CN110189125B - Interactive digital signature method and system - Google Patents
Interactive digital signature method and system Download PDFInfo
- Publication number
- CN110189125B CN110189125B CN201910458900.3A CN201910458900A CN110189125B CN 110189125 B CN110189125 B CN 110189125B CN 201910458900 A CN201910458900 A CN 201910458900A CN 110189125 B CN110189125 B CN 110189125B
- Authority
- CN
- China
- Prior art keywords
- signature
- certificate
- special
- result
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Abstract
The invention discloses a method and a system for interactive digital signature, which comprises a registration process and an application process, wherein the registration process comprises the following steps: the client generates a special signature certificate request according to the general signature certificate, the received special key pair public key generated by the key device and the first signature result and sends the special signature certificate request to the registrant, and the registrant generates a special signature certificate after verifying that the special signature certificate request is legal and sends the special signature certificate request to the client; the client saves the special signature certificate to the key device, and the application process comprises the following steps: the client side forms a signature data packet according to the data to be signed, the special signature certificate and a third signature result sent by the key equipment, and sends the signature data packet to the signature verifier; and the signature verifying party verifies the signature to be signed data according to the triggering condition and the third signature result to obtain a signature verification result after judging that the signature certificate in the signature data packet is the special signature certificate and is valid. The technical scheme of the invention reduces the risk caused by the problem of label cheating.
Description
Technical Field
The invention relates to the field of information security, in particular to an interactive digital signature method and system.
Background
With the popularization of network payment, a convenient life style is brought, but the safety problem is increasingly highlighted, the occurrence of an intelligent secret key device with an electronic signature function becomes a mainstream solution of network safety, but the situation that an interactive electronic signature is imitated by using a general electronic signature occurs sometimes, and compared with the general electronic signature, the interactive electronic signature function adds a link of interactive confirmation in the process of generating the electronic signature, but if the situation that the signature result is the same and the rechecking information is different exists, even if the user confirmation can be determined when the signature is generated, the rechecking information according to the user confirmation cannot be determined, so that the hidden danger of signature cheating exists when the electronic signature occurs.
Disclosure of Invention
In order to solve the above technical problems, the present invention provides an interactive digital signature method, comprising: a registration process and an application process, wherein the registration process comprises:
step S1, the client sends a request for generating a private key pair to the key device having the preset signature key pair;
step S2, the key device receives the request for generating the private key pair, generates the private key pair in the private key container, and sends the public key of the private key pair to the client;
step S3, the client receives the private key pair public key, packages the private key pair public key and the preset general signature certificate, and sends the packaged data to the key device;
step S4, the key device signs the received packaged data by using a preset signature key pair, generates a first signature result, and sends the first signature result to the client;
step S5, the client receives the first signature result, generates a special signature certificate request according to the public key of the special key pair, the general signature certificate and the first signature result, and sends the special signature certificate request to the registrant;
step S6, the registrant receives the request of special signature certificate, judges if the request is legal according to the general signature certificate and the first signature result, if yes, executes step S7, if no, ends;
step S7, the registrant generates a special signature certificate according to the registrant unique identification information and the special key pair public key, and sends the special signature certificate to the client;
step S8, the client saves the special signature certificate to the key device;
the application process comprises the following steps:
step S11, the client sends the data to be signed to the special key container of the key device;
step S12, the key device determines whether the private key container is valid, if yes, go to step S13; if not, the key device judges whether the preset key container is valid, if so, the step S15 is executed, otherwise, the operation is finished;
step S13, the key device judges whether the data to be signed has the trigger condition, if yes, the key device prompts the user to confirm, and executes step S14, if no, the process is finished;
step S14, after the key device receives the confirmation information of the user, the private key of the key device is used to sign the data to be signed by the private key to obtain a third signature result, and step S16 is executed;
step S15, the secret key device signs the data to be signed by the secret key using the preset secret key of the secret key device to obtain a third signature result, and step S16 is executed;
step S16, the key device sends the third signature result to the client.
The invention also provides an interactive digital signature system, which comprises a client, key equipment and registration equipment; wherein the key device has a preset signature key pair;
the client comprises:
the first sending module is used for sending a request for generating a private key pair to the second receiving module; the first group of packet modules is used for sending the packed data obtained by the first group of packet modules to the second receiving module; the first generation module is used for generating a special signature certificate request; the key device is also used for sending data to be signed to a special key container of the key device; the signature data packet generated by the first generation module and the device information received by the first receiving module are also sent to the fourth receiving module;
the first receiving module is used for receiving the private key pair public key sent by the second sending module; the first signature result is also used for receiving the first signature result sent by the second sending module; the special signature certificate is also used for receiving the special signature certificate sent by the third sending module; the second sending module is also used for sending a third signature result;
the first generation module is used for generating a special signature certificate request according to the special key pair public key, a preset general signature certificate and a first signature result; the signature data package is also used for generating a signature data package according to the data to be signed, the third signature result and the special signature certificate;
the first group packaging module is used for packaging the private key pair public key and the preset general signature certificate to obtain packaged data;
the storage module is used for storing the special signature certificate sent by the third sending module to the key device;
the key device includes:
the second receiving module is used for receiving the request for generating the private key pair sent by the first sending module; the first sending module is used for sending a first group of packet modules to the second sending module; the first sending module is used for sending the data to be signed to the private key container of the key device; receiving confirmation information of the user;
a second generation module for generating a private key pair in a private key container;
the second sending module is used for sending the private key pair public key generated by the first generating module to the first receiving module; the first signature module is used for generating a first signature result; the first signature module is also used for sending a third signature result generated by the second signature module to the first receiving module;
the second signature module is used for signing the packaged data obtained by the first group of package modules to generate a first signature result; the private key of the key equipment is used for signing the data to be signed by the private key to obtain a third signature result; the device is also used for signing the data to be signed by using the private key to obtain a third signature result;
the second judgment module is used for judging whether the special key container is valid, judging whether a preset key container is valid, and judging whether the data to be signed has a trigger condition;
the prompting module is used for prompting a user to confirm;
a second ending module for ending the flow;
the registration device includes:
the third receiving module is used for receiving the special signature certificate request sent by the first sending module;
the third judging module is used for judging whether the special signature certificate request is legal or not according to the general signature certificate and the first signature result;
the third generation module is used for generating a special signature certificate according to the unique identification information of the registrant and the special key pair public key;
a third ending module for ending the flow;
and the third sending module is used for sending the special signature certificate to the first receiving module.
The invention provides a signature verification method of an interactive digital signature, which comprises the following steps:
step S100, a signature checking party receives a signature data packet and equipment information sent by key equipment;
step S101, the signature checking party judges whether the signature certificate in the signature data packet is the signature certificate of the user according to the received equipment information, if so, step S102 is executed, and if not, the process is finished;
step S102, the signatory judges whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant, if the signature certificate is the special signature certificate, step S103 is executed, and if the signature certificate is the general signature certificate, step S105 is executed;
step S103, the signature checking party judges whether the special signature certificate is valid, if so, step S104 is executed, and if not, the process is ended;
step S104, the signature checking party checks the signature of the data to be signed according to the triggering condition and the third signature result to obtain a signature checking result, and sends the signature checking result to the client; and (6) ending.
Step S105, the signature checking party checks the signature of the data to be signed according to the third signature result to obtain a signature checking result, and sends the signature checking result to the client; and (6) ending.
The invention provides a verification device of an interactive digital signature, which comprises:
the fourth receiving module is used for receiving the signature data packet and the equipment information sent by the client;
the fourth judging module is used for judging whether the signature certificate is the signature certificate of the user according to the received equipment information; the signature certificate is also used for judging whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant; the special signature certificate is also used for judging whether the special signature certificate is valid;
a fourth ending module for ending the flow;
the fourth signature verification module is used for verifying the signature of the data to be signed according to the triggering condition and the third signature result to obtain a signature verification result; (ii) a The signature verification module is also used for verifying the data to be signed according to the third signature result to obtain a signature verification result;
and the fourth sending module is used for sending the signature verification result obtained by the fourth signature verification module to the client.
