CN109726573B - Method for realizing signature through script device and script device - Google Patents
Method for realizing signature through script device and script device Download PDFInfo
- Publication number
- CN109726573B CN109726573B CN201811629444.6A CN201811629444A CN109726573B CN 109726573 B CN109726573 B CN 109726573B CN 201811629444 A CN201811629444 A CN 201811629444A CN 109726573 B CN109726573 B CN 109726573B
- Authority
- CN
- China
- Prior art keywords
- parameter
- browser
- signature
- upper layer
- script
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Stored Programmes (AREA)
- Lock And Its Accessories (AREA)
Abstract
The invention discloses a method and a device for realizing signature through a script device. The method for realizing the signature through the script device comprises the following steps: the script device generates a second parameter required by calling a credential creating interface of the browser; calling a credential creating interface of the browser, and sending the second parameter to the key device through the browser; and receiving and analyzing first response data returned by the key device through the browser to obtain a signature value. In the process of realizing the signature by the method, various middleware does not need to be installed, so that the link of the middleware is omitted, and the cross-platform signature operation is realized.
Description
Technical Field
The present invention relates to the field of information security, and in particular, to a method for implementing a signature by using a script device and a script device.
Background
At present, different middleware is required to be installed when the signature function is realized through different browsers and intelligent key equipment together, and communication between the browsers and the intelligent key equipment cannot be realized through unified middleware.
Disclosure of Invention
In order to solve the above technical problems, the present invention provides a method for implementing signature by using a script device and a script device.
A method for realizing signature through a script device comprises the following steps:
step 101: the script device generates a second parameter required by calling a credential creating interface of the browser; the second parameters comprise relying party information, user information, a challenge code, a first public key certificate parameter, a blacklist and a first extension parameter;
step 102: the script device calls a voucher creating interface of the browser and sends the second parameter to the key equipment through the browser;
step 103: the script device receives first response data returned by the key device through the browser, analyzes the first response data to obtain a relying party information hash value, a certificate identifier, a first public key, a second extended parameter and a certificate chain, and analyzes the second extended parameter to obtain a signature value.
A scripting device, comprising:
the generating module is used for generating a second parameter required by the establishment of the voucher interface of the calling browser; the second parameters comprise relying party information, user information, a challenge code, a first public key certificate parameter, a blacklist and a first extension parameter;
the calling module is used for calling a voucher creating interface of the browser;
the sending module is used for sending the second parameter to the key device through the browser;
the receiving module is used for receiving first response data returned by the key equipment through the browser;
and the analysis module is used for analyzing the first response data to obtain a relying party information hash value, a certificate identifier, a first public key, a second expansion parameter and a certificate chain, and analyzing the second expansion parameter to obtain a signature value.
The invention has the beneficial effects that: the invention provides a method for realizing signature through a script device and the script device, which do not need to install various middleware in the process of realizing signature, save the link of the middleware and realize cross-platform signature operation.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a method for implementing signature by a script device according to embodiment 1 of the present invention;
fig. 2 is a flowchart of verifying a personal authentication code in a method for implementing a signature by a script device according to embodiment 2 of the present invention;
fig. 3 is a method for implementing signature by a script device according to embodiment 2 of the present invention;
fig. 4 is a block diagram of a script device according to embodiment 3 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
A method for implementing signature by script device, as shown in fig. 1, includes the following steps:
step 101: the script device generates a second parameter required by calling a credential creating interface of the browser;
specifically, the second parameter includes relying party information, user information, a challenge code, a first public key certificate parameter, a blacklist and a first extended parameter;
step 102: the script device calls a voucher creating interface of the browser and sends the second parameter to the key equipment through the browser;
step 103: the script device receives first response data returned by the key device through the browser, analyzes the first response data to obtain a relying party information hash value, a certificate identifier, a first public key, a second extended parameter and a certificate chain, and analyzes the second extended parameter to obtain a signature value.
In this embodiment, step 101 may further include step 100: when a signature interface of the script device is called by an upper layer, the script device receives a first parameter sent by the upper layer, wherein the first parameter comprises: key type and signature algorithm, signature plaintext.
In this embodiment, step 101 further includes: the script device generates a first extension parameter according to the first parameter.
In this embodiment, the generating, by the script device, the first extended parameter according to the first parameter specifically includes: the script device combines the signature operation instruction and the first parameter to obtain a first extended parameter.
Step 103 is followed by step 104: the script device transmits the signature value to the upper layer.
In this embodiment, after step 103 and before step 104, the method further includes: the script device uses the preset server certificate to verify whether the certificate in the certificate chain is legal, if so, step 104 is executed, and if not, error information is returned to the upper layer.
In this embodiment, step 101 further includes the following steps:
step 101': the script device is called by the upper layer to verify the personal verification code interface and receives the personal verification code value sent by the upper layer;
102', the script device composes a third parameter required for calling a voucher creating interface of the browser according to the personal authentication code value;
step 103': the script device calls a voucher creating interface of the browser and sends the third parameter to the intelligent key equipment through the browser;
step 104': the script device receives second response data returned by the intelligent key equipment through the browser, and analyzes the second response data to obtain a verification result;
step 105': the script device sends the verification result to the upper layer.
In this embodiment, the verification result is specifically a status code indicating successful verification, and the script device executes step 101 after transmitting the status code indicating successful verification to the upper layer in step 105'.
Example 2
The embodiment provides a method for implementing a signature through a script device, as shown in fig. 2, which specifically includes the following steps:
step 201, the script device is called by the upper layer to the signature interface, and receives the first parameter sent by the upper layer: key type and signature algorithm, signature original text;
specifically, in the first parameter, the signature interface specifically includes: makeSign ();
the key types are specifically: "ecc";
the signature algorithm specifically comprises: -7(ES 256);
the signature original text specifically comprises:
"SignData":h'03AC674216F3E15C761EE1A5E255F067953623C8B388B4459E13F978D7C846F4';
step 202, the script device generates a second parameter required by the establishment of a voucher interface of the calling browser;
in this implementation, the credential creation interface of the browser specifically includes: creator create ();
specifically, the second parameters required for calling the credential interface to be created are relying party information, user information, a challenge code, a first public key credential parameter, a blacklist and a first extended parameter;
in this embodiment, the relying party information is specifically: { "id": yiffsafe.colloidal. com "," name ": yiffsafe.colloidal. com" };
the user information is specifically: { "id": h '03AC674216F3E15C761EE1A5E255F067953623C8B388B4459E13F978D7C846F4', "icon": https:// www.ftsafe.com ', "name": ChenQi @ yiffsafe. Microsoft. com', "displayName": ChenQi "}
In this embodiment, the challenge code is a preset static value, and specifically, the preset challenge code is:
h'687134968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141'
the first public key credential parameter is specifically: { "type": public-key "," alg ": 7 }; the black list specifically includes: null.
In this implementation, the challenge code may also be generated according to information input by the user, for example: generating a 32-byte challenge code according to the control inputdata information, specifically:
var clientData=document.getElementById("inputdata");
var challenge=Uint8Array.from(clientData,c=>c.charCodeAt(0));
the script device generates a first extended parameter according to the first parameter, and specifically, the script device combines the signature operation instruction and the first parameter to obtain the first extended parameter.
Specifically, the signature operation command is: 0x 0A;
in this step, the signature operation instruction 0x0A and the first parameter { "index":1, "alg": 7, "type": ecc "," SignData ": h '03AC674216F3E15C761EE1A5E255F067953623C8B388B4459E13F978D7C846F4' } constitute the first extended parameter {" cmd ": h '0A'," index ":1," type ": ecc", "alg": 7, "SignData": h '03AC674216F3E15C EE1A5E255F067953623C8B388B4459E13F978D7C846F4' }
Step 203, the script device calls a credential creating interface of the browser and sends the second parameter to the key device through the browser;
in this step, the script device assigns the second parameter
Public key {1: h '687134968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141',2: { "id": yifenftsafe.ontosoft.com "," name ": yifenftsafe.ontosoft.com" },3 { "id": h '03AC674216F3E15C761EE1A5E255F067953623C8B388B4459E13F978D7C846F4', "icon": https:// Che5 "," name ": 'nQi:" yifenftsafe.ontosoft.449.78 "," displayName ":": 4 { "chejg-7", type "cmift safe.255 {" data 677F 19 ": 19F 19" }, and ": 15E 7C 677F 19F 25F 19" },4 { "sign": 7 ": 3, type": 3, III { "C5B 25F 7E 5, C5C 25E 25B 25F 7C 25F 7C 25F 25C 25F 7C 3E 25C 3E 25F 7D 25C 3E 25C 3F 3D 4' }.
And step 204, the script device receives the first response data returned by the key device through the browser, and analyzes the first response data to obtain a signature value.
Specifically, the script device analyzes first response data returned by the key device to obtain a relying party information hash value, a certificate identifier, a first public key, a second extended parameter and a certificate chain, and analyzes the second extended parameter to obtain a signature value.
In this step, the first response data returned by the key device is:
a301667061636b65640258F1356C9ED4A09321B9695F1EAF918203F1B55F689D
A61FBC96184C157DDA680C81C10000017A310B2830BD4A4DA5832E9A0DFC90AB
F2002005C07EDB19D46CB04F9E5BA1C6E9D632956E804BF9138E380666D1399B
C196E7A5010203262001215820CC94673D47D78DE72AA4DA8749A659F4B9E36E
7AFA952491AB49501EBC93758F225820BE86D4A580A09626000BA24162C471D0
E6A9745E1A00BAC869537D87BA57F915A1697369676E617475726558400D4782
0CE17A8DFFE701B82CFF0B12B521252E04AB13F846E783B9411E8C5AD0D1AEAE
9018ACB911EBD50C75D100FA5627C0ABC34F09F44F4C5FEC54EFB9724203a363
616c67266373696758473045022100e53bc39de5348fef3d5dcf09af06296b94
ce35c190bca71a44
D
6f47d0b16751ad022044b013dedfffbde68a73ad5b71764d349972
13b54b7c0ea9663657e5a0beefff63783563825901e3308201df30820185a003
020102020900d79549bd1a67175f300a06082a8648ce3d04030230
173115301306035504030c0c4654204649444f20303230303020170d31383032
2
30313030303030305a180f32303333303230313233353935395a30
68310b3009060355040613025553311d301b060355040a0c144665697469616e
n
20546563686e6f6c6f6769657331223020060355040b0c19417574
68656e74696361746f72204174746573746174696f6e3116301406035504030c
0d4654204649444f3220303437303059301306072a8648ce3d0201
06082a8648ce3d03010703420004ea84457b338e20ae099eb0f111012937b252
R
cef7197db64b45c148babeb484e8789a7be790fe6e2c5f462296e4
60c24d1666d4676169180a0b0cc98d5295038da3673065301d0603551d0e0416
000000000208cef7197db64b45c148babeb484e8789a7be790fe6e2c5f462296
e460c24d1666d4676169180a0b0cc98d5295038da3673065301d0603551d0e04
16
0414480241fa81291df68997ad8c6db2a2913bb0273a3013060b2b
0601040182e51c0201010404030204703021060b2b0601040182e51c01010404
120410310b2830bd4a4da5832e9a0dfc90abf2300c0603551d1301
01ff04023000300a06082a8648ce3d0403020348003045022100d06651f72e4a
J
d1f91eafdcff6b8e180a0aae2d96d937478fe1507505f0649fce02
2073b60f9990b55438963ef7140638979f3f717124f49c1d31ec2dba9b59a121
!
6a5901823082017e30820125a003020102020101300a06082a8648
ce3d04030230173115301306035504030c0c4654204649444f20303230303020
170d3136303530313030303030305a180f32303530303530313030
303030305a30173115301306035504030c0c4654204649444f20303230303059
Y
301306072a8648ce3d020106082a8648ce3d03010703420004d066
ad1a953b1ced4c954dd7dbed76a70beed2907a89769e7336ff2620be4b199ebe
7448a6d5808124cc74153aef342d5104de556178ed478e08310254
faa385a360305e301d0603551d0e041604144915642dd5bbc6de333a5e0995fc
872336d3bf0b301f0603551d230418301680144915642dd5bbc6de
333a5e0995fc872336d3bf0b300c0603551d13040530030101ff300e0603551d
0f0101ff040403020106300a06082a8648ce3d0403020347003044
0220307cfaa021621407e40105a546b1d1f2d2ce51331964ce9497ff34b24d99
94a50220076c09ea765133ca17fe7038dd187a489a2f3365f00821
ffffe2e2ac101b07430000000000000000000000000000000000000000000000 script device analyzes the response data according to the COBRA code to obtain the response data
The relying party hash value is: h'
356C9ED4A09321B9695F1EAF918203F1B55F689DA61FBC96184C157DDA680C81'
The credential identification is:
h'05C07EDB19D46CB04F9E5BA1C6E9D632956E804BF9138E380666D1399BC196E7'
the first public key is:
h'A5010203262001215820CC94673D47D78DE72AA4DA8749A659F4B9E36E7AFA952491AB49501EBC93758F225820BE86D4A580A09626000BA24162C471D0E6A9745E1A00BAC869537D87BA57F915'
the second extension parameter is: h'
A5010203262001215820CC94673D47D78DE72AA4DA8749A659F4B9E36E7AFA952491AB49501EBC93758F225820BE86D4A580A09626000BA24162C471D0E6A9745E1A00BAC869537D87BA57F915A1697369676E617475726558400D47820CE17A8DFFE701B82CFF0B12B521252E04AB13F846E783B9411E8C5AD0D1AEAE9018ACB911EBD50C75D100FA5627C0ABC34F09F44F4C5FEC54EFB97242'
The certificate chain is: "x5c":
[h'308201DF30820185A003020102020900D79549BD1A67175F300A06082A8648CE3D04030230173115301306035504030C0C4654204649444F20303230303020170D3138303230313030303030305A180F32303333303230313233353935395A3068310B3009060355040613025553311D301B060355040A0C144665697469616E20546563686E6F6C6F6769657331223020060355040B0C1941757468656E74696361746F72204174746573746174696F6E3116301406035504030C0D4654204649444F3220303437303059301306072A8648CE3D020106082A8648CE3D03010703420004EA84457B338E20AE099EB0F111012937B252CEF7197DB64B45C148BABEB484E8789A7BE790FE6E2C5F462296E460C24D1666D4676169180A0B0CC98D5295038DA3673065301D0603551D0E0416000000000208CEF7197DB64B45C148BABEB484E8789A7BE790FE6E2C5F462296E460C24D1666D4676169180A0B0CC98D5295038DA3673065301D0603551D0E04160414480241FA81291DF68997AD8C6DB2A2913BB0273A3013060B2B0601040182E51C0201010404030204703021060B2B0601040182E51C01010404120410310B2830BD4A4DA5832E9A0DFC90ABF2300C0603551D130101FF04023000300A06082A8648CE3D0403020348003045022100D0',"Q\xF7.J\xD1\xF9"]
the script device also analyzes the second extension parameter to obtain a signature value as follows:
{"signature":
h'0D47820CE17A8DFFE701B82CFF0B12B521252E04AB13F846E783B9411E8C5AD0D1AEAE9018ACB911EBD50C75D100FA5627C0ABC34F09F44F4C5FEC54EFB97242'}
in step 205, the script device returns the obtained signature value to the upper layer.
In this embodiment, the step 204 further includes: and verifying the certificate in the certificate chain by using the server certificate, judging whether the certificate is legal or not, if so, executing the step 205, and if not, returning error information to an upper layer.
In this embodiment, the certificate of the server may be built in the script device.
In this embodiment, as shown in fig. 3, the process of verifying the PIN code (personal identification number) before step 201 further includes the following steps:
step 2001, when the script device is called by the upper layer to verify the PIN interface, the script device receives the PIN code value sent by the upper layer;
specifically, the PIN code interface is: verifyPin
The PIN code value is: h '0102030405060708'
Step 2002, the script device generates a third parameter required for calling a credential creating interface of the browser;
specifically, the script device combines the verification PIN code instruction and the PIN code value into a third parameter required by calling a credential creating interface of the browser;
specifically, the PIN code verification instruction is as follows: 0x0B
The third parameter required for forming the verification PIN code instruction 0x0B and the PIN code h '0102030405060708' into a certificate creation interface for calling the browser is as follows: {1:
h'687134968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141',2:{"id":"yifanftsafe.onmicrosoft.com","name":"yifanftsafe.onmicrosoft.com"},3:{"id":h'03AC674216F3E15C761EE1A5E255F067953623C8B388B4459E13F978D7C846F4',"icon":"https://www.ftsafe.com","name":"ChenQi@yifanftsafe.onmicrosoft.com","displayName":"ChenQi"},4:[{"alg":-7,"type":"public-key"}],6:{"cmd":h'0B',"data":h'0102030405060708'}}。
step 2003, the script device calls a voucher creating interface of the browser and sends the third parameter to the intelligent key device through the browser;
and step 2004, the script device receives second response data returned by the intelligent key device through the browser, and analyzes the second response data to obtain a verification result.
In this embodiment, specifically, the verification result is a status code indicating whether the verification is successful.
Specifically, the second response data returned by the smart key device is:
a301667061636b65640258B9356C9ED4A09321B9695F1EAF918203F1B55F689D
A61FBC96184C157DDA680C81C10000017A310B2830BD4A4DA5832E9A0DFC90AB
F2002005C07EDB19D46CB04F9E5BA1C6E9D632956E804BF9138E380666D1399B
C196E7A5010203262001215820CC94673D47D78DE72AA4DA8749A659F4B9E36E
7AFA952491AB49501EBC93758F225820BE86D4A580A09626000BA24162C471D0
E6A9745E1A00BAC869537D87BA57F915A266726573756C744100687472797469
6D6573410603a363616c67266373696758473045022100e53bc39de5348fef3d
5dcf09af06296b94ce35c190bca71a44
D
6f47d0b16751ad022044b013dedfffbde68a73ad5b71764d349972
13b54b7c0ea9663657e5a0beefff63783563825901e3308201df30820185a003
020102020900d79549bd1a67175f300a06082a8648ce3d04030230
173115301306035504030c0c4654204649444f20303230303020170d31383032
2
30313030303030305a180f32303333303230313233353935395a30
68310b3009060355040613025553311d301b060355040a0c144665697469616e
n
20546563686e6f6c6f6769657331223020060355040b0c19417574
68656e74696361746f72204174746573746174696f6e3116301406035504030c
0d4654204649444f3220303437303059301306072a8648ce3d0201
06082a8648ce3d03010703420004ea84457b338e20ae099eb0f111012937b252
R
cef7197db64b45c148babeb484e8789a7be790fe6e2c5f462296e4
60c24d1666d4676169180a0b0cc98d5295038da3673065301d0603551d0e0416
000000000208cef7197db64b45c148babeb484e8789a7be790fe6e2c5f462296
e460c24d1666d4676169180a0b0cc98d5295038da3673065301d0603551d0e04
16
0414480241fa81291df68997ad8c6db2a2913bb0273a3013060b2b
0601040182e51c0201010404030204703021060b2b0601040182e51c01010404
120410310b2830bd4a4da5832e9a0dfc90abf2300c0603551d1301
01ff04023000300a06082a8648ce3d0403020348003045022100d06651f72e4a
J
d1f91eafdcff6b8e180a0aae2d96d937478fe1507505f0649fce02
2073b60f9990b55438963ef7140638979f3f717124f49c1d31ec2dba9b59a121
!
6a5901823082017e30820125a003020102020101300a06082a8648
ce3d04030230173115301306035504030c0c4654204649444f20303230303020
170d3136303530313030303030305a180f32303530303530313030
303030305a30173115301306035504030c0c4654204649444f20303230303059
Y
301306072a8648ce3d020106082a8648ce3d03010703420004d066
ad1a953b1ced4c954dd7dbed76a70beed2907a89769e7336ff2620be4b199ebe
7448a6d5808124cc74153aef342d5104de556178ed478e08310254
faa385a360305e301d0603551d0e041604144915642dd5bbc6de333a5e0995fc
872336d3bf0b301f0603551d230418301680144915642dd5bbc6de
333a5e0995fc872336d3bf0b300c0603551d13040530030101ff300e0603551d
0f0101ff040403020106300a06082a8648ce3d0403020347003044
0220307cfaa021621407e40105a546b1d1f2d2ce51331964ce9497ff34b24d99
94a50220076c09ea765133ca17fe7038dd187a489a2f3365f00821
ffffe2e2ac101b07430000000000000000000000000000000000000000000000。
the script device analyzes the second response data to obtain a verification result:
status code indicating successful verification: { "result": h '00', "trytimes": h '06' }.
In this embodiment, the verification result may be a status code indicating that the verification is successful, or may be a status code indicating that the verification fails.
Specifically, if the failure occurs, the status code is: { "result": h '01', "trytimes": h '05' }.
In step 2005, the script device sends the verification result to the upper layer.
Accordingly, when the verification result in step 2005 is the status code indicating that the verification is successful, step 201 is performed.
Example 3
As shown in FIG. 4, the present invention provides a scripting device 400, comprising:
a generating module 401, configured to generate a second parameter required to invoke a credential creating interface of a browser; the second parameters comprise relying party information, user information, a challenge code, a first public key certificate parameter, a blacklist and a first extension parameter;
a calling module 402, configured to call a credential creation interface of a browser;
a sending module 403, configured to send the second parameter to the key device through the browser;
a receiving module 404, configured to receive, by the browser, first response data returned by the key device;
the parsing module 405 is configured to parse the first response data to obtain a relying party information hash value, a credential identifier, a first public key, a second extended parameter, and a certificate chain, and parse the second extended parameter to obtain a signature value.
The receiving module 404 is further configured to receive a first parameter sent by the upper layer when the signature interface of the script device is called by the upper layer, where the first parameter includes: a key type and a signature algorithm, and signing the original text;
the generating module 401 is further configured to generate a first extended parameter according to the first parameter;
and a sending module 403, configured to send the signature value to an upper layer.
The generating module 401 is further specifically configured to combine the signature operation instruction and the first parameter into a first extended parameter.
The script device further includes: the verification module is used for verifying whether the certificate in the certificate chain is legal or not by using a preset server certificate;
the sending module 403 is further specifically configured to send the signature value to an upper layer when the verification module verifies that the certificate is legal; and when the certificate is verified to be illegal by the verification module, returning error information to the upper layer.
The receiving module 404 is further configured to receive a personal authentication code value sent by an upper layer when the authentication personal authentication code interface of the script device is called by the upper layer;
the generating module 401 is further configured to compose, according to the personal authentication code value, a third parameter required for invoking a credential creation interface of the browser;
a receiving module 404, configured to receive second response data returned by the smart key device through the browser;
the analysis module 405 is further configured to analyze the second response data to obtain a verification result;
a sending module 403, configured to send the third parameter to the smart key device through the browser; and is also used for sending the verification result to the upper layer.
The generating module 401 is specifically configured to generate a second parameter required to invoke a credential creation interface of the browser when the verification result is specifically a status code indicating that the verification is successful.
The above description is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method for implementing a signature by a script device, the method comprising:
step 101: the script device generates a second parameter required by calling a credential creating interface of the browser; the second parameters comprise relying party information, user information, a challenge code, a first public key certificate parameter, a blacklist and a first extension parameter;
step 102: the script device calls a credential creating interface of the browser and sends the second parameter to the key device through the browser;
step 103: the script device receives first response data returned by the key equipment through the browser, analyzes the first response data, obtains a relying party information hash value, a certificate identifier, a first public key, a second extended parameter containing a signature value and a certificate chain, and analyzes the second extended parameter to obtain the signature value;
the step 101 further comprises the step 100: when a signature interface of the script device is called by an upper layer, the script device receives a first parameter sent by the upper layer, wherein the first parameter comprises: a key type and a signature algorithm, and signing the original text;
the step 101 further comprises: the script device generates the first extension parameter according to the first parameter;
step 103 is followed by step 104: the script device sends the signature value to the upper layer.
2. The method according to claim 1, wherein the generating, by the script device, the first extended parameter according to the first parameter is specifically: and the script device combines the signature operation instruction and the first parameter to obtain a first extended parameter.
3. The method of claim 1, wherein the step 103 is followed by the step 104 and further comprises: the script device uses a preset server certificate to verify whether the certificate in the certificate chain is legal, if so, step 104 is executed, and if not, error information is returned to an upper layer.
4. The method of claim 1, wherein the step 101 further comprises the steps of:
step 101': the script device is called by an upper layer to verify a personal verification code interface, and receives a personal verification code value sent by the upper layer;
102', the script device composes a third parameter required for calling a voucher creating interface of the browser according to the personal authentication code value;
step 103': the script device calls a credential creating interface of the browser and sends a third parameter to the intelligent key equipment through the browser;
step 104': the script device receives second response data returned by the intelligent key equipment through a browser, and analyzes the second response data to obtain a verification result;
step 105': and the script device sends the verification result to an upper layer.
5. The method according to claim 4, wherein the verification result is specifically a status code indicating that the verification is successful, and the step 105' is specifically: after the script device sends the status code indicating that the verification is successful to the upper layer, step 101 is executed.
6. A scripting apparatus, wherein the apparatus comprises:
the generating module is used for generating a second parameter required by the establishment of the voucher interface of the calling browser; the second parameters comprise relying party information, user information, a challenge code, a first public key certificate parameter, a blacklist and a first extension parameter;
the calling module is used for calling a voucher creating interface of the browser;
the sending module is used for sending the second parameter to the key device through the browser;
the receiving module is used for receiving first response data returned by the key equipment through a browser;
the analysis module is used for analyzing the first response data to obtain a relying party information hash value, a certificate identifier, a first public key, a second expansion parameter containing a signature value and a certificate chain, and analyzing the second expansion parameter to obtain the signature value;
the receiving module is further configured to receive a first parameter sent by an upper layer when a signature interface of the script device is called by the upper layer, where the first parameter includes: key type and signature algorithm, signature original text;
the generating module is further configured to generate the first extended parameter according to the first parameter;
the sending module is further configured to send the signature value to the upper layer.
7. The apparatus of claim 6, wherein the generating module is further specifically configured to combine the signature operation instruction and the first parameter into a first extended parameter.
8. The apparatus of claim 6, wherein the script means further comprises: the verification module is used for verifying whether the certificate in the certificate chain is legal or not by using a preset server certificate;
the sending module is further specifically configured to send the signature value to the upper layer when the verification module verifies that the certificate is legal; and when the authentication module authenticates that the certificate is illegal, returning error information to the upper layer.
9. The apparatus of claim 6, wherein the receiving module is further configured to receive the personal authentication code value sent by the upper layer when the authentication personal authentication code interface of the script apparatus is called by the upper layer;
the generation module is also used for forming a third parameter required by the establishment of a credential interface of the calling browser according to the personal authentication code value;
the receiving module is further configured to receive second response data returned by the smart key device through the browser;
the analysis module is further used for analyzing the second response data to obtain a verification result;
the sending module is further configured to send the third parameter to the smart key device through a browser; and is further configured to send the verification result to an upper layer.
10. The apparatus of claim 9, wherein the generation module is specifically configured to: and when the verification result is specifically the status code indicating successful verification, generating a second parameter required for calling a credential creating interface of the browser.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811629444.6A CN109726573B (en) | 2018-12-29 | 2018-12-29 | Method for realizing signature through script device and script device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811629444.6A CN109726573B (en) | 2018-12-29 | 2018-12-29 | Method for realizing signature through script device and script device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109726573A CN109726573A (en) | 2019-05-07 |
| CN109726573B true CN109726573B (en) | 2021-01-15 |
Family
ID=66297843
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811629444.6A Active CN109726573B (en) | 2018-12-29 | 2018-12-29 | Method for realizing signature through script device and script device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109726573B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9178904B1 (en) * | 2013-09-11 | 2015-11-03 | Symantec Corporation | Systems and methods for detecting malicious browser-based scripts |
| CN105871557A (en) * | 2016-05-18 | 2016-08-17 | 飞天诚信科技股份有限公司 | E-mail signature method, device and system |
| CN106060128A (en) * | 2016-05-25 | 2016-10-26 | 飞天诚信科技股份有限公司 | Method and device for browser to access smart key equipment |
| CN106878319A (en) * | 2017-03-06 | 2017-06-20 | 中国科学院数据与通信保护研究教育中心 | A kind of method and system that Digital signature service is provided |
-
2018
- 2018-12-29 CN CN201811629444.6A patent/CN109726573B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9178904B1 (en) * | 2013-09-11 | 2015-11-03 | Symantec Corporation | Systems and methods for detecting malicious browser-based scripts |
| CN105871557A (en) * | 2016-05-18 | 2016-08-17 | 飞天诚信科技股份有限公司 | E-mail signature method, device and system |
| CN106060128A (en) * | 2016-05-25 | 2016-10-26 | 飞天诚信科技股份有限公司 | Method and device for browser to access smart key equipment |
| CN106878319A (en) * | 2017-03-06 | 2017-06-20 | 中国科学院数据与通信保护研究教育中心 | A kind of method and system that Digital signature service is provided |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109726573A (en) | 2019-05-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11134071B2 (en) | Data exchange during multi factor authentication | |
| EP3208732A1 (en) | Method and system for authentication | |
| CN101345617B (en) | Safety authentication system and method | |
| US11349831B2 (en) | Technique for downloading a network access profile | |
| US20130041830A1 (en) | Methods and apparatus to provision payment services | |
| CN110943844B (en) | Electronic document security signing method and system based on local service of webpage client | |
| CN108322416B (en) | Security authentication implementation method, device and system | |
| CN111107085A (en) | Safety communication method based on publish-subscribe mode | |
| CN106603571A (en) | Safety authentication method and safety authentication device | |
| CN114266033A (en) | Verification code generation method and device, verification code login system and electronic equipment | |
| KR101452299B1 (en) | Security metohd and server using program code guaranteed integrity | |
| CN113364582B (en) | Method for communication key configuration and update management in transformer substation | |
| CN114462096A (en) | Block chain-based Internet of things equipment control method and device, computer equipment and storage medium | |
| CN111767531B (en) | Authentication system and method based on biological characteristics | |
| CN104079527A (en) | Information processing method and electronic equipment | |
| CN109726573B (en) | Method for realizing signature through script device and script device | |
| CN110189125B (en) | Interactive digital signature method and system | |
| CN110336773B (en) | Credibility guaranteeing system, verification method and storage medium of IoT (Internet of things) equipment data | |
| CN104301285B (en) | Login method for web system | |
| CN114679276B (en) | Identity authentication method and device of time-based one-time password algorithm | |
| CN105871557A (en) | E-mail signature method, device and system | |
| CN111464554B (en) | Vehicle information safety control method and system | |
| CN110399714B (en) | Method for verifying authenticity of trusted user interface of terminal and system thereof | |
| CN112669033A (en) | Transaction authentication method based on FIDO equipment and FIDO equipment | |
| CN104717641A (en) | Digital signature generating method based on SIM card and SIM card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |