CN109379181A - It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment - Google Patents
It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN109379181A CN109379181A CN201810911749.XA CN201810911749A CN109379181A CN 109379181 A CN109379181 A CN 109379181A CN 201810911749 A CN201810911749 A CN 201810911749A CN 109379181 A CN109379181 A CN 109379181A
- Authority
- CN
- China
- Prior art keywords
- information
- dimensional code
- digital certificate
- digital
- application data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Physics & Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Computing Systems (AREA)
- Mathematical Analysis (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Storage Device Security (AREA)
Abstract
Purpose of this disclosure is to provide a kind of method and apparatus for generating, verifying two dimensional code, storage medium and electronic equipment are not high enough using the safety of two dimensional code in the related technology to solve the problems, such as.The method for generating two dimensional code is applied to two dimensional code and generates end, comprising: obtains application data information, the digital certificate information for generating end, and the private key of the corresponding digital certificate;Signature processing is carried out to the application data information by the private key, obtains digital signature information;Based on the application data information, the digital signature information and the digital certificate information generate two dimensional code.
Description
Technical field
This disclosure relates to field of information processing, and in particular, to a kind of method and apparatus for generating, verifying two dimensional code are deposited
Storage media and electronic equipment.
Background technique
With the development of intelligent terminal technology, mobile interchange technology and cloud computing technology, more and more internet are answered
With start be applied to intelligent mobile terminal, such as: for the Alipay of mobile phone terminal, wechat, Internetbank.It is manual in order to reduce user
There is the usage scenario that planar bar code technology is combined with various applications in the triviality of typing information, for example, at intelligent movable end
By scanning the two-dimensional code on end, realize that barcode scanning certification and login, barcode scanning payment, barcode scanning cycling, barcode scanning plusing good friend, barcode scanning enter group etc.
Function effectively improves the usage experience in various scenes of mobile terminal user.
Since itself is a two-dimensional data storage areas for two dimensional code, arranged without any safety measure and authenticity verification
It applies, therefore the credibility of two dimensional code is difficult to ensure, this is also that offender using two dimensional code carries out fishing swindle, illegal to obtain letter
Breath leaves very big loophole.The false two dimensional code of scanning input gently then reveals identity information, heavy then can lose property and money.
Summary of the invention
Purpose of this disclosure is to provide a kind of method and apparatus for generating, verifying two dimensional code, storage medium and electronic equipment,
It is not high enough using the safety of two dimensional code in the related technology to solve the problems, such as.
To achieve the goals above, in a first aspect, the embodiment of the present disclosure provides a kind of method for generating two dimensional code, the side
Method is applied to two dimensional code and generates end, which comprises
Obtain application data information, the digital certificate information for generating end, and the private key of the corresponding digital certificate;
Signature processing is carried out to the application data information by the private key, obtains digital signature information;
Based on the application data information, the digital signature information and the digital certificate information generate two dimensional code.
Optionally, the digital certificate information is the digital certificate for generating end, alternatively, the digital certificate information is
Index information of the digital certificate for generating end in certification authority.
Optionally, it is based on the application data information, the digital signature information and the digital certificate information generate two
Tie up code, comprising:
Based on the application data information, the digital signature information and the digital certificate information, editing network link
Address information;
The two dimensional code is generated based on the network connection address information.
Second aspect, the embodiment of the present disclosure provide a kind of method for verifying two dimensional code, and the method is applied to two dimensional code
Verifying end, which comprises
It scans the two-dimensional code, to extract the application data information carried in the two dimensional code, digital signature information and number card
Letter breath;
Judge whether digital certificate information meets well-formedness condition;
In the case where the digital certificate information meets well-formedness condition, by public key in digital certificate and described answer
The legitimacy of the digital signature information is verified with data information;
In the case where the digital signature information is legal, determine that the two dimensional code is credible.
Optionally, the digital certificate information is the digital certificate in the index information of certification authority, and the method is also
Include:
The corresponding digital certificate of the index information is obtained from certification authority.
Optionally, the well-formedness condition, comprising:
The digital certificate is in validity period of certificate, and the digital certificate is demonstrate,proved by the number that the verifying end stores
The credit of book root certificate is verified, and the digital certificate is not nullified.
The third aspect, the embodiment of the present disclosure provide a kind of device for generating two dimensional code, and described device is raw applied to two dimensional code
Cheng Duan, described device include:
Module is obtained, for obtaining application data information, the digital certificate information for generating end, and the corresponding number
The private key of word certificate;
Digital Signature module obtains number for carrying out signature processing to the application data information by the private key
Signing messages;
Generation module, for being based on the application data information, the digital signature information and the digital certificate information
Generate two dimensional code.
Optionally, the digital certificate information is the digital certificate for generating end, alternatively, the digital certificate information is
Index information of the digital certificate for generating end in certification authority.
Optionally, it is based on the application data information, the generation module is used for:
Based on the application data information, the digital signature information and the digital certificate information, editing network link
Address information;
The two dimensional code is generated based on the network connection address information.
Fourth aspect, the embodiment of the present disclosure provide a kind of device for verifying two dimensional code, and described device is applied to two dimensional code
Verifying end, described device include:
Scan module, for scanning the two-dimensional code, to extract the application data information carried in the two dimensional code, digital signature
Information and digital certificate information;
Judgment module, for judging whether digital certificate information meets well-formedness condition;
Authentication module, in the case where the digital certificate information meets well-formedness condition, by digital certificate
Public key and the application data information verify the legitimacy of the digital signature information;
Determining module, for determining that the two dimensional code is credible in the case where the digital signature information is legal.
Optionally, the digital certificate information is the digital certificate in the index information of certification authority, and described device is also
Including enquiry module, for obtaining the corresponding digital certificate of the index information from certification authority.
Optionally, the well-formedness condition, comprising:
The digital certificate is in validity period of certificate, and the digital certificate is demonstrate,proved by the number that the verifying end stores
The credit of book root certificate is verified, and the digital certificate is not nullified.
5th aspect, the embodiment of the present disclosure provide a kind of computer readable storage medium, are stored thereon with computer program,
The step of any one of first aspect the method is realized when the program is executed by processor.
6th aspect, the embodiment of the present disclosure provide a kind of electronic equipment, comprising:
Memory is stored thereon with computer program;
Processor, for executing the computer program in the memory, to realize any one of first aspect institute
The step of stating method.
5th aspect, the embodiment of the present disclosure provide a kind of computer readable storage medium, are stored thereon with computer program,
The step of any one of second aspect the method is realized when the program is executed by processor.
6th aspect, the embodiment of the present disclosure provide a kind of electronic equipment, comprising:
Memory is stored thereon with computer program;
Processor, for executing the computer program in the memory, to realize any one of second aspect institute
The step of stating method.
Above-mentioned technical proposal, by obtaining application data information, corresponding two dimensional code generates the digital certificate information that end possesses,
And the private key of the corresponding digital certificate, then signature processing is carried out to the application data information by the private key, it obtains
Digital signature information is further based on the application data information, the digital signature information and the digital certificate information
Two dimensional code is generated, so that two dimensional code verifying end meets lawful condition and the digital signature in the verifying digital certificate information
In the case that information is legal, determine that the two dimensional code is credible.
Through the above technical solutions, two dimensional code, which generates end, is digitally signed certification to two dimensional code, by obtaining two dimensional code
The identity that the digital certificate for generating end generates end to two dimensional code is verified, to verify the confidence level of two dimensional code, improves two
The safety that dimension code uses.
Other feature and advantage of the disclosure will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
Attached drawing is and to constitute part of specification for providing further understanding of the disclosure, with following tool
Body embodiment is used to explain the disclosure together, but does not constitute the limitation to the disclosure.In the accompanying drawings:
Fig. 1 is a kind of method flow diagram for generating two dimensional code shown according to an exemplary embodiment.
Fig. 2 is a kind of method flow diagram for verifying two dimensional code shown according to an exemplary embodiment.
Fig. 3 is a kind of method flow diagram for verifying two dimensional code shown according to an exemplary embodiment.
Fig. 4 is the method signaling diagram of a kind of generation shown according to an exemplary embodiment and verifying two dimensional code.
Fig. 5 is a kind of device block diagram for generating two dimensional code shown according to an exemplary embodiment.
Fig. 6 is a kind of device block diagram for verifying two dimensional code shown according to an exemplary embodiment.
Specific embodiment
It is described in detail below in conjunction with specific embodiment of the attached drawing to the disclosure.It should be understood that this place is retouched
The specific embodiment stated is only used for describing and explaining the disclosure, is not limited to the disclosure.
Fig. 1 is a kind of method flow diagram for generating two dimensional code shown according to an exemplary embodiment, the method application
End is generated in two dimensional code, which comprises
S11 obtains application data information, the digital certificate information for generating end, and the corresponding digital certificate
Private key.
Optionally, the digital certificate information is the digital certificate for generating end, alternatively, the digital certificate information is
Index information of the digital certificate for generating end in certification authority.
The index information is for making two dimensional code verifying end obtain the corresponding number of the index information from the certification authority
Word certificate.
In a kind of optional embodiment, used Digital Signature Algorithm is SM2 Digital Signature Algorithm, number label
Name result is 32 bytes.SM2 Digital Signature Algorithm and SM2 parameter of curve can be found in the publication of national Password Management office " SM2 is ellipse
Circular curve public key algorithm " (GM/T 0003-2012) standard.
Two dimensional code verifying end is in the number for carrying out needing to generate end with two dimensional code during the digital signature authentication of two dimensional code
Certificate.Since digital certificate data amount is relatively large, if two dimensional code provides the partial data information of digital certificate, two dimension will lead to
Area is larger be inconvenient to apply for code, and the digital certificate that therefore, in two dimensional code can only store two dimensional code generation end indexes.Two dimensional code
Verifying end needs to be indexed according to the digital certificate in two dimensional code from LDAP (Lightweight Directory Access
Protocol, LDAP) digital certificate files that downloading two dimensional code generates end are serviced, and to digital certificate
Whether validity, credit are nullified and are verified, and extract after being verified the public key in digital certificate again to two-dimentional yardage
Word signature is verified.
S12 carries out signature processing to the application data information by the private key, obtains digital signature information.
S13, is based on the application data information, and the digital signature information and the digital certificate information generate two dimension
Code.
In this way, two dimensional code verifying end meets lawful condition and digital signature letter in the verifying digital certificate information
Cease it is legal in the case where, determine that the two dimensional code is credible.
Optionally, described to be based on the application data information, the digital signature information and the digital certificate information are raw
At two dimensional code, comprising: be based on the application data information, the digital signature information and the digital certificate information, edit net
Network link address information;The two dimensional code is generated based on the network connection address information.
Application data information, the organizational form of the digital signature information and the digital certificate information in two dimensional code with
The mode tissue of http or https link, such as http://www.xxx.com/? dt=D&sn=S&ci=L.
In the specific implementation, two dimensional code generation end possesses the third party CA (Certificate from authorized by state
Authority, certification authority) mechanism sign and issue for confirming the digital certificate of identity, and it is corresponding with digital certificate
Private key.Correspondingly, two dimensional code verifying end possesses the CA root certificate for generating the corresponding third party CA in end mechanism with two dimensional code, the CA root
Certificate is used to verify the credibility for the digital certificate that the CA mechanism is signed and issued, to confirm that two dimensional code generates the credible of the digital certificate at end
Property and identity.In addition, third party CA mechanism provides LDAP (Lightweight Directory Access Protocol, light weight
Grade directory access protocol) digital certificate issuing service or other certificate query download services and OCSP (Online
Certificate Status Protocol, online certificate status protocol) digital certificate status query service.
Based on this, two dimensional code is generated end and can be signed based on the private key of corresponding digital certificate, application data information
Processing, obtains digital signature information.Correspondingly, the two dimensional code verifying end public key verifications of corresponding digital certificate digital signature
Information is verified, then illustrates that the application message received is completely, not modified in transmission process;Otherwise, illustrate to receive
To application message be modified.Based on this, two dimensional code verifying end can be verified to scan the two-dimensional code and be obtained by digital signature information
The integrality of the application message taken.
Above-mentioned technical proposal, by obtaining application data information, corresponding two dimensional code generates the digital certificate information that end possesses,
And the private key of the corresponding digital certificate, then signature processing is carried out to the application data information by the private key, it obtains
Digital signature information is further based on the application data information, the digital signature information and the digital certificate information
Two dimensional code is generated, so that two dimensional code verifying end meets lawful condition and the digital signature in the verifying digital certificate information
In the case that information is legal, determine that the two dimensional code is credible.
It is worth noting that two dimensional code in the related technology does not have the function of trust authentication, anyone can be given birth to
It is scanned at two dimensional code for other people, especially generates the illegal two dimensional code for having malicious intentions.Electronic equipment scanning is this illegal
Digital information is revealed after two dimensional code.In addition, the identity that two dimensional code generates end not can be traced.Through the above technical solutions, two dimensional code
It generates end and certification is digitally signed to two dimensional code, the digital certificate that end is generated by obtaining two dimensional code generates end to two dimensional code
Identity is verified, to verify the confidence level of two dimensional code, improves the safety that two dimensional code uses.
Fig. 2 is a kind of method flow diagram for verifying two dimensional code shown according to an exemplary embodiment, the method application
In two dimensional code verifying end, which comprises
S21 is scanned the two-dimensional code, to extract the application data information carried in the two dimensional code, digital signature information sum number
Word certificate information.
In a kind of optional embodiment, used Digital Signature Algorithm is SM2 Digital Signature Algorithm, number label
Name result is 32 bytes.SM2 Digital Signature Algorithm and SM2 parameter of curve can be found in the publication of national Password Management office " SM2 is ellipse
Circular curve public key algorithm " (GM/T 0003-2012) standard.
S22, judges whether digital certificate information meets well-formedness condition.
Optionally, the digital certificate information is the digital certificate in the index information of certification authority, and the method is also
It include: to obtain the corresponding digital certificate of the index information from certification authority.
Two dimensional code verifying end is in the number for carrying out needing to generate end with two dimensional code during the digital signature authentication of two dimensional code
Certificate.Since digital certificate data amount is relatively large, if two dimensional code provides the partial data information of digital certificate, two dimension will lead to
Area is larger be inconvenient to apply for code, and the digital certificate that therefore, in two dimensional code can only store two dimensional code generation end indexes.Two dimensional code
Verifying end needs to be indexed according to the digital certificate in two dimensional code from LDAP (Lightweight Directory Access
Protocol, LDAP) digital certificate files that downloading two dimensional code generates end are serviced, and to digital certificate
Whether validity, credit are nullified and are verified, and extract after being verified the public key in digital certificate again to two-dimentional yardage
Word signature is verified.
S23 passes through public key in digital certificate and institute in the case where the digital certificate information meets well-formedness condition
State the legitimacy that application data information verifies the digital signature information.
Judge whether the digital certificate meets well-formedness condition specifically, described, comprising: judge that the digital certificate is
No to meet the digital certificate before the deadline, whether the digital certificate is demonstrate,proved by the number that the two dimensional code verifying end stores
The credit of book root certificate is verified and whether the digital certificate is nullified.
S24 determines that the two dimensional code is credible in the case where the digital signature information is legal.
Conversely, in the case where the digital certificate information does not meet well-formedness condition, and/or, the digital signature letter
It ceases in illegal situation, determines that the two dimensional code is insincere.
In the specific implementation, two dimensional code generation end possesses the third party CA (Certificate from authorized by state
Authority, certification authority) mechanism sign and issue for confirming the digital certificate of identity, and it is corresponding with digital certificate
Private key.Correspondingly, two dimensional code verifying end possesses the CA root certificate for generating the identical third party CA in end mechanism with two dimensional code, the CA root
Certificate is used to verify the credibility for the digital certificate that the CA mechanism is signed and issued, to confirm that two dimensional code generates the credible of the digital certificate at end
Property and identity.In addition, third party CA mechanism provides LDAP (Lightweight Directory Access Protocol, light weight
Grade directory access protocol) digital certificate issuing service or other certificate query download services and OCSP (Online
Certificate Status Protocol, online certificate status protocol) digital certificate status query service.
Based on this, two dimensional code is generated end and can be signed based on the private key of corresponding digital certificate, application data information
Processing, obtains digital signature information.Correspondingly, the two dimensional code verifying end public key verifications of corresponding digital certificate digital signature
Information is verified, then illustrates that the application message received is completely, not modified in transmission process;Otherwise, illustrate to receive
To application message be modified.Based on this, two dimensional code verifying end can be verified to scan the two-dimensional code and be obtained by digital signature information
The integrality for the application message got.
Above-mentioned technical proposal, by obtaining application data information, corresponding two dimensional code generates the digital certificate information that end possesses,
And the private key of the corresponding digital certificate, then signature processing is carried out to the application data information by the private key, it obtains
Digital signature information is further based on the application data information, the digital signature information and the digital certificate information
Two dimensional code is generated, so that two dimensional code verifying end meets lawful condition and the digital signature in the verifying digital certificate information
In the case that information is legal, determine that the two dimensional code is credible.
It is worth noting that two dimensional code in the related technology does not have the function of trust authentication, anyone can be given birth to
It is scanned at two dimensional code for other people, especially generates the illegal two dimensional code for having malicious intentions.Electronic equipment scanning is this illegal
Digital information is revealed after two dimensional code.In addition, the identity that two dimensional code generates end not can be traced.Through the above technical solutions, two dimensional code
It generates end and certification is digitally signed to two dimensional code, the digital certificate that end is generated by obtaining two dimensional code generates end to two dimensional code
Identity is verified, to verify the confidence level of two dimensional code, improves the safety that two dimensional code uses.
Fig. 3 is a kind of method flow diagram for verifying two dimensional code shown according to an exemplary embodiment, the method application
In two dimensional code verifying end, which comprises
S31 is scanned the two-dimensional code.
S32 extracts the application data information carried in the two dimensional code, digital signature information and digital certificate information,
Described in digital certificate information include index information of the digital certificate in certification authority.
S33 obtains the corresponding digital certificate of the index information from certification authority according to index information.
Before the deadline whether S34 check the digital certificate.
If not before the deadline, output error instruction, verifying process terminates the digital certificate;If the digital certificate
Not before the deadline, S35 is thened follow the steps.
Whether S35 passes through verifying according to the credit that the digital certificate root certificate being locally stored verifies the digital certificate.
Output error instructs if the credit verifying of the digital certificate does not pass through, and verifying process terminates;If verifying is logical
It crosses and thens follow the steps S36.
Step 36, whether nullified by digital certificate described in connection OCSP service-seeking.
Output error instructs if the digital certificate is nullified, and verifying process terminates;If the digital certificate is not nullified
Execute step S37.
Step 37, pass through the public key and the application data information verifying digital signature information in the digital certificate
It is whether legal.
It is worth noting that if can be restored from the digital signature information by the public key in the digital certificate
Out with the consistent information of the application data information, then it is complete that explanation, which scans the two-dimensional code resulting application data information,.
If the digital signature is illegal, output error instruction, verifying process terminates;If the digital signature is legal,
Then follow the steps S38.
S38 determines that the two dimensional code is credible, and the identity information at two dimensional code generation end is extracted from the digital certificate.
S39 generates the identity information at end by the two dimensional code and the application data information enters next step business behaviour
Make process.
This programme can be applied to any application scenarios that network service is carried out using two dimensional code, and especially two dimensional code payment is answered
Use scene.It does below by an exemplary embodiment with explanation.
In the related art, the payment of Third-party payment, transfer accounts by network.It is applied to simplify, application data information,
The organizational form of digital signature information and digital certificate information in two dimensional code tissue in such a way that http or https is linked,
Such as http://www.xxx.com/? dt=D&sn=S&ci=L.
If application scenarios are that client is scanned the two-dimensional code by the Third-party payment App of electronic equipment, electronic equipment can
To parse the two dimensional code of scanning, and application data information, digital signature information and number card are obtained by scanning resulting parameter
Letter breath.When digital certificate information is the index information of digital certificate, LDAP can also be provided from third party CA mechanism
(Lightweight Directory Access Protocol, LDAP) digital certificate issuing service or
Other certificate query download service downloading digital certificates then carry out two dimensional code reliability demonstration.
If application scenarios are that client is scanned the two-dimensional code by the browser or other application of electronic equipment.Then electronics is set
It is standby can website platform entrance judge scanning two dimensional code source;If the two dimensional code corresponds to the App of Third-party payment,
The Third-party payment App page is jumped to, or when the Third-party payment App page can not be jumped to, sending is used to indicate user
Download the prompt of Third-party payment App.
If the corresponding network address content of two dimensional code is replaced, by that can be jumped to not when Third-party payment App scanning
The page, user can pass through naked eyes identify.In addition, can directly judge whether top-level domain is legal when Third-party payment App.Such as
Initial data or signature section in fruit network linking are modified, then can be easy to check by verifying digital certificate come two-dimentional
Code is insincere.
Fig. 4 is the method signaling diagram of a kind of generation shown according to an exemplary embodiment and verifying two dimensional code.It is related to angle
Color has: merchant tenninal, Third-party payment platform, user terminal.In the present embodiment, two dimensional code is temporarily to generate, and is disposable
Two dimensional code.The described method includes:
S41, merchant tenninal initiate receipt and payment to Third-party payment platform according to relevant informations such as transaction amount, commodity, trade companies
Money request.
S42, Third-party payment platform determine the application data letter for needing to be stored in two dimensional code according to the request data received
Breath.
S43, Third-party payment platform are signed with the corresponding private key application data information of the digital certificate of itself, raw
At digital signature information.
S44, Third-party payment platform obtain index information of the digital certificate of itself in LDAP.
Application data information, digital signature information and index information are incorporated into network linking by S45, Third-party payment platform,
And the network linking address research content is generated into two dimensional code.
The two dimensional code of generation is sent to merchant tenninal by S46, Third-party payment platform.
If user's selection can terminate this payment using other means of payment, the operators of merchant tenninal such as cashes
Process.
The operation of user terminal execution is explained in detail below.
S47, user terminal scan the two dimensional code that merchant tenninal is shown by Third-party payment App.
S48, user terminal extract application data information, digital signature by Third-party payment App from the two dimensional code
The index information of information and digital certificate.
S49, user terminal download Third-party payment platform according to the index information of digital certificate by Third-party payment App
Digital certificate.
Whether before the deadline S50, user terminal check the digital certificate by Third-party payment App.
If the digital certificate not before the deadline if output error instruct, verifying process terminate;Otherwise, it performs the next step
Suddenly.
S51, user terminal pass through credit of the Third-party payment App according to the CA root certificate being locally stored to digital certificate
It verifies.
If the credit verifying of the digital certificate does not pass through, output error instruction, verifying process terminates;Otherwise, it holds
Row next step.
Whether S52, user terminal are nullified by Third-party payment App connection OCSP service-seeking digital certificate.
If digital certificate is nullified, output error instruction, verifying process terminates;Otherwise, it performs the next step rapid.
S53, user terminal obtain the public key in digital certificate by Third-party payment App, by public key and apply data
Information verifies digital signature information.
If not passing through to digital signature information verifying signature, output error instruction, verifying process terminates.Otherwise, it executes
Next step.Above-mentioned output error instruction, verifying process terminates, that is to say, the two dimensional code that bright user terminal scans can not
Letter.
S54, user terminal extract two dimensional code by Third-party payment App from digital certificate and generate square end identity information.
S55, user terminal generate the identity information and application data information at end by Third-party payment App according to two dimensional code
Complete payment and other transaction flows.
Specifically, user terminal will be paid and the data information of transaction is uploaded to Third-party payment platform, Third-party payment
Platform will record the data information of payment and transaction, and after the completion of transaction flow, execute following operation.
S56, Third-party payment platform recall the two dimensional code of merchant tenninal displaying.
Above-mentioned technical proposal, by obtaining application data information, corresponding two dimensional code generates the digital certificate information that end possesses,
And the private key of the corresponding digital certificate, then signature processing is carried out to the application data information by the private key, it obtains
Digital signature information is further based on the application data information, the digital signature information and the digital certificate information
Two dimensional code is generated, so that two dimensional code verifying end meets lawful condition and the digital signature in the verifying digital certificate information
In the case that information is legal, determine that the two dimensional code is credible.
It is worth noting that two dimensional code in the related technology does not have the function of trust authentication, anyone can be given birth to
It is scanned at two dimensional code for other people, especially generates the illegal two dimensional code for having malicious intentions.Electronic equipment scanning is this illegal
Digital information is revealed after two dimensional code.In addition, the identity that two dimensional code generates end not can be traced.Through the above technical solutions, two dimensional code
It generates end to need to be digitally signed two dimensional code certification, the digital certificate that end is generated by obtaining two dimensional code generates two dimensional code
The identity at end is verified, to verify the confidence level of two dimensional code, improves the safety that two dimensional code uses.
Fig. 5 is a kind of 500 block diagram of device for generating two dimensional code shown according to an exemplary embodiment.Described device 500
End is generated applied to two dimensional code, described device 500 includes:
Module 510 is obtained, for obtaining application data information, the digital certificate information for generating end, and corresponding institute
State the private key of digital certificate;
Digital Signature module 520 is counted for carrying out signature processing to the application data information by the private key
Word signing messages;
Generation module 530, for being based on the application data information, the digital signature information and digital certificate letter
Breath generates two dimensional code.
Optionally, the digital certificate information is the digital certificate for generating end, alternatively, the digital certificate information is
Index information of the digital certificate for generating end in certification authority.
Optionally, it is based on the application data information, the generation module 530 is used for:
Based on the application data information, the digital signature information and the digital certificate information, editing network link
Address information;
The two dimensional code is generated based on the network connection address information.
Fig. 6 is a kind of 600 block diagram of device for verifying two dimensional code shown according to an exemplary embodiment.Described device 600
Applied to the verifying end of two dimensional code, described device 600 includes:
Scan module 610, for scanning the two-dimensional code, to extract the application data information carried in the two dimensional code, number
Signing messages and digital certificate information;
Judgment module 620, for judging whether digital certificate information meets well-formedness condition;
Authentication module 630, for passing through digital certificate in the case where the digital certificate information meets well-formedness condition
In public key and the application data information verify the legitimacy of the digital signature information;
Determining module 640, for determining that the two dimensional code is credible in the case where the digital signature information is legal.
Optionally, the digital certificate information is the digital certificate in the index information of certification authority, and described device is also
Including enquiry module, for obtaining the corresponding digital certificate of the index information from certification authority.
Optionally, the well-formedness condition, comprising:
The digital certificate is in validity period of certificate, and the digital certificate is demonstrate,proved by the number that the verifying end stores
The credit of book root certificate is verified, and the digital certificate is not nullified.
About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method
Embodiment in be described in detail, no detailed explanation will be given here.
The embodiment of the present disclosure provides a kind of computer readable storage medium, is stored thereon with computer program, the program quilt
The step of method for generating two dimensional code is realized when processor executes.
The embodiment of the present disclosure provides a kind of electronic equipment, comprising:
Memory is stored thereon with computer program;
Processor generates the method for two dimensional code for executing the computer program in the memory with realization
Step.
The embodiment of the present disclosure provides a kind of computer readable storage medium, is stored thereon with computer program, the program quilt
The step of method of verifying two dimensional code is realized when processor executes.
The embodiment of the present disclosure provides a kind of electronic equipment, comprising:
Memory is stored thereon with computer program;
Processor, for executing the computer program in the memory, in the method for realization verifying two dimensional code
Step.
Above-mentioned technical proposal, by obtaining application data information, corresponding two dimensional code generates the digital certificate information that end possesses,
And the private key of the corresponding digital certificate, then signature processing is carried out to the application data information by the private key, it obtains
Digital signature information is further based on the application data information, the digital signature information and the digital certificate information
Two dimensional code is generated, so that two dimensional code verifying end meets lawful condition and the digital signature in the verifying digital certificate information
In the case that information is legal, determine that the two dimensional code is credible.
It is worth noting that two dimensional code in the related technology does not have the function of trust authentication, anyone can be given birth to
It is scanned at two dimensional code for other people, especially generates the illegal two dimensional code for having malicious intentions.Electronic equipment scanning is this illegal
Digital information is revealed after two dimensional code.In addition, the identity that two dimensional code generates end not can be traced.Through the above technical solutions, two dimensional code
It generates end to need to be digitally signed two dimensional code certification, the digital certificate that end is generated by obtaining two dimensional code generates two dimensional code
The identity at end is verified, to verify the confidence level of two dimensional code, improves the safety that two dimensional code uses.
The preferred embodiment of the disclosure is described in detail in conjunction with attached drawing above, still, the disclosure is not limited to above-mentioned reality
The detail in mode is applied, in the range of the technology design of the disclosure, a variety of letters can be carried out to the technical solution of the disclosure
Monotropic type, these simple variants belong to the protection scope of the disclosure.
It is further to note that specific technical features described in the above specific embodiments, in not lance
In the case where shield, can be combined in any appropriate way, in order to avoid unnecessary repetition, the disclosure to it is various can
No further explanation will be given for the combination of energy.
In addition, any combination can also be carried out between a variety of different embodiments of the disclosure, as long as it is without prejudice to originally
Disclosed thought equally should be considered as disclosure disclosure of that.
Claims (16)
1. a kind of method for generating two dimensional code, which is characterized in that the method is applied to two dimensional code and generates end, the method packet
It includes:
Obtain application data information, the digital certificate information for generating end, and the private key of the corresponding digital certificate;
Signature processing is carried out to the application data information by the private key, obtains digital signature information;
Based on the application data information, the digital signature information and the digital certificate information generate two dimensional code.
2. the method according to claim 1 for generating two dimensional code, which is characterized in that the digital certificate information is the life
The digital certificate of Cheng Duan, alternatively, the digital certificate information is that the digital certificate for generating end is believed in the index of certification authority
Breath.
3. the method according to claim 1 or 2 for generating two dimensional code, which is characterized in that it is based on the application data information,
The digital signature information and the digital certificate information generate two dimensional code, comprising:
Based on the application data information, the digital signature information and the digital certificate information, editing network chained address
Information;
The two dimensional code is generated based on the network connection address information.
4. a kind of method for verifying two dimensional code, which is characterized in that the method is applied to the verifying end of two dimensional code, the method packet
It includes:
It scans the two-dimensional code, to extract the application data information carried in the two dimensional code, digital signature information and digital certificate letter
Breath;
Judge whether digital certificate information meets well-formedness condition;
In the case where the digital certificate information meets well-formedness condition, pass through the public key and the application number in digital certificate
According to the legitimacy of digital signature information described in Information Authentication;
In the case where the digital signature information is legal, determine that the two dimensional code is credible.
5. the method for verifying two dimensional code according to claim 4, which is characterized in that the digital certificate information is the number
Word certificate certification authority index information, the method also includes:
The corresponding digital certificate of the index information is obtained from certification authority.
6. the method for verifying two dimensional code according to claim 4 or 5, which is characterized in that the well-formedness condition, comprising:
The digital certificate is in validity period of certificate, and the digital certificate root that the digital certificate is stored by the verifying end
The credit of certificate is verified, and the digital certificate is not nullified.
7. a kind of device for generating two dimensional code, which is characterized in that described device is applied to two dimensional code and generates end, described device packet
It includes:
Module is obtained, for obtaining application data information, the digital certificate information for generating end, and the corresponding number card
The private key of book;
Digital Signature module obtains digital signature for carrying out signature processing to the application data information by the private key
Information;
Generation module, for being based on the application data information, the digital signature information and the digital certificate information are generated
Two dimensional code.
8. the device according to claim 7 for generating two dimensional code, which is characterized in that the digital certificate information is the life
The digital certificate of Cheng Duan, alternatively, the digital certificate information is that the digital certificate for generating end is believed in the index of certification authority
Breath.
9. the device according to claim 7 or 8 for generating two dimensional code, which is characterized in that it is based on the application data information,
The generation module, is used for:
Based on the application data information, the digital signature information and the digital certificate information, editing network chained address
Information;
The two dimensional code is generated based on the network connection address information.
10. a kind of device for verifying two dimensional code, which is characterized in that described device is applied to the verifying end of two dimensional code, described device
Include:
Scan module, for scanning the two-dimensional code, to extract the application data information carried in the two dimensional code, digital signature information
And digital certificate information;
Judgment module, for judging whether digital certificate information meets well-formedness condition;
Authentication module, for passing through the public affairs in digital certificate in the case where the digital certificate information meets well-formedness condition
Key and the application data information verify the legitimacy of the digital signature information;
Determining module, for determining that the two dimensional code is credible in the case where the digital signature information is legal.
11. the device of verifying two dimensional code according to claim 10, which is characterized in that the digital certificate information is described
For digital certificate in the index information of certification authority, described device further includes enquiry module, for obtaining the rope from certification authority
Fuse ceases corresponding digital certificate.
12. the device of two dimensional code is verified described in 0 or 11 according to claim 1, which is characterized in that the well-formedness condition, packet
It includes:
The digital certificate is in validity period of certificate, and the digital certificate root that the digital certificate is stored by the verifying end
The credit of certificate is verified, and the digital certificate is not nullified.
13. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor
The step of any one of claim 1-3 the method is realized when execution.
14. a kind of electronic equipment characterized by comprising
Memory is stored thereon with computer program;
Processor, for executing the computer program in the memory, to realize described in any one of claim 1-3
The step of method.
15. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor
The step of any one of claim 4-6 the method is realized when execution.
16. a kind of electronic equipment characterized by comprising
Memory is stored thereon with computer program;
Processor, for executing the computer program in the memory, to realize described in any one of claim 4-6
The step of method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810911749.XA CN109379181A (en) | 2018-08-10 | 2018-08-10 | It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810911749.XA CN109379181A (en) | 2018-08-10 | 2018-08-10 | It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109379181A true CN109379181A (en) | 2019-02-22 |
Family
ID=65404638
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810911749.XA Pending CN109379181A (en) | 2018-08-10 | 2018-08-10 | It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109379181A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112070490A (en) * | 2020-08-20 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system based on two-dimension code |
| CN112070492A (en) * | 2020-08-20 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system |
| CN113676332A (en) * | 2021-08-20 | 2021-11-19 | 平安科技(深圳)有限公司 | Two-dimensional code authentication method, communication device and storage medium |
| CN114143010A (en) * | 2021-11-25 | 2022-03-04 | 上海派拉软件股份有限公司 | Digital certificate acquisition method, device, terminal, system and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103559526A (en) * | 2013-10-31 | 2014-02-05 | 北京天威诚信电子商务服务有限公司 | Method and system for generation and verification of two-dimensional code |
| CN103839097A (en) * | 2014-03-20 | 2014-06-04 | 武汉信安珞珈科技有限公司 | Method and device for generating two-dimension code based on digital signature |
| CN104008322A (en) * | 2014-06-14 | 2014-08-27 | 河南融信数据有限公司 | Two-dimension code publisher identity authentication method based on reliable digital signature |
| CN106452756A (en) * | 2016-11-08 | 2017-02-22 | 王栋 | Construction verification method and device capable of verifying security two-dimensional code offline |
| CN106899570A (en) * | 2016-12-14 | 2017-06-27 | 阿里巴巴集团控股有限公司 | The processing method of Quick Response Code, apparatus and system |
| CN107835079A (en) * | 2017-11-02 | 2018-03-23 | 广州佳都数据服务有限公司 | A kind of two-dimentional code authentication method and equipment based on digital certificate |
-
2018
- 2018-08-10 CN CN201810911749.XA patent/CN109379181A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103559526A (en) * | 2013-10-31 | 2014-02-05 | 北京天威诚信电子商务服务有限公司 | Method and system for generation and verification of two-dimensional code |
| CN103839097A (en) * | 2014-03-20 | 2014-06-04 | 武汉信安珞珈科技有限公司 | Method and device for generating two-dimension code based on digital signature |
| CN104008322A (en) * | 2014-06-14 | 2014-08-27 | 河南融信数据有限公司 | Two-dimension code publisher identity authentication method based on reliable digital signature |
| CN106452756A (en) * | 2016-11-08 | 2017-02-22 | 王栋 | Construction verification method and device capable of verifying security two-dimensional code offline |
| CN106899570A (en) * | 2016-12-14 | 2017-06-27 | 阿里巴巴集团控股有限公司 | The processing method of Quick Response Code, apparatus and system |
| CN107835079A (en) * | 2017-11-02 | 2018-03-23 | 广州佳都数据服务有限公司 | A kind of two-dimentional code authentication method and equipment based on digital certificate |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112070490A (en) * | 2020-08-20 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system based on two-dimension code |
| CN112070492A (en) * | 2020-08-20 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system |
| CN112070490B (en) * | 2020-08-20 | 2022-03-25 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system based on two-dimension code |
| CN112070492B (en) * | 2020-08-20 | 2022-03-25 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system |
| CN113676332A (en) * | 2021-08-20 | 2021-11-19 | 平安科技(深圳)有限公司 | Two-dimensional code authentication method, communication device and storage medium |
| CN113676332B (en) * | 2021-08-20 | 2022-11-04 | 平安科技(深圳)有限公司 | Two-dimensional code authentication method, communication device and storage medium |
| CN114143010A (en) * | 2021-11-25 | 2022-03-04 | 上海派拉软件股份有限公司 | Digital certificate acquisition method, device, terminal, system and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104838629B (en) | Use mobile device and the method and system that are authenticated by means of certificate to user | |
| CN104969528B (en) | Determine the inquiry system and method for authentication function | |
| CN109379181A (en) | It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment | |
| CN105591744B (en) | A kind of genuine cyber identification authentication method and system | |
| US8151326B2 (en) | Using audio in N-factor authentication | |
| KR101019458B1 (en) | Extended onetime password method and apparatus | |
| CN109409876A (en) | Electronic contract signature method, apparatus, equipment and storage medium based on block chain | |
| CN104283886B (en) | A kind of implementation method of the web secure access based on intelligent terminal local authentication | |
| US20090234760A1 (en) | Transaction authorisation system and method | |
| CN112953970B (en) | Identity authentication method and identity authentication system | |
| CN101682509A (en) | Use biologicall test to represent to come identity tokens | |
| Hammood et al. | A review of user authentication model for online banking system based on mobile IMEI number | |
| CN109165934A (en) | A kind of secured mobile payment method and system based on id password | |
| CN108900561A (en) | The method, apparatus and system of single-sign-on | |
| US11968195B2 (en) | Email-based authentication for sign in and security | |
| CN110445805A (en) | A kind of false-proof authentication system and method for two dimensional code | |
| CN104657860A (en) | Mobile banking security authentication method | |
| Berbecaru et al. | On enabling additional natural person and domain-specific attributes in the eIDAS network | |
| Pangan et al. | Authenticating data transfer using RSA-generated QR codes | |
| Jøsang et al. | Trust management for e-commerce | |
| Al Fairuz et al. | Multi-channel, Multi-level Authentication for More Secure eBanking. | |
| RU50325U1 (en) | SYSTEM OF IMPLEMENTATION OF A MULTI-FACTOR STRICT AUTHENTICATION OF A BANK CARD HOLDER USING A MOBILE PHONE IN A MOBILE COMMUNICATION IMPLEMENTATION AT THE IMPLEMENTATION OF AN INTERBANK TRANSPORT FRENCH FRIENDS. | |
| CN105429986B (en) | A kind of system of genuine cyber identification verifying and secret protection | |
| CN109658041A (en) | Generating means and its generation method, the equipment and readable storage medium storing program for executing of file | |
| KR101591909B1 (en) | Method for providing electronic power of attorney with voice consent file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190222 |