The invention has the beneficial effects that: the invention provides a method and a system for interactive digital signature, which designs a more complete electronic signature scheme with recheck information including certificate signing and issuing, signature calculation and signature verification based on the technical scheme of double signature certificates, namely a general signature certificate and a special signature certificate, and realizes the isolation of the interactive electronic signature and the general electronic signature by using different signature keys through the method of the interactive electronic signature and the general electronic signature, thereby reducing the risk brought by the problem of signature cheating.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a registration process of a method for interactive digital signature according to embodiment 1 of the present invention;
fig. 2 is a flowchart of an application process of a method for interactive digital signature according to embodiment 1 of the present invention;
fig. 3 is a flowchart of a registration process of a method for interactive digital signature according to embodiment 2 of the present invention;
fig. 4A and 4B are flowcharts illustrating an application process of a method for interactive digital signature according to embodiment 2 of the present invention;
fig. 5 is a structural diagram of an interactive digital signature system according to embodiment 3 of the present invention;
fig. 6 is a flowchart of a signature verification method for an interactive digital signature according to embodiment 4 of the present invention;
fig. 7 is a block diagram of an interactive digital signature verification apparatus according to embodiment 5 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The embodiment provides an interactive digital signature method, which specifically includes a registration process and an application process, as shown in fig. 1, the registration process includes:
step A1, the client sends a request for generating a private key pair to a key device with a preset signing key pair;
step A2, the key device receives the request for generating the private key pair, generates the private key pair in the private key container, and sends the public key of the private key pair to the client;
step A3, the client receives the private key pair public key, packages the private key pair public key and the preset general signature certificate to obtain packaged data, and sends the packaged data to the key device;
step A4, the key device signs the received packaged data by using a preset signature key pair, generates a first signature result, and sends the first signature result to the client;
step A5, the client receives the first signature result, generates a special signature certificate request according to the public key of the special key pair, the general signature certificate and the first signature result, and sends the special signature certificate request to the registrant;
step A6, the registrant receives the request of special signature certificate, judges whether the request of special signature certificate is legal according to the general signature certificate and the first signature result, if yes, executes step A7, if no, ends;
step A7, the registrant generates a special signature certificate according to the registrant unique identification information and the special key pair public key, and sends the special signature certificate to the client;
step A8, the client stores the special signature certificate to the key device;
the application process comprises the following steps:
step A11, the client sends the data to be signed to the private key container of the key device;
step A12, the key device determines whether the private key container is valid, if so, performs step A13; if not, the key device judges whether the preset key container is valid, if so, the step A15 is executed, otherwise, the operation is finished;
step A13, the key device judges whether the data to be signed has the trigger condition, if yes, the key device prompts the user to confirm, step A14 is executed, if no, the process is finished;
step A14, after the key device receives the confirmation information of the user, the private key of the key device is used to sign the data to be signed by the private key to obtain a third signature result, and step A16 is executed;
step A15, the key device signs the data to be signed by the private key by using the key device preset key to obtain a third signature result, and step A16 is executed;
step a16, the key device sends the third signature result to the client.
In this embodiment, step a16 may further include:
step A17, the client receives the third signature result, generates a signature data packet according to the data to be signed, the third signature result and the signature certificate, and sends the signature data packet and the equipment information to the signature verifier;
step A18, the signature checking party receives the signature data packet and the equipment information;
step A19, the signer judges whether the signature certificate in the signature data packet is the signature certificate of the user according to the received equipment information, if so, the step A20 is executed, and if not, the process is ended;
step A20, the signer judges whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant, if the signature certificate is the special signature certificate, step A21 is executed, and if the signature certificate is the general signature certificate, step A23 is executed;
step A21, the signer judges whether the special signature certificate is valid, if yes, step A22 is executed, if no, the process is ended;
step A22, the signature checking party checks the signature of the data to be signed according to the triggering condition and the third signature result to obtain a signature checking result, and sends the signature checking result to the client; and (6) ending.
Step A23, the signature checking party checks the signature of the data to be signed according to the third signature result to obtain a signature checking result, and sends the signature checking result to the client; and (6) ending.
In this embodiment, the method further includes the following steps before step a1 or after step a 2:
step Aa1, the client sends a request for obtaining device information to the key device;
step Aa2, the key device receives the request for obtaining the device information and sends the device information to the client;
the step a5 specifically includes: the client receives the equipment information, generates user unique identification information according to the equipment information, packages the user unique identification information, the private key pair public key and the preset general signature certificate, and sends the packaged data to the key equipment;
the step a7 specifically includes: the registrant generates a special signature certificate according to the registrant unique identification information, the user unique identification information and the special key pair public key, and sends the special signature certificate to the client.
In this embodiment, the judging, by the registrar, whether the request for the private-signed certificate is legitimate based on the general-signed certificate and the first signature result in step a6 includes:
the registrant analyzes the special signature certificate request to obtain the unique identification information of the user, and the special key is used for the public key, the general signature certificate and the first signature result; the public key in the general signature certificate is used for analyzing the first signature result to obtain a first hash value, the unique identification information of the user, the general signature certificate and the special key are packaged into a public key pair, hash calculation is carried out on the packaged data to obtain a second hash value, whether the first hash value and the second hash value are the same or not is judged, if yes, the special signature certificate request is legal, and if not, the special signature certificate request is illegal.
In this embodiment, the step a7, where the generating, by the registrar, the private signature certificate according to the unique identifier information of the registrar and the public key of the private key pair specifically includes: the registrant uses a private key in the registrant root directory certificate to perform signature operation on the private key pair public key, the user unique identification information and the registrant unique identification information to obtain a second signature result; and forming a special signature certificate by the public key of the special key pair, the unique identification information of the user, the unique identification information of the registrant and the second signature result.
In this embodiment, the step a13 of determining, by the key device, whether the data to be signed has the trigger condition specifically includes: the key device determines whether all of the following conditions are met:
1) the key device judges that the conditions required for generating the digital signature are met;
2) the key device judges that the authority requirement required by generating the digital signature is met;
3) and the key device judges that the data to be signed has the trigger characteristic.
In this embodiment, the key device determining that the condition required for generating the digital signature is satisfied includes: the key device judges that the algorithm used for generating the digital signature is a specified algorithm; the key device determining compliance with the requirements for rights required to generate the digital signature includes: the secret key judges that the verification of the personal identification code is in an effective state; the key device for judging the data to be signed has the triggering characteristics comprises the following steps: the key device judges that the format of the data to be signed meets the specified format requirement.
In this embodiment, the receiving, by the signer, the signature packet and the device information in step a18 further includes: the signature verifying party analyzes the signature data packet to obtain equipment information and a signature certificate;
in step a19, the verifying party determines whether the special signature certificate is the signature certificate of the user according to the received device information, specifically: and the signature verifier judges whether the analyzed device information is the same as the received device information, if so, the signature certificate is the signature certificate of the user, and if not, the signature certificate is not the signature certificate of the user.
In this embodiment, the step a21 of determining whether the private signature certificate is valid includes: the signature verifying party analyzes the signature data packet to obtain a special signature certificate, and analyzes the special signature certificate to obtain a second signature result; and the signature checking party judges whether the second signature result in the special signature certificate is legal or not, if so, the special signature certificate is valid, and if not, the special signature certificate is invalid.
In this embodiment, the determining, by the signer, whether the second signature result in the special signature certificate is legal further includes: and the signature checking party judges whether the certificate chain in the special signature certificate is legal or not, if so, the second signature result in the special signature certificate is legal, and if not, the second signature result in the special signature certificate is illegal.
In this embodiment, the determining, by the signer, whether the second signature result in the special signature certificate is legal further includes: and the signature checking party judges whether the date in the special signature certificate is valid, if so, the second signature result in the special signature certificate is legal, and if not, the second signature result in the special signature certificate is illegal.
In this embodiment, the specific step of the signer determining whether the certificate chain in the special signature certificate is legal is: and judging whether the certificate chain in the special signature certificate contains the digital certificate of the special sub-certificate authority, if so, determining that the certificate chain in the special signature certificate is legal, and if not, determining that the certificate chain in the special signature certificate is illegal.
In this embodiment, the step a22 of the signer verifying the data to be signed according to the trigger condition and the third signature result includes: the signature checking party judges whether the data to be signed has the triggering condition, if so, the public key of the special signature certificate is used for judging whether the third signature result is legal, and if so, the signature checking result is successful; and if the data to be signed does not have the triggering condition, the signature verification result is failure.
In this embodiment, the judging, by the signer, whether the data to be signed has the trigger condition specifically includes: and the signature checking party judges whether the data to be signed has the triggering characteristics and the interactive characteristics, if so, the data to be signed has the triggering conditions, and if not, the data to be signed does not have the triggering conditions.
In this embodiment, the judging, by the signer, whether the data to be signed has the trigger feature and the interactive feature includes: and the signature checking server judges whether the format to be signed meets the specified format requirement or not and has the interactive characteristics of the account transfer person, the transfer amount and the transfer object.
Example 2
The embodiment provides an interactive digital signature method, which specifically includes a registration process and an application process, where as shown in fig. 3, the registration process includes the following steps:
step 1, a client sends a request for creating an application to a key device;
specifically, in this embodiment, a general signature key pair is preset in advance in the key device.
Step 2, the key device creates an application;
step 3, the key device sends a response of successful application creation to the client;
step 4, the client sends a request for creating a special key container to the key device;
step 5, the key device creates a special key container;
step 6, the key device sends a response of successful creation of the private key container to the client;
step 7, the client sends a request for creating a private key pair in the private key container to the key device;
step 8, the key device creates a private key pair in the private key container;
wherein the private key pair comprises a private key pair public key and a private key pair private key.
Step 9, the key device sends a response of successful creation of the private key pair to the client;
step 10, the client sends a request for obtaining a private key pair and a public key to the key device;
step 11, the key device sends the public key of the private key pair to the client;
step 12, the client sends a request for obtaining the device information to the key device;
step 13, the key device sends the device information to the client;
specifically, the device information may be a device serial number of the key device.
