CN108900311A - A kind of no certificate bluetooth key endorsement method and system - Google Patents

A kind of no certificate bluetooth key endorsement method and system Download PDF

Info

Publication number
CN108900311A
CN108900311A CN201810929646.6A CN201810929646A CN108900311A CN 108900311 A CN108900311 A CN 108900311A CN 201810929646 A CN201810929646 A CN 201810929646A CN 108900311 A CN108900311 A CN 108900311A
Authority
CN
China
Prior art keywords
key
client
bluetooth
public key
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810929646.6A
Other languages
Chinese (zh)
Other versions
CN108900311B (en
Inventor
杜立翠
贺巧龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Hengbao Intelligent System Technology Co Ltd
Original Assignee
Jiangsu Hengbao Intelligent System Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Hengbao Intelligent System Technology Co Ltd filed Critical Jiangsu Hengbao Intelligent System Technology Co Ltd
Priority to CN201810929646.6A priority Critical patent/CN108900311B/en
Publication of CN108900311A publication Critical patent/CN108900311A/en
Application granted granted Critical
Publication of CN108900311B publication Critical patent/CN108900311B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

This application discloses a kind of no certificate bluetooth key endorsement method and systems, which is characterized in that including:When initiating transaction, client obtains pre-stored client public key mark from bluetooth key to verify the validity of bluetooth key;Bluetooth key carries out operation to the transaction message that the client is initiated and signs, and signature result is submitted to the client, the signature result is enclosed the client public key mark composition signature message and is sent to ebanking server sign test by client, and authorization this time operates after sign test passes through.It is identified using the embodiment of the present application using client public key as User Identity, not only reduces the time that mobile phone Internetbank APP reads User Identity from bluetooth key, improve the efficiency that mobile phone Internetbank APP transfers accounts, the user experience is improved;And reduce the total data packet number of signature message, improve efficiency of transmission.

Description

A kind of no certificate bluetooth key endorsement method and system
Technical field
This application involves art of cryptography, more particularly to a kind of no certificate bluetooth key endorsement method and system.
Background technique
Existing Internetbank bluetooth key is all based on the public key cryptosystem (PKI/CA) of certificate, the core element of PKI signature The digital certificate (identity information) signed and issued by CA, PKI service provided by it be exactly authenticate, data integrity, data confidentiality Property and non-repudiation.And include in certificate the main contents include user's name, CA title, client public key, validity period of certificate and CA is to the signature of above- mentioned information, if client public key is RSA1024, public key length is 128 bytes, corresponding CA signature length Degree is also 128 bytes, if client public key is RSA2048, client public key length one is 256 bytes, corresponding CA label Name one is also 256 bytes, since user's name and CA title length can differ according to the actual situation, therefore the public key based on certificate Certificate size about 1K or so in system, and classical bluetooth BLE can only transmit 20 bytes every time, transmit the data of 1k or so, It need at least transmit 50 times, this operation has seriously affected user experience.
Summary of the invention
The application proposes a kind of no certificate bluetooth key endorsement method and system, and the conjunction of user is verified by public key mark Method, and public key identifies included content and is far smaller than 1k, cell phone application reads public key mark from bluetooth key and demonstrate,proves more than reading Book is much faster, substantially increases user experience.
In order to achieve the above objectives, according to the embodiment of the present application in a first aspect, providing a kind of no certificate bluetooth key signer Method, including:
When initiating transaction, pre-stored client public key mark is obtained by client and verifies bluetooth key's in bluetooth key Validity;
Bluetooth key carries out operation to the transaction message that client is initiated and signs, and submits signature result, visitor to client Family termination receives affix client public key mark composition signature message after signature result.
It is as above, wherein a kind of no certificate bluetooth key endorsement method further includes that server end tests signature message Card, and the transaction request of authorized client operates after being verified.
As above, wherein pre-stored client public key mark is issued from cipher key center.
As above, wherein client public key, which identifies, includes:User identifier, system banner, validity period, User Part public key R.
It is as above, wherein User Part public key R calculation formula is:
R=rG=d1G+r2G=Q1+r2G;
Wherein,<G ,+>It is the addition cyclic group of the point composition on elliptic curve, (d1,Q1) it is that the SM2 that user generates is interim Key pair, d1For temporary private, Q1For temporary public key, r2It is to be generated by cipher key center;
According to the second aspect of the embodiment of the present application, a kind of no certificate bluetooth key endorsement method is provided, including:
Bluetooth key verifies user PIN, and after being verified, the bluetooth key generates SM2 temporary key to (d1,Q1), and handle Temporary public key Q1Return to the client;
Bluetooth key receives part private key d', client public key Q, the client public key mark C that client is sent;
Bluetooth key is to part private key d' and temporary private d1Private key for user d is obtained by operation, and verifies private key for user d With the matching of client public key Q;
It is verified, obtains public and private key (d, Q) and client public key mark C, and be written into bluetooth key.
It is as above, wherein a kind of no certificate bluetooth key endorsement method further includes:
User enters the client-side program and initiates public key mark downloading, and client-side program jumps to input bluetooth key and uses The interface of family PIN inputs bluetooth key user PIN;
It is as above, wherein a kind of no certificate bluetooth key endorsement method further includes:
Client is by user's temporary public key Q1And User ID is sent to code key center.
It is as above, wherein a kind of no certificate bluetooth key endorsement method further includes:
Cipher key center is according to User ID and temporary public key Q1Calculating section private key d', client public key Q and public key identify C, and Part private key d', client public key Q and public key mark C are returned into client;
According to the third aspect of the embodiment of the present application, a kind of no certificate bluetooth key signature system is provided, including:
It client, the server end being connect with client network and cipher key center and is connect with client by blueteeth network Bluetooth key, wherein
When client initiates transaction request, using above-mentioned first aspect the method;
When client initiates downloading public key mark, using above-mentioned second aspect the method.
As above, wherein
What the application realized has the beneficial effect that:
(1) a kind of no certificate bluetooth key endorsement method is identified using client public key as User Identity, is reduced Mobile phone Internetbank APP reads the time of User Identity from bluetooth key, improves the efficiency that mobile phone Internetbank APP transfers accounts, and is promoted User experience.
(2) when mobile phone Internetbank APP assembling signature message, replacement user certificate is identified using client public key, reduces signature Message total improves efficiency of transmission according to packet number.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The some embodiments recorded in application, for those of ordinary skill in the art, in the premise of not making the creative labor property Under, it is also possible to obtain other drawings based on these drawings.
In the accompanying drawings:
Fig. 1 is according to a kind of no certificate bluetooth key endorsement method flow chart disclosed in the present application;
Fig. 2 is according to a kind of no certificate bluetooth key endorsement method application scenarios schematic diagram disclosed in the present application;
Fig. 3 is according to client public key mark downloading scene in a kind of no certificate bluetooth key endorsement method disclosed in the present application Schematic diagram;
Fig. 4 is according to a kind of no certificate bluetooth key signature system composition block diagram disclosed in the present application.
Specific embodiment
This application discloses a kind of no certificate bluetooth key endorsement method and systems.
In order to make those skilled in the art better understand the technical solutions in the application, below in conjunction with the application reality The attached drawing in example is applied, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described implementation Example is merely a part but not all of the embodiments of the present application.Based on the embodiment of the present application, ordinary skill The model of the application protection all should belong in personnel's every other embodiment obtained without creative efforts It encloses.
In the embodiment of the present application, no certificate signature system be it is a kind of based on SM2, without using Bilinear map operation without certificate System is authenticated, in this system, client public key is identified instead of the digital certificate in PKI system.And client public key mark packet It includes:User identifier (18 byte), system banner (2 byte), validity period (6 byte), User Part public key (32 byte), therefore be based on No certificate verification system public key identification length can control within 64 bytes, far smaller than there is certificate in certificate signature system Length.
Fig. 4 is according to a kind of no certificate bluetooth key signature system composition block diagram disclosed in the present application.
As shown in figure 4, without certificate bluetooth key signature system 400 by cipher key center 410, client 420, bluetooth key430 And server end 440 is constituted,
Wherein, client 420 and server end 440 and cipher key center 410 are connected to the network, client 420 and bluetooth Key430 is connected by blueteeth network.
In the embodiment of the present application, client 420 can be mobile phone, Pad or other mobile terminals;Bluetooth key430 function can To include:Authentication, based on mobile support, meet the requirement of mainstream operation system and corresponding standard interface, number be provided Word signature provides dedicated digital signature standard, compatible bank's signature requirement etc.;Server end 440 can be bank validation Server etc.;Cipher key center 410 is key generation centre (Key Generation Center).
Fig. 1 is according to a kind of no certificate bluetooth key endorsement method flow chart disclosed in the present application;
This application discloses a kind of no certificate bluetooth key endorsement methods, including:
Step 110:When initiating transaction, pre-stored client public key mark is obtained by client 420 in bluetooth key430 And verify the validity of the bluetooth key430.
Step 120:The transaction message that bluetooth key430 initiates client 420 carries out operation and signs, and to client 420 submission signature results, client 420 enclose client public key mark composition signature message after receiving signature result;
Specifically, as shown in Fig. 2, for according to a kind of no certificate bluetooth key endorsement method application scenarios disclosed in the present application Schematic diagram.Wherein ebanking server is authentication server i.e. server end 440, and mobile phone Internetbank client is client 420; Specific network bank business process step is as follows:
201, user fills in Transaction Information, and submits;
Specifically, user logs in mobile phone Internetbank APP, fills in after Transaction Information and click submission;
202, client public key mark is obtained by Bluetooth channels;
203, public key mark is read;
204, public key mark is returned;
Specifically, Internetbank client obtains client public key mark, authentication verification bluetooth by Bluetooth channels from bluetooth key The validity of key;
205, transaction message is organized;
206, transaction is initiated;
207, it HASH and signs;
Specifically, Internetbank client tissue transaction message and initiate to trade, bluetooth key receive after transaction message to message into The corresponding HASH operation of row, and signature operation is carried out to message HASH value with private key for user;
208, signature result is returned;
209, signature message;
Specifically, signature result is issued Internetbank client by bluetooth key, Internetbank client will signature message (signature result Affix public key mark) it is sent to ebanking server;
210, client public key, and sign test are calculated;
211, it is verified;
212, it trades successfully;
Specifically, ebanking server according to client public key identify in User ID and User Part public key R to calculate user public Key, and sign test is carried out to signature result, after sign test passes through, authorization is this time operated.
In this specification embodiment, client public key mark is public by user identifier, system banner, validity period, User Part Key R is composed.
Specifically, cipher key center 410 generates one group of SM2 public private key pair (s, P),
S=(s1,s2,…,sN), P=(P1,P2,…,PN), wherein Pi=siG, if E is an elliptic curve,<G ,+>It is E On point composition addition cyclic group, n is<G ,+>Rank, and n be prime number;
Cipher key center 410 is saved s as system private key, and P is published as system public key, and total system must all trust System public key.
In this specification embodiment, client public key Q calculation formula is:
Q=R+ (a1P1+a2P2+…+aNPN);
Wherein, R=rG=d1G+r2G=Q1+r2G is generated jointly by user and cipher key center, (d1,Q1) it is user's generation Temporary key pair, d1For temporary private, Q1For temporary public key, r2It is to be generated by cipher key center;H (ID | | R)=(a1, a2,…,aN) be by ID | | the mapping of R to mark vector, aiValue be not limited to 0,1, can be arbitrary value.
In this specification embodiment, pre-stored client public key mark be issued by cipher key center 410, including:
Bluetooth key430 generates SM2 temporary key to (d1,Q1), and temporary public key Q1Return to client 420;
Client 420 is by user's temporary public key Q1And User ID is sent to cipher key center 410;
Cipher key center 410 is according to User ID and temporary public key Q1Calculating section private key d', client public key Q and public key identify C, And part private key d', client public key Q and public key mark C are returned into client 420;
Part private key d', client public key Q, client public key mark C are sent to bluetooth key430 by client 420;
Bluetooth key430 is to part private key d' and temporary private d1Real private key for user d is obtained by operation, and is verified The matching of private key for user d and client public key Q;
It is verified, obtains user's public and private key (d, Q) and client public key mark C and bluetooth key430 is written.
Specifically, as shown in figure 3, for according to a kind of no certificate bluetooth key endorsement method client public key disclosed in the present application Mark downloading schematic diagram of a scenario.User applies for that public key mark process is as follows:
301, public key mark downloading is initiated;
Specifically, user, which enters cipher key center client-side program, initiates public key mark downloading, client-side program be can be Browser is also possible to cell phone application etc.;
302, user PIN is inputted;
Specifically, client-side program jumps to the input interface bluetooth key user PIN, bluetooth key user PIN is inputted;
303, it issues and generates key pair instruction;
304, SM2 temporary key is generated to (d1,Q1);
305, bluetooth key returns to temporary public key Q1
Specifically, bluetooth key verifies user PIN, verification passes through, and client-side program issues generation key pair to bluetooth key Instruction, the interior SM2 temporary key that generates of bluetooth key is to (d1Temporary private, Q1Temporary public key), and temporary public key Q1Return to client Hold program;
306, temporary public key Q is sent1, User ID;
Specifically, client-side program is by user's temporary public key Q1And User ID (can be bluetooth key sequence number) is sent to Cipher key center;
307, User Part private key d', client public key Q, client public key are generated and identifies C;
Specifically, cipher key center is according to User ID and temporary public key Q1Calculating section private key d', client public key Q, Yong Hugong Key identifies C, and steps are as follows for calculating:
Step 1 calculates a User Part public key R=rG=d by user and the common livelihood of cipher key center1G+r2G=Q1+ r2G, d1That is temporary private, Q1It for temporary public key, is generated by user, r2Generated by cipher key center, construct an ID | | R to mark The mapping of vector:
H (ID | | R)=(a1,a2,…,aN) wherein aiValue be not limited to 0,1, can be arbitrary value.
Step 2, then cipher key center calculating section private key d':
D'=r2+a1s1+a2s2+…+aNsN(modn)
Step 3, cipher key center calculate client public key Q:
Q=R+ (a1P1+a2P2+…+aNPN)
Step 4, cipher key center combine to form user according to user identifier, system banner, validity period, User Part public key R Public key identifies C.
308, returning part private key d', client public key Q, client public key identify C;
Specifically, part private key d', client public key Q, client public key mark C are returned to 420 journey of client by cipher key center Sequence;
309, returning part private key d', client public key Q, client public key identify C;
Part private key d', client public key Q, client public key mark C are sent to bluetooth key by client-side program;
310, pass through temporary private d1Real private key d is calculated with part private key d', whether verifying d and Q matches, if Match, stores d, Q and C;
Specifically, bluetooth key is by part private key d' and key temporary private d1Real private key for user d is obtained by operation, And the matching of private key for user d and client public key Q are verified, user's public and private key (d, Q), client public key are identified into C if matching It is respectively written into Key.
Specifically, the calculating process of private key for user d is as follows:
D=d1+d'(modn)
Then have:
D=r+a1s1+a2s2+…+aNsN(modn)
Specifically, the matching process of verifying private key for user d and client public key Q is as follows:
It calculates known to the corresponding public key Q' of private key for user d:Q'=dG=R+ (a1P1+a2P2+…+aNPN)
Comparison show that Q'=Q, i.e. d and Q are matched, is otherwise mismatch.
311, it returns successfully;
312, display application client public key identifies successfully.
The application proposes a kind of no certificate bluetooth key endorsement method and system, and the conjunction of user is verified by public key mark Method, realization have the beneficial effect that:
(1) a kind of no certificate bluetooth key endorsement method is identified using client public key as subscriber identity information, is reduced Mobile phone Internetbank APP reads the time of subscriber identity information from bluetooth key, improves the efficiency that mobile phone Internetbank APP transfers accounts, and is promoted User experience.
(2) when mobile phone Internetbank APP assembling signature message, replacement user certificate is identified using client public key, reduces signature Message total improves efficiency of transmission according to packet number.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
The application is reference according to the method for the embodiment of the present application, the stream of bluetooth key (system) and computer program product Journey figure and/or block diagram describe.It should be understood that can be realized by computer program instructions each in flowchart and/or the block diagram The combination of process and/or box in process and/or box and flowchart and/or the block diagram.It can provide these computer journeys Processor of the sequence instruction to general purpose computer, special purpose computer, Embedded Processor or other programmable datas processing bluetooth key To generate a machine, so that being produced by the instruction that the processor that computer or other programmable datas handle bluetooth key executes Life is for realizing the function of specifying in one or more flows of the flowchart and/or one or more blocks of the block diagram Device.
These computer program instructions may also be stored in be able to guide computer or other programmable datas processing bluetooth key with In the computer-readable memory of ad hoc fashion work, so that instruction stored in the computer readable memory generation includes The manufacture of command device, the command device are realized in one box of one or more flows of the flowchart and/or block diagram Or the function of being specified in multiple boxes.
These computer program instructions can also be loaded on computer or other programmable datas processing bluetooth key, so that Series of operation steps are executed on computer or other programmable bluetooth key to generate computer implemented processing, thus The instruction executed on computer or other programmable bluetooth key is provided for realizing in one or more flows of the flowchart And/or in one or more blocks of the block diagram specify function the step of.
Although the preferred embodiment of the application has been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the application range.Obviously, those skilled in the art can be to the application Various modification and variations are carried out without departing from spirit and scope.If in this way, these modifications and variations of the application Belong within the scope of the claim of this application and its equivalent technologies, then the application is also intended to encompass these modification and variations and exists It is interior.

Claims (10)

1. a kind of no certificate bluetooth key endorsement method, which is characterized in that including:
When initiating transaction, pre-stored client public key mark is obtained by client and verifies the bluetooth key's in bluetooth key Validity;
The bluetooth key carries out operation to the transaction message that the client is initiated and signs, and submits and sign to the client Name is as a result, the client receives the mark of client public key described in affix composition signature message after signature result.
2. a kind of no certificate bluetooth key endorsement method according to claim 1, which is characterized in that further include:Server end Sign test is carried out to the signature message, and authorizes the transaction request of the client to operate after sign test passes through.
3. a kind of no certificate bluetooth key endorsement method according to claim 1, which is characterized in that described pre-stored Client public key mark is issued by cipher key center.
4. a kind of no certificate bluetooth key endorsement method according to claim 3, which is characterized in that the client public key mark Knowledge includes:User identifier, system banner, validity period, User Part public key R.
5. a kind of no certificate bluetooth key endorsement method according to claim 4, which is characterized in that
The User Part public key R calculation formula is:
R=rG=d1G+r2G=Q1+r2G;
Wherein,<G ,+>It is the addition cyclic group of the point composition on elliptic curve, (d1,Q1) it is the SM2 temporary key that user generates It is right, d1For temporary private, Q1For temporary public key, r2It is to be generated by cipher key center.
6. a kind of no certificate bluetooth key endorsement method, which is characterized in that including:
Bluetooth key verifies user PIN, and after being verified, the bluetooth key generates SM2 temporary key to (d1,Q1), and interim Public key Q1Return to client;
The bluetooth key receives part private key d', client public key Q, the client public key mark C that the client is sent;
The bluetooth key is to part private key d' and temporary private d1Obtain private key for user d by operation, and verify private key for user d and The matching of client public key Q;
It is verified, obtains public and private key (d, Q) and client public key mark C, and be written into the bluetooth key.
7. a kind of no certificate bluetooth key endorsement method according to claim 6, which is characterized in that further include:
Before bluetooth key checking PIN, user enters the client-side program and initiates public key mark downloading request, the client It holds programming jump to the interface of input bluetooth key user PIN, inputs bluetooth key user PIN.
8. a kind of no certificate bluetooth key endorsement method according to claim 6, which is characterized in that further include:
The client is by user's temporary public key Q1And User ID is sent to cipher key center.
9. a kind of no certificate bluetooth key endorsement method according to claim 8, which is characterized in that further include:
The cipher key center is according to User ID and the temporary public key Q1Calculating section private key d', client public key Q and the public key mark Know C, and part private key d', client public key Q and public key mark C are returned into the client.
10. a kind of no certificate bluetooth key signature system, which is characterized in that including:
Client, the server end connecting with the client network and cipher key center and pass through blueteeth network with the client The bluetooth key of connection, wherein
When the client initiates transaction request, 1-5 the method is required for perform claim;
When the client initiates downloading public key mark, 6-9 the method is required for perform claim.
CN201810929646.6A 2018-08-15 2018-08-15 Certificateless Bluetooth key signature method and system Active CN108900311B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810929646.6A CN108900311B (en) 2018-08-15 2018-08-15 Certificateless Bluetooth key signature method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810929646.6A CN108900311B (en) 2018-08-15 2018-08-15 Certificateless Bluetooth key signature method and system

Publications (2)

Publication Number Publication Date
CN108900311A true CN108900311A (en) 2018-11-27
CN108900311B CN108900311B (en) 2021-04-27

Family

ID=64354260

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810929646.6A Active CN108900311B (en) 2018-08-15 2018-08-15 Certificateless Bluetooth key signature method and system

Country Status (1)

Country Link
CN (1) CN108900311B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327310A (en) * 2018-11-30 2019-02-12 江苏恒宝智能系统技术有限公司 A kind of link protection method based on no certificate
CN109560931A (en) * 2018-11-30 2019-04-02 江苏恒宝智能系统技术有限公司 A kind of equipment remote upgrade method based on no Certification system
US11328039B2 (en) * 2019-03-05 2022-05-10 Kyocera Document Solutions Inc. Electronic apparatus, and method of controlling electronic apparatus
CN114640989A (en) * 2022-03-26 2022-06-17 三未信安科技股份有限公司 System and method for managing cryptographic module based on wireless communication technology
CN116156495A (en) * 2023-04-11 2023-05-23 支付宝(杭州)信息技术有限公司 Security environment body checking method and system based on wireless signals

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101378315A (en) * 2007-08-27 2009-03-04 华为技术有限公司 Method, system, equipment and server for packet authentication
CN101951603A (en) * 2010-10-14 2011-01-19 中国电子科技集团公司第三十研究所 Access control method and system for wireless local area network
CN104539423A (en) * 2014-12-16 2015-04-22 熊荣华 Achievement method of certificate-less public key cryptosystem without bilinear pairing operation
CN105450396A (en) * 2016-01-11 2016-03-30 长沙市迪曼森信息科技有限公司 Certificate-free combined secret key generation and application method
CN105553662A (en) * 2014-10-29 2016-05-04 航天信息股份有限公司 Dynamic digital right management method and system based on identification password
CN105743649A (en) * 2014-12-11 2016-07-06 中兴通讯股份有限公司 User signature and user signature decryption method, device and system
WO2017114809A1 (en) * 2015-12-28 2017-07-06 Bull Sas Second dynamic authentication of an electronic signature using a secure hardware module

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101378315A (en) * 2007-08-27 2009-03-04 华为技术有限公司 Method, system, equipment and server for packet authentication
CN101951603A (en) * 2010-10-14 2011-01-19 中国电子科技集团公司第三十研究所 Access control method and system for wireless local area network
CN105553662A (en) * 2014-10-29 2016-05-04 航天信息股份有限公司 Dynamic digital right management method and system based on identification password
CN105743649A (en) * 2014-12-11 2016-07-06 中兴通讯股份有限公司 User signature and user signature decryption method, device and system
CN104539423A (en) * 2014-12-16 2015-04-22 熊荣华 Achievement method of certificate-less public key cryptosystem without bilinear pairing operation
WO2017114809A1 (en) * 2015-12-28 2017-07-06 Bull Sas Second dynamic authentication of an electronic signature using a secure hardware module
CN105450396A (en) * 2016-01-11 2016-03-30 长沙市迪曼森信息科技有限公司 Certificate-free combined secret key generation and application method

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327310A (en) * 2018-11-30 2019-02-12 江苏恒宝智能系统技术有限公司 A kind of link protection method based on no certificate
CN109560931A (en) * 2018-11-30 2019-04-02 江苏恒宝智能系统技术有限公司 A kind of equipment remote upgrade method based on no Certification system
CN109560931B (en) * 2018-11-30 2020-11-24 江苏恒宝智能系统技术有限公司 Equipment remote upgrading method based on certificate-free system
US11328039B2 (en) * 2019-03-05 2022-05-10 Kyocera Document Solutions Inc. Electronic apparatus, and method of controlling electronic apparatus
CN114640989A (en) * 2022-03-26 2022-06-17 三未信安科技股份有限公司 System and method for managing cryptographic module based on wireless communication technology
CN114640989B (en) * 2022-03-26 2023-09-26 三未信安科技股份有限公司 System and method for managing cryptographic module based on wireless communication technology
CN116156495A (en) * 2023-04-11 2023-05-23 支付宝(杭州)信息技术有限公司 Security environment body checking method and system based on wireless signals

Also Published As

Publication number Publication date
CN108900311B (en) 2021-04-27

Similar Documents

Publication Publication Date Title
CN108900311A (en) A kind of no certificate bluetooth key endorsement method and system
US9871655B2 (en) Method for deriving a verification token from a credential
CN109067539B (en) Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium
CN106161359B (en) It authenticates the method and device of user, register the method and device of wearable device
US20240095713A1 (en) Method, client device and pos terminal for offline transaction
US11882509B2 (en) Virtual key binding method and system
CN117579281A (en) Method and system for ownership verification using blockchain
CN108234385A (en) A kind of method for authenticating user identity and device
CN113541970B (en) Method and system for using distributed identifier
CN110189184B (en) Electronic invoice storage method and device
CN110189013A (en) A kind of determination method, apparatus, equipment and the medium of operation flow
CN104836776A (en) Data interaction method and device
CN111931209B (en) Contract information verification method and device based on zero knowledge proof
CN109981278A (en) Applying digital certificate method, system, subscriber identification card, equipment and medium
CN109413084A (en) A kind of password update method, apparatus and system
US10171249B2 (en) Privacy friendly location based services
CN110363533A (en) A kind of real-name authentication system and method
CN111949958A (en) Authorization authentication method and device in Oauth protocol
CN109302286B (en) Fido equipment key index generation method
CN112801660B (en) Secret subscription-free method and device of payment protocol
CN109766716A (en) A kind of anonymous bidirectional authentication method based on trust computing
CN115705601A (en) Data processing method and device, computer equipment and storage medium
CN106533681A (en) Attribute attestation method and system supporting partial presentation
CN115426106A (en) Identity authentication method, device, system, electronic equipment and storage medium
CN112491777B (en) Cross-block chain identity authentication method, computer equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 801, 8 / F, building 4a, international R & D headquarters park, 68 Olympic street, Jianye District, Nanjing City, Jiangsu Province 210019

Applicant after: JIANGSU HENGBAO INTELLIGENT SYSTEM TECHNOLOGY Co.,Ltd.

Address before: Hengtang Industrial Park, Yunyang town, Danyang City, Zhenjiang City, Jiangsu Province

Applicant before: JIANGSU HENGBAO INTELLIGENT SYSTEM TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant