CN107204854A - A kind of digital signature method based on USB TOKEN - Google Patents

A kind of digital signature method based on USB TOKEN Download PDF

Info

Publication number
CN107204854A
CN107204854A CN201710520668.2A CN201710520668A CN107204854A CN 107204854 A CN107204854 A CN 107204854A CN 201710520668 A CN201710520668 A CN 201710520668A CN 107204854 A CN107204854 A CN 107204854A
Authority
CN
China
Prior art keywords
server
signature
token
usb
digital signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710520668.2A
Other languages
Chinese (zh)
Inventor
方洪海
张�荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Test Information Technology Co Ltd
Original Assignee
Shanghai Test Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Test Information Technology Co Ltd filed Critical Shanghai Test Information Technology Co Ltd
Priority to CN201710520668.2A priority Critical patent/CN107204854A/en
Publication of CN107204854A publication Critical patent/CN107204854A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Abstract

The invention discloses a kind of digital signature method based on USB TOKEN, USB TOKEN are inserted in client, carrying out the long of socket by middleware and server is connected the file progress digital signature realized to high in the clouds.While normal document signing is met, USB TOKEN and the separation signed documents are realized again, the need for greatly having expanded the various actual environments that digital certificate signs documents.It is supplied to a kind of extraordinary Consumer's Experience of user and the sense of security of digital certificate stamped signature.

Description

A kind of digital signature method based on USB-TOKEN
Technical field
The present invention relates to digital signature method.
Background technology
Under the situation that current web universe develops on a large scale, Network Mobility, Internet of Things networking, terminal variation, network application The features such as popular, cloud service are increasingly highlighted, but thing followed information security issue is also all the more obvious, on the one hand each Informatization Service, virtual information service is planted to be continuously increased;On the other hand, corresponding information security technology is not but general by masses All over using.
In the application of numerous safe practices, the encryption and authentication of electronic document are an important applications, mutual Networking epoch, people transmit various electronic documents in a network, there is the possibility divulged a secret and be forged at any time, particularly some weights The electronic document wanted, such as contract, legal documents etc..It is very to carry out digital certificate signature and encryption to these important documents Important thing, although say current electronic document stamped signature technology all comparative maturities, but will by sign test server of such as signing, The special equipments such as stamped signature server, but these special encryption devices are bad is understood by masses, and also be difficult to by common big Crowd is applied, thus research and development be easier by popular understanding and operation application technology be very important.
The content of the invention
It is an object of the invention to provide one kind with USB-TOKEN (loading digital certificate), in client to high in the clouds text The method that part carries out digital signature, realizes USB-TOKEN and the separation signed documents.
Digital signature method based on USB-TOKEN,
Realizing the technical scheme of above-mentioned purpose is:
A kind of digital signature method based on USB-TOKEN, USB-TOKEN is inserted in client, passes through middleware and clothes Being engaged in, (two programs on network realize the exchange of data by a two-way communication connection to device progress socket, this connection One end be referred to as a socket) long connection realize digital signature carried out to the file in high in the clouds.
In the above-mentioned digital signature method based on USB-TOKEN, including:
User controls middleware to be connected with the length that server carries out socket by the browser of client;
User is uploaded by the browser of client to be treated stamped signature document to server or treats stamped signature document in itself in server On;
Server return treat stamped signature document hash (typically translate into " hash ", or Hash, by a kind of random length Message is compressed into the function of the eap-message digest of a certain regular length by hash) value is to middleware;
Middleware calls the private key in USB-TOKEN to carry out encrypted signature to HASH values, and returns to signature value to server;
Server treat stamped signature document carry out digital signature, and by the document after stamped signature be back to client browser or Stay on the server.
In the above-mentioned digital signature method based on USB-TOKEN, user is defeated after client insertion USB-TOKEN Enter respective certificate password;
When middleware returns to signature value to server, secondary encryption is carried out to signature value;Signature value of the server to reception It is decrypted.
In the above-mentioned digital signature method based on USB-TOKEN, BS frameworks are used between browser and server (Browser/Server, Browser/Server Mode) http agreements are communicated;
Communicated between middleware and server using CS (Cl ient/Server, client-server) socket.
The beneficial effects of the invention are as follows:The present invention passes through middleware and server by inserting USB-TOKEN in client The long of socket is carried out to connect and realize the file progress digital signature to high in the clouds.While normal document signing is met, USB-TOKEN and the separation signed documents are realized again, have greatly expanded the various actual environments that digital certificate signs documents Need.On the one hand, the various compatibility issues of conventional client digital certificate stamped signature have been broken away from.On the other hand, it is to avoid tradition High in the clouds stamped signature digital certificate not within the hand of a user, and do not need user's input cryptographic certificate, further improves user The security of digital certificate.For another angle, this is supplied to user's one kind of digital certificate stamped signature extraordinary Consumer's Experience and the sense of security, help this advanced electronic signature technology of Electronic Signature to be able to popularity, and one is entered for encryption industry Step is understood by ordinary populace provides important foundation with operating.
Brief description of the drawings
Fig. 1 is the connection diagram between client and server in the present invention;
Fig. 2 is the simple process figure of the digital signature method of the present invention;
Fig. 3 is the particular flow sheet of the digital signature method of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the invention will be further described.
Fig. 1 to Fig. 3 is referred to, the digital signature method of the invention based on USB-TOKEN combines USB-TOKEN hard The multiple technologies such as part reading, the transmission of digital certificate encryption technology, Electronic Signature technology, http agreements, socket communications, are safety Sign high in the clouds file and provide a kind of efficiently stamped signature scheme of safety, and possess fabulous customer experience sense, help simultaneously Client understands, it is quick, efficiently, conveniently apply digital signature.The typical application scenarios of high in the clouds file are for example:Laboratory examination & approval detection Report, and examining report is generated in service end.
The digital signature method of the present invention, mainly by inserting USB-TOKEN in client, passes through middleware and server The long connection realization for carrying out socket carries out digital signature to the file in high in the clouds.Specifically include the following steps:
Step S1, user is clicked on by the browser of client and uploads document, and browser notifies middleware Connection Service, clear Look between device and server and to be communicated using BS framework http agreements.The length that middleware carries out socket with server is connected. User inputs respective certificate password after client insertion USB-TOKEN.Middleware is C++ middlewares.
Step S2, user is uploaded by the browser of client to be treated stamped signature document to server or treats that stamped signature document exists in itself On server.First communicated using BS framework http agreements, the socket connections kept are then determined whether on request, are carried out Significant data is transmitted, it is ensured that the safety and stability of transmission.
Step S3, server, which is returned, treats the hash values of stamped signature document to middleware.Especially sign the big file in high in the clouds when Wait, it is only necessary to obtain the hash values of file, middleware is passed to by socket and is digitally signed, return again to high in the clouds and signed Chapter, greatly accelerates the speed of big document signing.
Step S4, middleware calls private key in USB-TOKEN to carry out encrypted signature to HASH values, and return signature value to Server;Secondary encryption now is carried out to signature value.The signature value of reception is decrypted server.
Step S5, server treats stamped signature document and carries out digital signature, and the document after stamped signature is back into client Browser retains on the server.
Above example is used for illustrative purposes only, rather than limitation of the present invention, about the technology people of technical field Member, without departing from the spirit and scope of the present invention, can also make various conversion or modification, therefore all equivalent Technical scheme should also belong to scope of the invention, should be limited by each claim.

Claims (4)

1. a kind of digital signature method based on USB-TOKEN, it is characterised in that USB-TOKEN is inserted in client, in Between part and server carry out the long of socket and be connected the file progress digital signature realized to high in the clouds.
2. the digital signature method according to claim 1 based on USB-TOKEN, it is characterised in that including:
User controls middleware to be connected with the length that server carries out socket by the browser of client;
User is uploaded by the browser of client to be treated stamped signature document to server or treats stamped signature document in itself on the server;
Server, which is returned, treats the hash values of stamped signature document to middleware;
Middleware calls the private key in USB-TOKEN to carry out encrypted signature to HASH values, and returns to signature value to server;
Server treats stamped signature document and carries out digital signature, and the document after stamped signature is back into the browser of client or stayed in On server.
3. the digital signature method according to claim 2 based on USB-TOKEN, it is characterised in that user is in client Insert after USB-TOKEN, input respective certificate password;
When middleware returns to signature value to server, secondary encryption is carried out to signature value;Server is carried out to the signature value of reception Decryption.
4. the digital signature method according to claim 2 based on USB-TOKEN, it is characterised in that
Communicated between browser and server using BS framework http agreements;
Communicated between middleware and server using CS socket.
CN201710520668.2A 2017-06-30 2017-06-30 A kind of digital signature method based on USB TOKEN Pending CN107204854A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710520668.2A CN107204854A (en) 2017-06-30 2017-06-30 A kind of digital signature method based on USB TOKEN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710520668.2A CN107204854A (en) 2017-06-30 2017-06-30 A kind of digital signature method based on USB TOKEN

Publications (1)

Publication Number Publication Date
CN107204854A true CN107204854A (en) 2017-09-26

Family

ID=59910428

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710520668.2A Pending CN107204854A (en) 2017-06-30 2017-06-30 A kind of digital signature method based on USB TOKEN

Country Status (1)

Country Link
CN (1) CN107204854A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109919579A (en) * 2019-02-27 2019-06-21 上海棕榈电脑系统有限公司 Electronic document contracting method, device, storage medium and equipment
CN110532808A (en) * 2019-08-20 2019-12-03 江西金格科技股份有限公司 A kind of electronic signature method based on electronic document image object
CN111641605A (en) * 2020-05-16 2020-09-08 中信银行股份有限公司 Electronic signature method and system based on dynamic password
CN113360878A (en) * 2020-03-06 2021-09-07 深圳法大大网络科技有限公司 Signature method, device, server and medium
CN114221759A (en) * 2021-11-29 2022-03-22 成都卫士通信息产业股份有限公司 Remote monitoring deployment method and device, electronic equipment and storage medium
CN114221759B (en) * 2021-11-29 2024-04-12 成都卫士通信息产业股份有限公司 Remote monitoring deployment method and device, electronic equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101246565A (en) * 2007-07-31 2008-08-20 北京科翰软件有限公司 Web page electric signature intermediate part system
CN102291808A (en) * 2011-06-03 2011-12-21 莫雅静 Network communication method, communication equipment and middleware of communication equipment
CN102324008A (en) * 2011-09-23 2012-01-18 郑州信大捷安信息技术股份有限公司 Web bank's FTP client FTP and method of application based on USB safety storing encrypted card
CN103457736A (en) * 2013-08-29 2013-12-18 无锡华御信息技术有限公司 System and method for receiving and sending official document based on WEB
EP2098962B1 (en) * 2008-03-04 2014-05-21 Apple Inc. Synchronization server process
CN105429754A (en) * 2014-09-23 2016-03-23 西部安全认证中心有限责任公司 Management method and system of national standard electronic seal
CN102946314B (en) * 2012-11-08 2016-04-20 成都卫士通信息产业股份有限公司 A kind of client-side user identity authentication method based on browser plug-in
CN106452793A (en) * 2016-11-21 2017-02-22 航天信息股份有限公司 Method and system of electronic signature

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101246565A (en) * 2007-07-31 2008-08-20 北京科翰软件有限公司 Web page electric signature intermediate part system
EP2098962B1 (en) * 2008-03-04 2014-05-21 Apple Inc. Synchronization server process
CN102291808A (en) * 2011-06-03 2011-12-21 莫雅静 Network communication method, communication equipment and middleware of communication equipment
CN102324008A (en) * 2011-09-23 2012-01-18 郑州信大捷安信息技术股份有限公司 Web bank's FTP client FTP and method of application based on USB safety storing encrypted card
CN102946314B (en) * 2012-11-08 2016-04-20 成都卫士通信息产业股份有限公司 A kind of client-side user identity authentication method based on browser plug-in
CN103457736A (en) * 2013-08-29 2013-12-18 无锡华御信息技术有限公司 System and method for receiving and sending official document based on WEB
CN105429754A (en) * 2014-09-23 2016-03-23 西部安全认证中心有限责任公司 Management method and system of national standard electronic seal
CN106452793A (en) * 2016-11-21 2017-02-22 航天信息股份有限公司 Method and system of electronic signature

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109919579A (en) * 2019-02-27 2019-06-21 上海棕榈电脑系统有限公司 Electronic document contracting method, device, storage medium and equipment
CN109919579B (en) * 2019-02-27 2022-02-25 上海棕榈电脑系统有限公司 Electronic document signing method, device, storage medium and equipment
CN110532808A (en) * 2019-08-20 2019-12-03 江西金格科技股份有限公司 A kind of electronic signature method based on electronic document image object
CN110532808B (en) * 2019-08-20 2023-04-11 江西金格科技有限公司 Electronic signature method based on electronic document image object
CN113360878A (en) * 2020-03-06 2021-09-07 深圳法大大网络科技有限公司 Signature method, device, server and medium
CN111641605A (en) * 2020-05-16 2020-09-08 中信银行股份有限公司 Electronic signature method and system based on dynamic password
CN111641605B (en) * 2020-05-16 2022-04-15 中信银行股份有限公司 Electronic signature method and system based on dynamic password
CN114221759A (en) * 2021-11-29 2022-03-22 成都卫士通信息产业股份有限公司 Remote monitoring deployment method and device, electronic equipment and storage medium
CN114221759B (en) * 2021-11-29 2024-04-12 成都卫士通信息产业股份有限公司 Remote monitoring deployment method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US10263969B2 (en) Method and apparatus for authenticated key exchange using password and identity-based signature
US9781081B1 (en) Leveraging transport-layer cryptographic material
JP4061288B2 (en) WEB service system, requester, SOAP message intermediate processing device, requester request SOAP message processing method, requestor response SOAP message processing method, SOAP message intermediate processing device request SOAP message processing method, SOAP message intermediate SOAP message processing method and program for response of processing device
CN111130803B (en) Method, system and device for digital signature
CN107204854A (en) A kind of digital signature method based on USB TOKEN
AU2012367314B2 (en) Secure peer discovery and authentication using a shared secret
JP2015517685A (en) Method, apparatus and system for implementing media data processing
CN102624931A (en) Method, device and system for interaction between Web client and server
CN104378379B (en) A kind of digital content encrypted transmission method, equipment and system
CN107204853A (en) A kind of wireless digital signature method of use mobile phone
CN105491073B (en) Data downloading method, device and system
KR20150059347A (en) Mobile terminal, terminal and method for authentication using security cookie
Cao et al. Chain-based covert data embedding schemes in blockchain
CN105897746A (en) Cross-website login method, terminal and website server
CN103368831B (en) A kind of anonymous instant communicating system identified based on frequent visitor
CN114614994A (en) API interface data communication method, device, client and storage medium
CN115276978A (en) Data processing method and related device
CN113630412B (en) Resource downloading method, resource downloading device, electronic equipment and storage medium
CN115296807B (en) Key generation method, device and equipment for preventing industrial control network viruses
Fahl et al. Trustsplit: usable confidentiality for social network messaging
CN116743376A (en) Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology
Wang et al. Research and Implementation of Hybrid Encryption System Based on SM2 and SM4 Algorithm
Kadam et al. Hybrid rsa-aes encryption for web services
Chaurasia et al. Authentication in cloud computing environment using two factor authentication
CN114503105A (en) Password service for browser applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170926

RJ01 Rejection of invention patent application after publication