Step 14, the client side combines the device information and the user information input by the user into user unique identification information, and packages the user unique identification information, the private key pair public key and the preset general signature certificate to obtain packaged data;
in this embodiment, the general signature certificate of the client corresponds to the preset signature key pair in the key device.
Specifically, in this step, the client combines the device information and the user information input by the user into user unique identification information, packages the user unique identification information, the private key pair public key, and the preset general signature certificate, performs hash operation on the packaged data to obtain a first hash value, and uses the first hash value as the packaged data.
Step 15, the client sends the packaged data to the key device;
step 16, the key device signs the packaged data to obtain a first signature result;
specifically, the key device performs signature operation on the group data by using a private key in a preset signature key pair to obtain a first signature result.
Step 17, the key device sends the first signature result to the client;
step 18, the client packages the user unique identification information, the private key pair public key, the general signature certificate and the first signature result to generate a private signature certificate request;
step 19, the client sends the request of the special signature certificate to the registration server through the registration front-end processor;
step 20, the registration server analyzes the request of the special signature certificate to obtain the unique identification information of the user, and the special key is used for the public key, the general signature certificate and the first signature result;
step 21, the registration server judges whether the general signature certificate is valid, if yes, step 22 is executed, and if not, the registration server sends a message of failed verification to the client through the registration front-end processor;
step 22, the registration server uses the general signature certificate to perform signature verification operation on the first signature result, and judges whether the signature verification operation is successful, if so, step 23 is executed, if not, the registration server sends information of verification failure to the client, and the operation is finished;
specifically, in this step, the registration server uses the public key in the general signature certificate to analyze the first signature result to obtain a first hash value, packages the public key with the user unique identification information, the general signature certificate and the private key, performs hash calculation on the packaged data to obtain a second hash value, determines whether the first hash value and the second hash value are the same, if so, performs step 23 if not, the registration server sends information that the verification fails to the client, and ends.
Step 23, the registration server uses the private key in the root directory certificate of the registration server to perform signature operation on the public key of the private key pair, the unique identification information of the user and the unique identification information of the registration server to obtain a second signature result; forming a special signature certificate by the public key of the special key pair, the unique identification information of the user, the unique identification information of the registration server and the second signature result;
specifically, in this step, the registration server packages the private key pair public key, the user unique identification information, and the unique identification information of the registration server, performs hash operation on the packaged data to obtain a third hash value, and performs signature operation on the third hash value by using a private key in a root directory certificate of the registration server to obtain a second signature result; forming a special signature certificate by the public key of the special key pair, the unique identification information of the user, the unique identification information of the registration server and the second signature result;
wherein, the special signature certificate also comprises a certificate chain.
Step 24, the registration server sends the special signature certificate to the client through the registration front-end processor;
step 25, the client receives the special signature certificate;
the client saves the private signed certificate to the private key container of the key device, step 26.
As shown in fig. 4A and 4B, the application process includes the following steps:
step 101, a client sends an instruction for opening an application to a key device;
step 102, the key device opens an application;
103, the key device sends a response of opening the application to the client;
104, the client sends an instruction for opening the special key container to the key device;
step 105, the key device opens the private key container;
step 106, the key device sends a response to the client to open the private key container;
step 107, the client sends the data to be signed to the private key container of the key device;
specifically, the client sends the handle representing the key container and the data to be signed to the key device.
Step 108, the key device receives data to be signed;
step 109, the key device determines whether the private key container is valid, if yes, go to step 110; if not, the key device determines whether the preset key container is valid, if so, step 112 is performed, and if not, the process is ended.
The key device determines whether the private key device container is valid, specifically, the key device determines whether the received handle of the key container is the same as the handle of the opened private key container, if so, the private key device container is valid, and if not, the private key container is invalid.
The key device determines whether the preset key container is valid, specifically, the key device determines whether the received handle of the key container is the same as the handle of the preset key container, if so, the preset key container is valid, and if not, the preset key container is invalid.
Step 110, the key device judges whether the data to be signed has the trigger condition, if yes, the user is prompted to confirm, step 111 is executed, and if not, the process is ended;
specifically, the key device determining whether the data to be signed has the trigger condition includes:
the key device determines whether a condition required for generating the digital signature is satisfied, for example, whether an algorithm used for generating the digital signature is a specified algorithm, and specifically, the specified algorithm may be SM 3;
the key device judges whether the authority requirement required for generating the digital signature is met, and specifically, whether the verification of the PIN code is in a valid state can be judged for the key;
the key device determines whether the data to be signed has the trigger feature, and specifically, may determine, for the key device, whether the format of the data to be signed meets a specified format requirement. Specifically, the data to be signed can be encoded by UTF-8 based on XML or JSON format. The XML element tag adopts a single English letter upper case form, and the element attribute adopts a single English letter lower case form. The transaction message does not include linefeed and space indentation.
And when all the judgments are yes, the key device judges that the data to be signed has the trigger condition, otherwise, the data to be signed does not have the trigger condition. Specifically, the method further includes that after the key device determines that the data to be signed has the trigger condition, the key device prompts the user to confirm, and if the user's confirmation operation is not received within a predetermined time, the key device sends a message that the signing operation fails to the client, and the method is ended.
specifically, in this step, hash operation is performed on the data to be signed to obtain a fifth hash value, and the private key in the private key container is used to perform signature operation on the fifth hash value to obtain a third signature result.
Step 112, the key device signs the data to be signed by using the private key to obtain a third signature result by using a preset key, and step 113 is executed;
specifically, in this step, hash operation is performed on the data to be signed to obtain a fifth hash value, and a preset key is used to perform signature operation on the fifth hash value to obtain a third signature result.
Step 113, the key device sends the third signature result to the client;
specifically, the method may further include the following steps: the key device deletes the third signature result from the key device.
Step 114, the client encapsulates the data to be signed, the received third signature result and the signature certificate to form a signature data packet;
step 115, the client sends the signature data packet to a signature checking front-end processor through the application server;
specifically, the step may be: and the client sends the signature data packet and the equipment information to the signature verification front-end processor through the application server.
Step 116, the signature verification front-end processor receives the signature data packet and analyzes the signature data packet to obtain data to be signed, a signature certificate and a third signature result;
specifically, in this step, the signature verification front-end processor receives the signature data packet and the device information, and analyzes the signature data packet to obtain the data to be signed, the signature certificate and a third signature result.
Further, the step specifically includes analyzing the signature certificate to obtain unique identification information of the user and unique identification information of the registration server.
Step 117, the signature checking front-end processor judges whether the signature certificate is the signature certificate of the user, if so, step 118 is executed, and if not, the process is ended;
specifically, the signature verification front-end processor analyzes the unique identification information of the user to obtain the equipment information, judges whether the analyzed equipment information is consistent with the received equipment information, if so, the signature certificate is the signature certificate of the user, and if not, the signature certificate is not the signature certificate of the user.
Step 118, the signature checking front-end processor judges whether the signature certificate is a special signature certificate or a general signature certificate, if the signature certificate is the special signature certificate, step 119 is executed, if the signature certificate is the general signature certificate, the signature checking front-end processor sends a signature checking request to a signature checking server, and step 122 is executed;
specifically, in this step, the signature check front-end processor determines whether the unique identification information of the registration server obtained by analyzing the signature certificate is consistent with the unique identification information of the registration server preset by itself, if so, the signature certificate is a special signature certificate, and if not, the signature certificate is a general signature certificate.
119, the signature checking front-end processor performs signature checking operation on the special signature certificate, judges whether the signature checking result is successful, and if so, executes 120; if not, the signature checking front-end processor sends the information of the failed signature checking to the client through the application server;
specifically, step 119 may be: the signature checking front-end processor judges whether a second signature result in the special signature certificate is legal or not, if so, the signature checking result is successful, and if not, the signature checking result is failed;
specifically, the second signature result may also be obtained by parsing the signature certificate in step 116.
Specifically, in this step, the signature checking front-end processor determines whether the second signature result in the special signature certificate is legal, specifically, the signature checking front-end processor analyzes the second signature result by using a public key in a preset root directory certificate of the registration server to obtain a third hash value, the signature checking front-end processor performs hash operation on the public key of the special key pair, the unique identification information of the user, and the unique identification information of the registration server to obtain a fourth hash value, determines whether the third hash value is the same as the fourth hash value, if so, the second signature result is legal, and if not, the second signature result is illegal.
Specifically, in this step, the determining, by the signature check front-end processor, whether the second signature result in the special signature certificate is legal further includes: and the signature checking front-end processor judges whether the date of the special signature certificate is valid, if so, judges whether a second signature result in the special signature certificate is legal, and if not, the signature checking front-end processor sends the information of signature checking failure to the client through the signature checking front-end processor, and the operation is finished.
Specifically, in this step, the determining, by the signature check front-end processor, whether the second signature result in the special signature certificate is legal further includes:
and the signature checking front-end processor judges whether the certificate chain in the special signature certificate is legal or not, if so, the signature checking operation result is successful, and if not, the signature checking operation result is failed.
The specific steps of judging whether the certificate chain in the special signature certificate is legal by the signature verification front-end processor are as follows:
and the signature checking front-end processor judges whether the certificate chain in the special signature certificate contains a digital certificate of a special CA (certificate authority), if so, the signature checking operation result is successful, and if not, the signature checking operation result is failed.
Step 120, the signature verification front-end processor sends a signature verification request to a signature verification server, and step 121 is executed;
specifically, the signature verification front-end processor sends a signature verification request containing the data to be signed and the third signature value to the signature verification server.
Step 121, the signature verification server receives the signature verification request, performs signature verification operation according to the triggering condition and the third signature result to obtain a signature verification result, and executes step 123;
the method specifically comprises the following steps:
step B1, the signature checking server judges whether the data to be signed has the trigger condition, if yes, the step B2 is executed, if not, the signature checking operation result is failure;
the specific steps of judging whether the data to be signed has the triggering conditions by the signature verification server are as follows:
the signature verification server judges whether the data to be signed has the trigger characteristic, and specifically, the signature verification server can judge whether the format of the data to be signed meets the specified format requirement.
Specifically, the data to be signed can be encoded by UTF-8 based on XML or JSON format. The XML element tag adopts a single English letter upper case form, and the element attribute adopts a single English letter lower case form. The transaction message does not include linefeed and space indentation.
The signature checking server judges whether the data to be signed has interactive characteristics, specifically, the interactive characteristics can be a transfer account, a transfer amount and a transfer object.
And when the signature verification server judges that the data to be signed has the triggering characteristics and the interactive characteristics, the signature verification front-end processor judges that the data to be signed has the triggering conditions, step B2 is executed, and if not, the signature verification operation result is failure.
And step B2, the signature verification server uses the public key of the special signature certificate to verify the signature of the third signature result, and judges whether the third signature result is legal, if so, the signature verification result is successful, and if not, the signature verification result is failed.
Wherein, the step B2 may specifically be:
and the signature verification server analyzes the third signature result by using the public key of the special signature certificate to obtain a fifth hash value, the signature verification server performs hash operation on the data to be signed to obtain a sixth hash value, and judges whether the fifth hash value is the same as the sixth hash value, if so, the signature verification result is successful, and if not, the signature verification result is failed.
Step 122, the signature verification server verifies the signature of the data to be signed according to the third signature result to obtain a signature verification result, and step 123 is executed;
specifically, the signature verification server analyzes the third signature result by using the public key of the general signature certificate to obtain a fifth hash value, the signature verification server performs hash operation on the data to be signed to obtain a sixth hash value, and judges whether the fifth hash value is the same as the sixth hash value, if so, the signature verification result is successful, and if not, the signature verification result is failed.
Step 123, the signature verification server sends the signature verification result to a signature verification front-end processor;
and step 124, the signature checking front-end processor sends the signature checking result to the client through the application server.
Example 3
The present embodiment provides an interactive digital signature system, as shown in fig. 5, including a client 301, a key device 302, and a registration device 303; wherein key device 302 is preset with a signing key pair;
the client 301 includes:
a first sending module 3011, configured to send a request for generating a private key pair to the second receiving module 3021; the first group packet module 3014 is further configured to send the packed data to the second receiving module 3021; also for sending the request of the special signature certificate generated by the first generating module 3013 to the third receiving module 3031; and also for sending data to be signed to the private key container of the key device 302; the fourth receiving module 3041 is further configured to send the signature data packet generated by the first generating module 3013 and the device information received by the first receiving module;
a first sending module 3012, configured to receive the public key of the private key pair sent by the second sending module 3023; also used for receiving the first signature result sent by the second sending module 3023; also used for receiving the special signature certificate sent by the third sending module 3035; also used for receiving the third signature result sent by the second sending module 3023;
a first generating module 3013, configured to generate a request for a special signature certificate according to the public key pair of the special key, the preset general signature certificate, and the first signature result; the signature data package is also used for generating a signature data package according to the data to be signed, the third signature result and the special signature certificate;
a first group packaging module 3014, configured to package the public key of the private key pair and a preset general signature certificate to obtain packaged data;
a saving module 3015, configured to save the special signature certificate sent by the third sending module 3035 to the key device 302;
the key device 302 includes:
a second receiving module 3021, configured to receive the request for generating the private key pair sent by the first sending module 3011; the first sending module 3011 is further configured to receive the packed data obtained by the first group of packet modules 3014; is also used for receiving the data to be signed sent by the first sending module 3011 to the private key container of the key device 302; receiving confirmation information of the user;
a second generating module 3022, configured to generate a private key pair in a private key container;
a second sending module 3023, configured to send the public key pair generated by the first generating module 3013 to the first sending module 3012; also for sending the first signature result generated by the second signature module 3024 to the first sending module 3012; also for the third signature result generated by the second signature module 3024 to be sent to the first sending module 3012;
the second signature module 3024 is configured to sign the packaged data obtained by the first group wrapping module 3014, and generate a first signature result; the private key of the key device 302 is used for signing the data to be signed by the private key to obtain a third signature result; the private key device 302 is used for signing the data to be signed by the private key to obtain a third signature result;
a second judging module 3025, configured to judge whether the dedicated key container is valid, judge whether a preset key container is valid, and judge whether the data to be signed has a trigger condition;
a prompt module 3026, configured to prompt the user to confirm;
a second ending module 3027, configured to end the flow;
the registration device 303 includes:
a third receiving module 3031, configured to receive the dedicated signature certificate request sent by the first sending module 3011;
a third determining module 3032, configured to determine whether the special signature certificate request is legal according to the general signature certificate and the first signature result;
a third generating module 3033, configured to generate a special signature certificate according to the unique identifier information of the registrar and the public key pair of the special key;
a third end module 3034, configured to end the flow;
a third sending module 3035, configured to send the special signature certificate to the first sending module 3012.
In the system of this embodiment, the system further includes an authentication device 304, and the authentication device 304 includes:
a fourth receiving module 3041, configured to receive the signature data packet and the device information sent by the first sending module 3011;
a fourth determining module 3042, configured to determine whether the signature certificate is the signature certificate of the user according to the received device information; the signature certificate is also used for judging whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant; the special signature certificate is also used for judging whether the special signature certificate is valid;
a fourth ending module 3043 for ending the flow;
a fourth signature verification module 3044, configured to verify the signature of the data to be signed according to the trigger condition and the third signature result to obtain a signature verification result; the signature verification module is also used for verifying the data to be signed according to the third signature result to obtain a signature verification result;
a fourth sending module 3045, configured to send the signature verification result obtained by the fourth signature verification module 3044 to the first sending module 3012.
In this embodiment, the first sending module 3011 is further configured to send a request for obtaining device information to the second receiving module 3021;
the first sending module 3012 is further configured to receive the device information sent by the second sending module 3023;
the second receiving module 3021 is further configured to receive a device information request;
the second sending module 3023 is further configured to send the device information to the first sending module 3012;
a first generating module 3013, specifically configured to generate unique user identification information according to the device information; the special signature certificate request is also generated according to the unique identification information of the user, the public key of the special key pair, the preset general signature certificate and the first signature result; the signature data package is also used for generating a signature data package according to the data to be signed, the third signature result and the special signature certificate;
the third generating module 3033 is specifically configured to generate a special signature certificate according to the unique identifier information of the registrar, the unique identifier information of the user, and the private key pair public key, and send the special signature certificate to the client 301.
In this embodiment, the registration device 303 further includes:
the third analysis module is used for analyzing the special signature certificate request to obtain the unique identification information of the user, and the special key is used for the public key, the general signature certificate and the first signature result; the public key in the general signature certificate is used for analyzing the first signature result to obtain a first hash value;
the third group package module is used for packaging the unique identification information of the user, the general signature certificate and the private key pair public key to obtain packaged data;
the third calculation module is used for performing hash calculation on the packed data obtained by the third group of packing modules to obtain a second hash value;
the third determining module 3032 is specifically configured to determine whether the first hash value and the second hash value are the same, if so, determine that the request for the special-purpose signing certificate is legal, and if not, determine that the request for the special-purpose signing certificate is illegal.
In this embodiment, the registration device 303 further includes:
the third signature module is used for carrying out signature operation on the private key pair public key, the unique user identification information and the unique registrant identification information by using a private key in the registrant root directory certificate to obtain a second signature result;
the third generating module 3033 is specifically configured to compose the private key pair public key, the unique user identification information, the unique registrant identification information, and the second signature result into a private signature certificate.
In this embodiment, the second determining module 3025 is specifically configured to determine whether all of the following conditions are met:
1) satisfying the conditions required for generating the digital signature;
2) the authority requirement required by generating the digital signature is met;
3) the data to be signed has a trigger characteristic.
In the present embodiment, satisfying the conditions required for generating the digital signature includes: the algorithm used for generating the digital signature is a specified algorithm; compliance with the rights requirements needed to generate a digital signature includes: verifying the personal identification code to be in a valid state; the data to be signed has the triggering characteristics that: the format of the data to be signed conforms to the specified format requirement.
In this embodiment, the verification device 304 further includes:
a fourth parsing module, configured to parse the signature data packet received by the fourth receiving module 3041 to obtain device information and a signature certificate;
a fourth determining module 3042, specifically configured to determine whether the analyzed device information is the same as the received device information, if so, the signature certificate is the signature certificate of the user, and if not, the dedicated signature certificate is not the signature certificate of the user; the signature certificate is also used for judging whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant; the special signature certificate is also used for judging whether the special signature certificate is valid;
in this embodiment, the verification device 304 further includes:
a fourth parsing module, configured to parse the signature data packet received by the fourth receiving module 3041 to obtain a special signature certificate, and parse the special signature certificate to obtain a second signature result;
a fourth determining module 3042, specifically configured to determine whether the signature certificate is the signature certificate of the user according to the received device information; the special signature certificate is also used for judging whether a second signature result in the special signature certificate is legal or not; if yes, the special signature certificate is judged to be valid, and if not, the special signature certificate is judged to be invalid.
In this embodiment, the fourth determining module 3042 is further configured to determine whether the certificate chain in the special-purpose signing certificate is legal, if so, determine that the second signing result in the special-purpose signing certificate is legal, and if not, determine that the second signing result in the special-purpose signing certificate is illegal.
In this embodiment, the fourth determining module 3042 is further configured to determine whether the date in the special signature certificate is valid, if so, determine that the second signature result in the special signature certificate is legal, and if not, determine that the second signature result in the special signature certificate is illegal.
In this embodiment, the fourth determining module 3042 determining whether the certificate chain in the special signature certificate is legal specifically includes: the judging module judges whether the certificate chain in the special signature certificate contains the digital certificate of the special sub-certificate authority, if so, the certificate chain in the special signature certificate is legal, and if not, the certificate chain in the special signature certificate is illegal.
In this embodiment, the fourth signature verification module 3044 is specifically configured to determine whether the data to be signed has the trigger condition when the fourth determination module 3042 determines that the special signature certificate is valid, if the data to be signed has the trigger condition, determine whether the third signature result is legal by using the public key of the special signature certificate, and if the third signature result is legal, obtain the signature verification result as successful; and if the data to be signed does not have the triggering condition, the signature verification result is a failure.
In this embodiment, the determining, by the fourth signature verification module 3044, whether the data to be signed has the trigger condition specifically includes: the fourth signature verification module 3044 determines whether the data to be signed has the trigger feature and the interaction feature, if yes, it determines that the data to be signed has the trigger condition, and if not, the data to be signed does not have the trigger condition.
In this embodiment, the triggering characteristic is to meet a specified format requirement, and the interactive characteristic is to have a transfer person, a transfer amount, and a transfer object.
Example 4
The embodiment provides an interactive digital signature verification method, as shown in fig. 6, which includes the following steps:
step B100, the signature checking party receives the signature data packet and the equipment information sent by the secret key equipment;
step B101, the signature checking party judges whether the signature certificate in the signature data packet is the signature certificate of the user according to the received equipment information, if so, step B102 is executed, and if not, the process is finished;
step B102, the signatory judges whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant, if the signature certificate is the special signature certificate, step B103 is executed, and if the signature certificate is the general signature certificate, step B105 is executed;
step B103, the signature checking party judges whether the special signature certificate is valid, if so, step B104 is executed, and if not, the process is ended;
step B104, the signature checking party checks the signature of the data to be signed according to the triggering condition and the third signature result to obtain a signature checking result, and sends the signature checking result to the client; and (6) ending.
Step B105, the signature checking party checks the signature of the data to be signed according to the third signature result to obtain a signature checking result, and sends the signature checking result to the client; and (6) ending.
In this embodiment, the receiving, by the verifier, the signature data packet and the device information in step B100 further includes: the signature verifying party analyzes the signature data packet to obtain equipment information and a signature certificate;
in step B101, the verifying party determines whether the special signature certificate is the signature certificate of the user according to the received device information, specifically: and the signature verifier judges whether the analyzed device information is the same as the received device information, if so, the signature certificate is the signature certificate of the user, and if not, the signature certificate is not the signature certificate of the user.
In this embodiment, the step B103 of determining whether the private signature certificate is valid by the signer includes: the signature verifying party analyzes the special signature certificate to obtain a second signature result; and the signature checking party judges whether the second signature result in the special signature certificate is legal or not, if so, the special signature certificate is valid, and if not, the special signature certificate is invalid.
In this embodiment, the determining, by the signer, whether the second signature result in the special signature certificate is legal further includes: and the signature checking party judges whether the certificate chain in the special signature certificate is legal or not, if so, the second signature result in the special signature certificate is legal, and if not, the second signature result in the special signature certificate is illegal.
In this embodiment, the determining, by the signer, whether the second signature result in the special signature certificate is legal further includes: and the signature checking party judges whether the date in the special signature certificate is valid, if so, the second signature result in the special signature certificate is legal, and if not, the second signature result in the special signature certificate is illegal.
In this embodiment, the specific step of the signer determining whether the certificate chain in the special signature certificate is legal is: and judging whether the certificate chain in the special signature certificate contains the digital certificate of the special sub-certificate authority, if so, determining that the certificate chain in the special signature certificate is legal, and if not, determining that the certificate chain in the special signature certificate is illegal.
In this embodiment, the step B104 of the signature verifying party verifying the data to be signed according to the trigger condition and the third signature result includes: the signature checking party judges whether the data to be signed has the triggering condition, if so, the public key of the special signature certificate is used for judging whether the third signature result is legal, and if so, the signature checking result is successful; and if the data to be signed does not have the triggering condition, the signature verification result is failure.
In this embodiment, the judging, by the signer, whether the data to be signed has the trigger condition specifically includes: and the signature checking party judges whether the data to be signed has the triggering characteristics and the interactive characteristics, if so, the data to be signed has the triggering conditions, and if not, the data to be signed does not have the triggering conditions.
In this embodiment, the judging, by the signer, whether the data to be signed has the trigger feature and the interactive feature includes: and the signature checking server judges whether the format to be signed meets the specified format requirement or not and has the interactive characteristics of the account transfer person, the transfer amount and the transfer object.
Example 5
The present embodiment provides an interactive digital signature verification apparatus, which includes, as shown in fig. 7:
a fourth receiving module 6011, configured to receive the signature packet and the device information sent by the client;
a fourth determining module 6012, configured to determine whether the signature certificate is a signature certificate of the user according to the received device information; the signature certificate is also used for judging whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant; the special signature certificate is also used for judging whether the special signature certificate is valid;
a fourth ending module 6013, configured to end the flow;
a fourth signature verification module 6014, configured to verify the signature of the data to be signed according to the trigger condition and the third signature result to obtain a signature verification result; (ii) a The signature verification module is also used for verifying the data to be signed according to the third signature result to obtain a signature verification result;
a fourth sending module 6015, configured to send the signature verification result obtained by the fourth signature verification module 6014 to the client.
In this embodiment, the authentication apparatus further includes:
a fourth parsing module, configured to parse the signature data packet received by the fourth receiving module 6011 to obtain the device information and the signature certificate;
a fourth determining module 6012, configured to specifically determine whether the analyzed device information is the same as the received device information, if yes, the signature certificate is a signature certificate of the user, and if not, the dedicated signature certificate is not the signature certificate of the user; the signature certificate is also used for judging whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant; the special signature certificate is also used for judging whether the special signature certificate is valid;
in this embodiment, the authentication apparatus further includes:
the fourth analysis module is also used for analyzing the special signature certificate to obtain a second signature result;
a fourth determining module 6012, configured to determine whether the signature certificate is the signature certificate of the user according to the received device information; the special signature certificate is also used for judging whether a second signature result in the special signature certificate is legal or not; if yes, the special signature certificate is judged to be valid, and if not, the special signature certificate is judged to be invalid.
In this embodiment, the fourth determining module 6012 is further configured to determine whether a certificate chain in the special-purpose signing certificate is legal, if so, determine that a second signature result in the special-purpose signing certificate is legal, and if not, determine that the second signature result in the special-purpose signing certificate is illegal.
In this embodiment, the fourth determining module 6012 is further configured to determine whether a date in the special-purpose signing certificate is valid, if so, determine that a second signature result in the special-purpose signing certificate is legal, and if not, determine that the second signature result in the special-purpose signing certificate is illegal.
In this embodiment, the fourth determining module 6012 determines whether the certificate chain in the special-purpose signature certificate is legal specifically as follows: the judging module judges whether the certificate chain in the special signature certificate contains the digital certificate of the special sub-certificate authority, if so, the certificate chain in the special signature certificate is legal, and if not, the certificate chain in the special signature certificate is illegal.
In this embodiment, the fourth signature verification module 6014 is specifically configured to determine whether the data to be signed has a trigger condition when the fourth determination module 6012 determines that the special signature certificate is valid, if the data to be signed has the trigger condition, determine whether the third signature result is legal by using a public key of the special signature certificate, and if the third signature result is legal, obtain a successful signature verification result; and if the data to be signed does not have the triggering condition, the signature verification result is a failure.
In this embodiment, the determining, by the fourth signature verification module 6014, whether the data to be signed has the trigger condition specifically includes: the fourth signature verification module 6014 determines whether the data to be signed has the trigger feature and the interactive feature, if so, determines that the data to be signed has the trigger condition, and if not, determines that the data to be signed does not have the trigger condition.
In this embodiment, the triggering characteristic is to meet a specified format requirement, and the interactive characteristic is to have a transfer person, a transfer amount, and a transfer object.
The above description is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (48)
1. A method of interactive digital signature, the method comprising a registration process and an application process, wherein the registration process comprises:
step S1, the client sends a request for generating a private key pair to the key device having the preset signature key pair;
step S2, the key device receives the request for generating the private key pair, generates a private key pair in a private key container, and sends a private key pair public key of the private key pair to the client;
step S3, the client receives the private key pair public key, packages the private key pair public key and a preset general signature certificate to obtain packaged data, and sends the packaged data to the key device;
step S4, the key device signs the received packaged data with a preset signing key pair, generates a first signing result, and sends the first signing result to the client;
step S5, the client receives the first signature result, generates a special signature certificate request according to the private key pair public key, the general signature certificate and the first signature result, and sends the special signature certificate request to a registrant;
step S6, the registrant receives the request of the special signature certificate, judges whether the request of the special signature certificate is legal or not according to the general signature certificate and the first signature result, if so, executes step S7, if not, ends;
step S7, the registrant generates a special signature certificate according to the unique identification information of the registrant and the public key of the special key pair, and sends the special signature certificate to the client;
step S8, the client saves the private signature certificate to the key device;
the application process comprises the following steps:
step S11, the client sends data to be signed to the private key container of the key device;
step S12, the key device determines whether the private key container is valid, if yes, go to step S13; if not, the key device judges whether a preset key container is valid, if so, the step S15 is executed, otherwise, the operation is finished;
step S13, the key device judges whether the data to be signed has the trigger condition, if yes, the key device prompts the user to confirm, step S14 is executed, if no, the process is finished;
step S14, after the key device receives the confirmation information of the user, the private key of the key device is used to sign the data to be signed to obtain a third signature result, and step S16 is executed;
step S15, the secret key device signs the data to be signed by using the preset secret key of the secret key device to obtain a third signing result, and step S16 is executed;
step S16, the key device sends the third signature result to the client.
2. The method according to claim 1, wherein said step S16 is followed by the step of:
step S17, the client receives the third signature result, generates a signature data packet according to the data to be signed, the third signature result and the signature certificate, and sends the signature data packet and the equipment information to a signature verifier;
step S18, the signature verifier receives the signature data packet and the device information;
step S19, the signer judges whether the signature certificate in the signature data packet is the signature certificate of the user according to the received equipment information, if so, the step S20 is executed, and if not, the process is ended;
step S20, the signer judges whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant, if the signature certificate is the special signature certificate, step S21 is executed, and if the signature certificate is the general signature certificate, step S23 is executed;
step S21, the signer judges whether the special signature certificate is valid, if yes, step S22 is executed, if no, the process is ended;
step S22, the signature checking party checks the signature of the data to be signed according to the triggering condition and the third signature result to obtain a signature checking result, and sends the signature checking result to the client, and the operation is finished;
and step S23, the signature checking party checks the data to be signed according to the third signature result to obtain a signature checking result, and sends the signature checking result to the client, and the operation is finished.
3. The method of claim 1, further comprising, before the step S1 or after the step S2, the steps of:
step Sa1, the client sends a request for obtaining device information to the key device;
step Sa2, the key device receives the request for obtaining device information, and sends the device information to the client;
the step S3 specifically includes: the client receives the equipment information, generates unique user identification information according to the equipment information, packages the unique user identification information, a private key pair public key and a preset general signature certificate to obtain packaged data, and sends the packaged data to the key equipment;
the step S7 specifically includes: and the registrant generates a special signature certificate according to the unique registrant identification information, the unique user identification information and the private key pair public key, and sends the special signature certificate to the client.
4. The method according to claim 3, wherein the step S6 of the registrant judging whether the private-signed certificate request is legitimate according to the general-signed certificate and the first signature result includes:
the registrant analyzes the special signature certificate request to obtain unique identification information of the user, a public key of a special key pair, a general signature certificate and a first signature result; the public key in the general signature certificate is used for analyzing a first signature result to obtain a first hash value, the unique identification information of the user, the general signature certificate and the special key are packaged with the public key to obtain packaged data, hash calculation is carried out on the packaged data to obtain a second hash value, whether the first hash value and the second hash value are the same or not is judged, if yes, the special signature certificate request is legal, and if not, the special signature certificate request is illegal.
5. The method as claimed in claim 3, wherein the step S7, the step of generating the private signature certificate by the registrar according to the unique identifier of the registrar and the public key of the private key pair includes: the registrant uses a private key in a registrant root directory certificate to perform signature operation on the private key pair public key, the user unique identification information and the registrant unique identification information to obtain a second signature result; and forming a special signature certificate by the public key of the special key pair, the unique identification information of the user, the unique identification information of the registrant and a second signature result.
6. The method according to claim 1, wherein the step S13 of the key device determining whether the data to be signed has a trigger condition specifically includes: the key device determines whether all of the following conditions are met:
1) the key device judges that a condition required for generating a digital signature is satisfied;
2) the key device judges that the authority requirement required by generating the digital signature is met;
3) and the key device judges that the data to be signed has the trigger characteristic.
7. The method of claim 6, wherein the key device determining that conditions required to generate a digital signature are met comprises: the key device judges that the algorithm used for generating the digital signature is a specified algorithm; the key device determining compliance with the requirements for rights required to generate the digital signature includes: the secret key judges that the verification of the personal identification code is in an effective state; the key device judging that the data to be signed has the trigger characteristics comprises the following steps: and the key device judges that the format of the data to be signed meets the specified format requirement.
8. The method of claim 2, wherein the step S18 of the signer receiving the signature data packet and the device information further comprises: the signature verifying party analyzes the signature data packet to obtain equipment information and the signature certificate;
in step S19, the verifying party determines, according to the received device information, whether the special signature certificate is a signature certificate of the user, specifically: and the signature verifier judges whether the analyzed device information is the same as the received device information, if so, the signature certificate is the signature certificate of the user, and if not, the signature certificate is not the signature certificate of the user.
9. The method of claim 8,
the step S21 of the signer determining whether the private signature certificate is valid includes: the signature verifying party analyzes the signature data packet to obtain a special signature certificate, and analyzes the special signature certificate to obtain a second signature result; and the signature checking party judges whether a second signature result in the special signature certificate is legal or not, if so, the special signature certificate is valid, and if not, the special signature certificate is invalid.
10. The method of claim 8, wherein the signer determining whether the second signature result in the private-signed certificate is legitimate further comprises: and the signature checking party judges whether the certificate chain in the special signature certificate is legal or not, if so, the second signature result in the special signature certificate is legal, and if not, the second signature result in the special signature certificate is illegal.
11. The method of claim 8, wherein the signer determining whether the second signature result in the private-signed certificate is legitimate further comprises: and the signature checking party judges whether the date in the special signature certificate is valid, if so, the second signature result in the special signature certificate is legal, and if not, the second signature result in the special signature certificate is illegal.
12. The method of claim 10, wherein the verifying the signer determining whether the certificate chain in the private-signed certificate is legitimate specifically is: and judging whether the certificate chain in the special signature certificate contains the digital certificate of the special sub-certificate authority, if so, determining that the certificate chain in the special signature certificate is legal, and if not, determining that the certificate chain in the special signature certificate is illegal.
13. The method as claimed in claim 2, wherein the step S22 of the signer performing the signature verification on the data to be signed according to the trigger condition and the third signature result includes: the signature checking party judges whether the data to be signed has a trigger condition, if so, the public key of the special signature certificate is used for judging whether a third signature result is legal, and if so, the signature checking result is successful; and if the data to be signed does not have the triggering condition, the signature verification result is failure.
14. The method of claim 13, wherein the determining, by the signer, whether the data to be signed has the trigger condition specifically comprises: the signature checking party judges whether the data to be signed has the triggering characteristics and the interactive characteristics, if so, the data to be signed has the triggering conditions, and if not, the data to be signed does not have the triggering conditions.
15. The method of claim 14, wherein the signer determining whether the data to be signed is characterized by trigger features and interactive features comprises: and the signature checking server judges whether the format to be signed meets the specified format requirement or not and has the interactive characteristics of the account transfer person, the transfer amount and the transfer object.
16. An interactive digital signature system comprises a client, a key device and a registration device; wherein the key device has a preset signature key pair;
the client comprises:
the first sending module is used for sending a request for generating a private key pair to the second receiving module; the first group of packet modules is used for sending the packed data obtained by the first group of packet modules to the second receiving module; the first generation module is used for generating a special signature certificate request; further configured to send data to be signed to the private key container of the key device; the signature data packet generated by the first generation module and the device information received by the first receiving module are also sent to the fourth receiving module;
the first receiving module is used for receiving the private key pair public key sent by the second sending module; the first signature result is also used for receiving the first signature result sent by the second sending module; the special signature certificate is also used for receiving the special signature certificate sent by the third sending module; the second sending module is also used for sending a third signature result;
a first generation module, configured to generate a private signature certificate request according to the private key pair public key, a preset general signature certificate, and the first signature result; the signature data package is also used for generating a signature data package according to the data to be signed, the third signature result and the special signature certificate;
the first group packaging module is used for packaging the private key pair public key and a preset general signature certificate to obtain packaged data;
the storage module is used for storing the special signature certificate sent by the third sending module to the key device;
the key device includes:
a second receiving module, configured to receive the request for generating the private key pair sent by the first sending module; the first sending module is further configured to send the first group packet module to the second sending module; the key device is also used for receiving data to be signed sent to the private key container of the key device by the first sending module; receiving confirmation information of the user;
a second generation module for generating a private key pair in a private key container;
a second sending module, configured to send the public key of the private key pair generated by the first generating module to the first receiving module; the first signature module is also used for sending a first signature result generated by the second signature module to the first receiving module; the first signature module is also used for sending a third signature result generated by the second signature module to the first receiving module;
the second signature module is used for signing the packaged data obtained by the first group of package modules to generate a first signature result; the private key of the key device is used for signing the data to be signed by the private key to obtain a third signature result; the private key equipment is used for signing the data to be signed by using a private key to obtain a third signature result;
the second judgment module is used for judging whether the special key container is valid, judging whether the preset key container is valid, and judging whether the data to be signed has a trigger condition;
the prompting module is used for prompting a user to confirm;
a second ending module for ending the flow;
the registration apparatus includes:
a third receiving module, configured to receive the special signature certificate request sent by the first sending module;
a third judging module, configured to judge whether the special signature certificate request is legal according to the general signature certificate and the first signature result;
a third generation module, configured to generate a private signature certificate according to the unique identifier information of the registrar and the private key pair public key;
a third ending module for ending the flow;
and the third sending module is used for sending the special signature certificate to the first receiving module.
17. The system of claim 16, wherein the system further comprises an authentication device, the authentication device comprising:
a fourth receiving module, configured to receive the signature packet and the device information sent by the first sending module;
the fourth judging module is used for judging whether the signature certificate is the signature certificate of the user according to the received equipment information; the signature certificate is also used for judging whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant; the special signature certificate is also used for judging whether the special signature certificate is valid;
a fourth ending module for ending the flow;
the fourth signature verification module is used for verifying the signature of the data to be signed according to the triggering condition and the third signature result to obtain a signature verification result; the signature verification module is further used for verifying the signature of the data to be signed according to the third signature result to obtain a signature verification result;
and the fourth sending module is used for sending the signature verification result obtained by the fourth signature verification module to the first receiving module.
18. The system of claim 16,
the first sending module is further configured to send a request for obtaining device information to the second receiving module;
the first receiving module is also used for receiving the equipment information sent by the second sending module;
the second receiving module is further configured to receive the device information request;
the second sending module is further configured to send the device information to the first receiving module;
the first generating module is specifically configured to generate user unique identification information according to the device information; the special signature certificate request is also used for generating a special signature certificate request according to the unique user identification information, the public key of the special key pair, a preset general signature certificate and the first signature result; the signature data package is also used for generating a signature data package according to the data to be signed, the third signature result and the special signature certificate;
the third generating module is specifically configured to generate a special signature certificate according to the unique identifier information of the registrar, the unique identifier information of the user, and the private key pair public key, and send the special signature certificate to the client.
19. The system of claim 18, wherein the registration device further comprises:
the third analysis module is used for analyzing the special signature certificate request to obtain the unique identification information of the user, and the special key is used for a public key, a general signature certificate and a first signature result; the public key in the general signature certificate is used for analyzing the first signature result to obtain a first hash value;
the third group package module is used for packaging the unique identification information of the user, the general signature certificate and the private key pair public key to obtain packaged data;
the third calculation module is used for performing hash calculation on the packed data obtained by the third group of packing modules to obtain a second hash value;
the third judging module is specifically configured to judge whether the first hash value and the second hash value are the same, if so, judge that the request for the special signature certificate is legal, and if not, judge that the request for the special signature certificate is illegal.
20. The system of claim 18, wherein the registration device further comprises:
the third signature module is used for carrying out signature operation on the private key pair public key, the user unique identification information and the registrant unique identification information by using a private key in the registrant root directory certificate to obtain a second signature result;
the third generating module is specifically configured to combine the private key pair public key, the unique user identification information, the unique registrant identification information, and the second signature result into a private signature certificate.
21. The system of claim 16,
the second judging module is specifically configured to judge whether all of the following conditions are met:
1) satisfying the conditions required for generating the digital signature;
2) the authority requirement required by generating the digital signature is met;
3) the data to be signed has a trigger characteristic.
22. The system of claim 21,
the conditions required for generating the digital signature are satisfied by: the algorithm used for generating the digital signature is a specified algorithm; the compliance with the rights requirements required to generate the digital signature includes: verifying the personal identification code to be in a valid state; the data to be signed has the triggering characteristics that: and the format of the data to be signed conforms to the specified format requirement.
23. The system of claim 17, wherein the authentication device further comprises:
the fourth analysis module is used for analyzing the signature data packet received by the fourth receiving module to obtain equipment information and a signature certificate;
the fourth judging module is specifically configured to judge whether the device information obtained through analysis is the same as the received device information, if so, the signature certificate is a signature certificate of the user, and if not, the special signature certificate is not a signature certificate of the user; the signature certificate is also used for judging whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant; and is further configured to determine whether the private signature certificate is valid.
24. The system of claim 17, wherein the authentication device further comprises:
the fourth analysis module is used for analyzing the signature data packet received by the fourth receiving module to obtain a special signature certificate, and analyzing the special signature certificate to obtain a second signature result;
the fourth judging module is specifically configured to judge whether the signature certificate is a signature certificate of a user according to the received device information; the special signature certificate is also used for judging whether a second signature result in the special signature certificate is legal or not; if yes, the special signature certificate is judged to be valid, and if not, the special signature certificate is judged to be invalid.
25. The system of claim 24,
the fourth judging module is further configured to judge whether the certificate chain in the special signature certificate is legal, if so, judge that the second signature result in the signature certificate is legal, and if not, judge that the second signature result in the special signature certificate is illegal.
26. The system of claim 25,
the fourth judging module is further configured to judge whether the date in the special signature certificate is valid, if so, judge that the second signature result in the signature certificate is legal, and if not, judge that the second signature result in the special signature certificate is illegal.
27. The system according to claim 25, wherein the fourth determining module determines whether the certificate chain in the private-signed certificate is legal specifically by: the judging module judges whether the certificate chain in the special signature certificate contains the digital certificate of the special sub-certificate authority, if so, the certificate chain in the special signature certificate is legal, and if not, the certificate chain in the special signature certificate is illegal.
28. The system of claim 17,
the fourth signature verification module is specifically configured to, when the fourth determination module determines that the special signature certificate is valid, determine whether the data to be signed has a trigger condition, if the data to be signed has the trigger condition, determine whether a third signature result is legal by using a public key of the special signature certificate, and if the third signature result is legal, obtain a signature verification result as successful; and if the data to be signed does not have the triggering condition, the signature verification result is a failure.
29. The system of claim 28, wherein the fourth signature verification module determining whether the data to be signed has a trigger condition specifically comprises: the fourth signature checking module judges whether the data to be signed has the triggering characteristics and the interactive characteristics, if so, the data to be signed is judged to have the triggering conditions, and if not, the data to be signed does not have the triggering conditions.
30. The system of claim 29 wherein the triggering characteristic is compliance with a specified format requirement and the interactive characteristic is having a transferor, a transfer amount, and a transfer object.
31. A signature verification method for interactive digital signatures, the method comprising:
step S100, a signature checking party receives a signature data packet and equipment information sent by key equipment;
step S101, the signature checking party judges whether the signature certificate in the signature data packet is the signature certificate of the user according to the received equipment information, if so, step S102 is executed, and if not, the process is finished;
step S102, the signatory judges whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant, if the signature certificate is the special signature certificate, step S103 is executed, and if the signature certificate is the general signature certificate, step S105 is executed;
step S103, the signature checking party judges whether the special signature certificate is valid, if so, step S104 is executed, and if not, the process is ended;
step S104, the signature checking party checks the signature of the data to be signed according to the triggering condition and the third signature result to obtain a signature checking result, and sends the signature checking result to the client; finishing;
step S105, the signature checking party checks the signature of the data to be signed according to the third signature result to obtain a signature checking result, and sends the signature checking result to the client; and (6) ending.
32. The method of claim 31, wherein the receiving of the signature packet and the device information by the signer in step S100 further comprises: the signature verifying party analyzes the signature data packet to obtain equipment information and the signature certificate;
in step S101, the verifying party determines, according to the received device information, whether the special signature certificate is a signature certificate of the user, specifically: and the signature verifier judges whether the analyzed device information is the same as the received device information, if so, the signature certificate is the signature certificate of the user, and if not, the signature certificate is not the signature certificate of the user.
33. The method of claim 32,
the step S103 of determining whether the private signature certificate is valid by the signer includes: the signature verifying party analyzes the special signature certificate to obtain a second signature result; and the signature checking party judges whether a second signature result in the special signature certificate is legal or not, if so, the special signature certificate is valid, and if not, the special signature certificate is invalid.
34. The method of claim 33, wherein the verifier determining whether the second signature result in the private-signed certificate is legitimate further comprises: and the signature checking party judges whether the certificate chain in the special signature certificate is legal or not, if so, the second signature result in the special signature certificate is legal, and if not, the second signature result in the special signature certificate is illegal.
35. The method of claim 33, wherein the verifier determining whether the second signature result in the private-signed certificate is legitimate further comprises: and the signature checking party judges whether the date in the special signature certificate is valid, if so, the second signature result in the special signature certificate is legal, and if not, the second signature result in the special signature certificate is illegal.
36. The method of claim 34, wherein the verifying the signer determining whether the certificate chain in the private-signed certificate is legitimate specifically is: and judging whether the certificate chain in the special signature certificate contains the digital certificate of the special sub-certificate authority, if so, determining that the certificate chain in the special signature certificate is legal, and if not, determining that the certificate chain in the special signature certificate is illegal.
37. The method of claim 31, wherein the verifying the data to be signed by the signer according to the trigger condition and the third signature result in step S104 comprises: the signature checking party judges whether the data to be signed has a trigger condition, if so, the public key of the special signature certificate is used for judging whether a third signature result is legal, and if so, the signature checking result is successful; and if the data to be signed does not have the triggering condition, the signature verification result is failure.
38. The method of claim 37, wherein the verifying the signer determining whether the data to be signed has the trigger condition specifically comprises: the signature checking party judges whether the data to be signed has the triggering characteristics and the interactive characteristics, if so, the data to be signed has the triggering conditions, and if not, the data to be signed does not have the triggering conditions.
39. The method of claim 38, wherein the signer determining whether the data to be signed is characterized by trigger features and interactive features comprises: and the signature checking server judges whether the format to be signed meets the specified format requirement or not and has the interactive characteristics of the account transfer person, the transfer amount and the transfer object.
40. An interactive digital signature verification device, comprising:
the fourth receiving module is used for receiving the signature data packet and the equipment information sent by the client;
the fourth judging module is used for judging whether the signature certificate is the signature certificate of the user according to the received equipment information; the signature certificate is also used for judging whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant; the special signature certificate is also used for judging whether the special signature certificate is valid;
a fourth ending module for ending the flow;
the fourth signature verification module is used for verifying the signature of the data to be signed according to the triggering condition and the third signature result to obtain a signature verification result; the signature verification module is further used for verifying the signature of the data to be signed according to the third signature result to obtain a signature verification result;
and the fourth sending module is used for sending the signature verification result obtained by the fourth signature verification module to the client.
41. The authentication device of claim 40, wherein the authentication device further comprises:
the fourth analysis module is used for analyzing the signature data packet received by the fourth receiving module to obtain equipment information and a signature certificate;
the fourth judging module is specifically configured to judge whether the device information obtained through analysis is the same as the received device information, if so, the signature certificate is a signature certificate of the user, and if not, the special signature certificate is not a signature certificate of the user; the signature certificate is also used for judging whether the signature certificate is a special signature certificate or a general signature certificate according to the unique identification information of the registrant; and is further configured to determine whether the private signature certificate is valid.
42. The authentication device of claim 41, wherein the authentication device further comprises:
the fourth analysis module is also used for analyzing the special signature certificate to obtain a second signature result;
the fourth judging module is specifically configured to judge whether the signature certificate is a signature certificate of a user according to the received device information; the special signature certificate is also used for judging whether a second signature result in the special signature certificate is legal or not; if yes, the special signature certificate is judged to be valid, and if not, the special signature certificate is judged to be invalid.
43. The authentication device of claim 42,
the fourth judging module is further configured to judge whether the certificate chain in the special signature certificate is legal, if so, judge that the second signature result in the signature certificate is legal, and if not, judge that the second signature result in the special signature certificate is illegal.
44. The authentication device of claim 42,
the fourth judging module is further configured to judge whether the date in the special signature certificate is valid, if so, judge that the second signature result in the signature certificate is legal, and if not, judge that the second signature result in the special signature certificate is illegal.
45. The apparatus for verifying as claimed in claim 43, wherein the fourth determining module determines whether the certificate chain in the private-signed certificate is legal specifically as: the judging module judges whether the certificate chain in the special signature certificate contains the digital certificate of the special sub-certificate authority, if so, the certificate chain in the special signature certificate is legal, and if not, the certificate chain in the special signature certificate is illegal.
46. The authentication device of claim 42,
the fourth signature verification module is specifically configured to, when the fourth determination module determines that the special signature certificate is valid, determine whether the data to be signed has a trigger condition, if the data to be signed has the trigger condition, determine whether a third signature result is legal by using a public key of the special signature certificate, and if the third signature result is legal, obtain a signature verification result as successful; and if the data to be signed does not have the triggering condition, the signature verification result is a failure.
47. The verification apparatus according to claim 46, wherein the fourth signature verification module determining whether the data to be signed has a trigger condition specifically includes: the fourth signature checking module judges whether the data to be signed has the triggering characteristics and the interactive characteristics, if so, the data to be signed is judged to have the triggering conditions, and if not, the data to be signed does not have the triggering conditions.
48. The authentication device of claim 47, wherein the triggering characteristic is compliance with a specified format requirement and the interactive characteristic is having a transferor, a transfer amount, and a transfer object.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910458900.3A CN110189125B (en) | 2019-05-29 | 2019-05-29 | Interactive digital signature method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910458900.3A CN110189125B (en) | 2019-05-29 | 2019-05-29 | Interactive digital signature method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110189125A CN110189125A (en) | 2019-08-30 |
| CN110189125B true CN110189125B (en) | 2021-04-27 |
Family
ID=67718723
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910458900.3A Active CN110189125B (en) | 2019-05-29 | 2019-05-29 | Interactive digital signature method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110189125B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110189125B (en) * | 2019-05-29 | 2021-04-27 | 飞天诚信科技股份有限公司 | Interactive digital signature method and system |
| CN112511297B (en) * | 2020-11-30 | 2022-03-11 | 郑州信大捷安信息技术股份有限公司 | Method and system for updating key pair and digital certificate |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5809144A (en) * | 1995-08-24 | 1998-09-15 | Carnegie Mellon University | Method and apparatus for purchasing and delivering digital goods over a network |
| CN104852806A (en) * | 2015-05-15 | 2015-08-19 | 飞天诚信科技股份有限公司 | Method for realizing signature based on secret key type |
| CN110189125A (en) * | 2019-05-29 | 2019-08-30 | 飞天诚信科技股份有限公司 | A kind of method and system of interactive digital signature |
-
2019
- 2019-05-29 CN CN201910458900.3A patent/CN110189125B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5809144A (en) * | 1995-08-24 | 1998-09-15 | Carnegie Mellon University | Method and apparatus for purchasing and delivering digital goods over a network |
| CN104852806A (en) * | 2015-05-15 | 2015-08-19 | 飞天诚信科技股份有限公司 | Method for realizing signature based on secret key type |
| CN110189125A (en) * | 2019-05-29 | 2019-08-30 | 飞天诚信科技股份有限公司 | A kind of method and system of interactive digital signature |
Non-Patent Citations (1)
| Title |
|---|
| "自主标准化密码应用体系下带复核的电子签名方案设计";朱鹏飞 等;《信息网络安全》;20150930;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110189125A (en) | 2019-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108881310B (en) | Registration system and working method thereof | |
| CN107463806B (en) | Signature and signature verification method for Android application program installation package | |
| CN109150541B (en) | Authentication system and working method thereof | |
| CN106067849B (en) | Digital signature method and device suitable for PDF document | |
| TWI241104B (en) | Device, method and system for validating security credentials | |
| CN101631022B (en) | Signing method and system thereof | |
| US7840804B2 (en) | Attribute certificate validation method and device | |
| US20120324229A1 (en) | System and method for generating keyless digital multi-signatures | |
| US20020038290A1 (en) | Digital notary system and method | |
| CN104753674B (en) | A kind of verification method and equipment of application identity | |
| CN110570569B (en) | Activation method of virtual key configuration information, mobile terminal and server | |
| CN102281138B (en) | Method and system for improving safety of verification code | |
| CN110189125B (en) | Interactive digital signature method and system | |
| WO2020035009A1 (en) | Authentication system and working method therefor | |
| CN110943844B (en) | Electronic document security signing method and system based on local service of webpage client | |
| CN110611647A (en) | Node joining method and device on block chain system | |
| WO2005107146A1 (en) | Trusted signature with key access permissions | |
| CN112543184B (en) | Block chain-based equipment authentication activation method | |
| EP2596595B1 (en) | Method and system for secure electronic signing | |
| CN108496194A (en) | A kind of method, server-side and the system of verification terminal legality | |
| CN107506207A (en) | The safe verification method and terminal of a kind of POS | |
| CN114900316A (en) | Block chain-based rapid identity authentication method and system for Internet of things equipment | |
| EP1398903B1 (en) | Digital signature validation and generation | |
| CN110097372A (en) | A kind of contract online verification method | |
| CN107896221A (en) | A kind of account binding method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |