signature method based on electronic document image object |
CN110532808B (en) * | 2019-08-20 | 2023-04-11 | 江西金格科技有限公司 | Electronic signature method based on electronic document image object |
CN113360878A (en) * | 2020-03-06 | 2021-09-07 | 深圳法大大网络科技有限公司 | Signature method, device, server and medium |
CN111641605A (en) * | 2020-05-16 | 2020-09-08 | 中信银行股份有限公司 | Electronic signature method and system based on dynamic password |
CN111641605B (en) * | 2020-05-16 | 2022-04-15 | 中信银行股份有限公司 | Electronic signature method and system based on dynamic password |
CN114221759A (en) * | 2021-11-29 | 2022-03-22 | 成都卫士通信息产业股份有限公司 | Remote monitoring deployment method and device, electronic equipment and storage medium |
CN114221759B (en) * | 2021-11-29 | 2024-04-12 | 成都卫士通信息产业股份有限公司 | Remote monitoring deployment method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10263969B2 (en) | Method and apparatus for authenticated key exchange using password and identity-based signature | |
US9781081B1 (en) | Leveraging transport-layer cryptographic material | |
JP4061288B2 (en) | WEB service system, requester, SOAP message intermediate processing device, requester request SOAP message processing method, requestor response SOAP message processing method, SOAP message intermediate processing device request SOAP message processing method, SOAP message intermediate SOAP message processing method and program for response of processing device | |
CN111130803B (en) | Method, system and device for digital signature | |
CN107204854A (en) | A kind of digital signature method based on USB TOKEN | |
AU2012367314B2 (en) | Secure peer discovery and authentication using a shared secret | |
JP2015517685A (en) | Method, apparatus and system for implementing media data processing | |
CN102624931A (en) | Method, device and system for interaction between Web client and server | |
CN104378379B (en) | A kind of digital content encrypted transmission method, equipment and system | |
CN107204853A (en) | A kind of wireless digital signature method of use mobile phone | |
CN105491073B (en) | Data downloading method, device and system | |
KR20150059347A (en) | Mobile terminal, terminal and method for authentication using security cookie | |
Cao et al. | Chain-based covert data embedding schemes in blockchain | |
CN105897746A (en) | Cross-website login method, terminal and website server | |
CN103368831B (en) | A kind of anonymous instant communicating system identified based on frequent visitor | |
CN114614994A (en) | API interface data communication method, device, client and storage medium | |
CN115276978A (en) | Data processing method and related device | |
CN113630412B (en) | Resource downloading method, resource downloading device, electronic equipment and storage medium | |
CN115296807B (en) | Key generation method, device and equipment for preventing industrial control network viruses | |
Fahl et al. | Trustsplit: usable confidentiality for social network messaging | |
CN116743376A (en) | Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology | |
Wang et al. | Research and Implementation of Hybrid Encryption System Based on SM2 and SM4 Algorithm | |
Kadam et al. | Hybrid rsa-aes encryption for web services | |
Chaurasia et al. | Authentication in cloud computing environment using two factor authentication | |
CN114503105A (en) | Password service for browser applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170926 |
|
RJ01 | Rejection of invention patent application after publication |