CN111385095A - Privacy protection-oriented digital certificate signature method - Google Patents
Privacy protection-oriented digital certificate signature method Download PDFInfo
- Publication number
- CN111385095A CN111385095A CN201811616922.XA CN201811616922A CN111385095A CN 111385095 A CN111385095 A CN 111385095A CN 201811616922 A CN201811616922 A CN 201811616922A CN 111385095 A CN111385095 A CN 111385095A
- Authority
- CN
- China
- Prior art keywords
- signature
- certificate
- digital
- digital certificate
- signer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3257—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using blind signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
The invention relates to a digital certificate signature method facing privacy protection, which comprises a signature process, a signature verification process and a digital certificate signature process facing privacy protection, and comprises the following steps: step 1, assembling signer identity information and abstracting the identity information; step 2, storing the abstract result of the identity information into a digital certificate, and issuing the digital certificate by a third-party trusted digital certification authority, wherein the certificate is called a fingerprint certificate; and 3, adding an electronic signature at the specified position of the PDF based on the issued fingerprint certificate and the digital signature technology. The invention has the beneficial effects that: the invention utilizes the abstract algorithm to hide the identity information of the user in the digital certificate, and protects the privacy of the signer while ensuring the legal efficacy of the electronic signature, so that other people can not know the identity of the signer in the electronic signature, and the invention has better confidentiality and is safer.
Description
Technical Field
The invention belongs to the technical field of passwords, and mainly relates to a digital certificate signature method for privacy protection based on a digest algorithm and combined with a digital signature technology.
Background
The electronic signature technology is based on the realization of digital signature based on a digital certificate, and a seal technology is added to express the meaning of the digital signature. The core of the electronic signature technology is a digital signature technology realized based on a digital certificate, and a signer is uniquely identified through the digital certificate, so that the effect of preventing repudiation is achieved. The digital certificate is issued by a third party digital certificate authority (CA center for short) permitted by the country, issued to natural persons, legal persons, and the like in the real society, and used for proving the identity of a digital certificate holder on a network.
However, in the application scenario of electronic signature, the signer may want to hide his identity, for example, in the field of online loan, the loan activities of the borrower and the investor may be related to his business activities, and the borrower and the investor may not want to expose his loan activities. This will conflict with the meaning of the digital certificate itself.
Disclosure of Invention
The invention aims to solve the defects of the prior art and provides a digital certificate signature method which is better in confidentiality, safer and more reliable and faces privacy protection.
The invention adopts the technical scheme for solving the technical problems that: the privacy protection oriented digital certificate signing method comprises a signing process and a signature verification process.
The privacy protection-oriented digital certificate signing process comprises the following steps:
step 1, assembling signer identity information and abstracting the identity information;
step 2, storing the abstract result of the identity information into a digital certificate, and issuing the digital certificate by a third-party trusted digital certification authority, wherein the certificate is called a fingerprint certificate;
step 3, adding an electronic signature at the specified position of PDF based on the issued fingerprint certificate and the digital signature technology;
the privacy protection-oriented digital certificate signature verification process comprises the following steps:
step 1, checking signer certificate information after the electronic signature in the PDF document passes verification;
step 2, assembling and abstracting the identity information of the signer to be verified;
and 3, comparing whether the digest result is consistent with the signer information displayed in the number, if so, indicating that the person to be verified is the current signer, otherwise, indicating that the person is incorrect.
The digital signature is a joint superposition of an asymmetric algorithm and a digest algorithm.
The invention has the beneficial effects that: the invention utilizes the abstract algorithm to hide the identity information of the user in the digital certificate, and protects the privacy of the signer while ensuring the legal efficacy of the electronic signature, so that other people can not know the identity of the signer in the electronic signature, and the invention has better confidentiality and is safer.
Drawings
FIG. 1 is a schematic flow diagram of the present invention;
FIG. 2 is a schematic diagram of an asymmetric cryptographic algorithm;
FIG. 3 is a schematic diagram of a summarization algorithm;
FIG. 4 is a schematic diagram of a digital signature principle;
fig. 5 is a schematic diagram of the time stamp principle.
Detailed Description
The invention will be further described with reference to the accompanying drawings in which:
as shown in FIG. 1, the privacy-oriented digital certificate signing method comprises a signing process and a signature verification process.
The privacy protection-oriented digital certificate signing process comprises the following steps:
step 1, assembling signer identity information and abstracting the identity information;
step 2, storing the abstract result of the identity information into a digital certificate, and issuing the digital certificate by a third-party trusted digital certification authority, wherein the certificate is called a fingerprint certificate;
step 3, adding an electronic signature at the specified position of PDF based on the issued fingerprint certificate and the digital signature technology;
the privacy protection-oriented digital certificate signature verification process comprises the following steps:
step 1, checking signer certificate information after the electronic signature in the PDF document passes verification;
step 2, assembling and abstracting the identity information of the signer to be verified;
and 3, comparing whether the digest result is consistent with the signer information displayed in the number, if so, indicating that the person to be verified is the current signer, otherwise, indicating that the person is incorrect.
As shown in fig. 2, the conventional algorithm has the same encryption key and decryption key, which is called symmetric algorithm; the asymmetric algorithm appeared in 1976, the encryption key being different from the decryption key, one of the pair of keys being called the public key and one being called the private key. The public key is public, and anyone in the Internet can obtain the public keys of all other people; the private key is private and can only be used by the holder himself. As shown in the above figure, user a wants to send a piece of plaintext to user B. The sending process is as follows:
1) firstly, a user A obtains a public key (Bpubkey) of a user B;
2) encrypting a plaintext by using the public key and a public key algorithm to form a ciphertext;
3) sending the ciphertext to B;
4) and B, after receiving the ciphertext, decrypting the ciphertext by using a private key (Bkey) held by the B to obtain a plaintext.
The public key of B is public, so the problem of key sharing does not exist in the public key cryptosystem; the private key is held by the holder for life, thus ensuring the security of the data.
Besides realizing the confidentiality transmission of data, the asymmetric algorithm can also achieve the purpose of anti-repudiation. The principle is that A encrypts files by using a private key of the A; b, after receiving the file, decrypting by using the public key of A; if it can be decrypted, the certificate must be derived from A.
Common asymmetric algorithms are RSA, Elgamal, Rabin, DH, ECC (elliptic curve cryptography), and the domestic cryptography SM 2.
As shown in fig. 3, the digest algorithm is also called hash algorithm, fingerprint algorithm, or hash algorithm. Just like the fingerprint of each person, the result obtained by subjecting any different data to the summarization algorithm is different, while the result obtained by subjecting any same data to the summarization algorithm is the same. Therefore, the digest result is also referred to as a digital fingerprint of the data.
Digest algorithms are often used for the verification of passwords. In order to prevent potential safety hazards caused by the fact that the password is stored in the database in a plaintext mode, the password is often stored in the database after being subjected to a digest algorithm; during identity authentication, the password input by the user is abstracted again and compared with the abstract in the database; if the two are the same, the authentication is passed.
Digest algorithms are also often used to implement integrity checks of data. Carrying out primary abstract operation on the data, and simultaneously storing or sending a result and a data original text to the other party; during verification, the original data text is abstracted again, the result is compared with the original abstract result, if the result is the same as the original data text, the result is not tampered, and if the result is different from the original data text, the result indicates that the original data text is tampered.
As shown in fig. 4, the digital signature is a joint superposition of the asymmetric algorithm and the digest algorithm. The digital signature has two purposes, namely repudiation prevention and tamper prevention.
The user A carries out signature, and the signature process is as follows: the method comprises the steps of firstly, carrying out Hash abstraction on an original text to obtain a Hash abstract value of the original text; secondly, encrypting the hash digest value by using a private key of the signer to obtain a signature value; and thirdly, combining the original text and the signature value to obtain a signed file.
The user B checks the label, and the label checking process comprises the following steps: firstly, splitting a signed file into an original text and a signature value; secondly, carrying out hash abstraction on the original text to obtain a hash value, and decrypting the signature value by using a public key of a signer to obtain a hash value; and thirdly, comparing the two hash values, if the two hash values are the same, proving that the file is not tampered, and if the two hash values are different, proving that the file is tampered.
As shown in fig. 5, the time stamp is another key element in "digital proof", i.e. proof that some data exists at a certain time and has not been tampered with. The principle of the time stamp is that the original data is subjected to summary operation once, a summary result is sent to a time stamp issuing center, the time stamp issuing center carries out digital signature once on the summary result and the current time by using a digital signature technology, and the summary result is a digital fingerprint of an original text, so that the existence of the original text at the time is proved, and meanwhile, the anti-tampering problem is solved.
The invention is applied to the covering of the electronic signature meeting the PADES standard in the PDF document. PADES is the PDF digital signature specification defined by ISO32000, maintained by ETSI. Almost all PDF readers comply with this specification, ensuring that the generated digital signature can be correctly verified in different PDF readers.
The invention solves the problem of signer identity privacy protection in the electronic signature. Under the support of a CA center, the user identity information is not directly stored in the digital certificate, but the effect of preventing repudiation is achieved by storing the abstract of the user identity information, and the certificate is called a fingerprint certificate. The digital certificate signature technology facing privacy protection protects the privacy of a signer while guaranteeing the legal efficacy of electronic signature, so that others cannot know the identity of the signer in the electronic signature.
In addition to the above embodiments, the present invention may have other embodiments. All technical solutions formed by adopting equivalent substitutions or equivalent transformations fall within the protection scope of the claims of the present invention.
Claims (2)
1. A digital certificate signature method facing privacy protection is characterized in that:
the method comprises a signature process, a signature verification process and a privacy protection oriented digital certificate signature process, and comprises the following steps:
step 1, assembling signer identity information and abstracting the identity information;
step 2, storing the abstract result of the identity information into a digital certificate, and issuing the digital certificate by a third-party trusted digital certification authority, wherein the certificate is called a fingerprint certificate;
step 3, adding an electronic signature at the specified position of PDF based on the issued fingerprint certificate and the digital signature technology; a privacy-preserving oriented digital certificate signing process,
the method comprises the following steps: step 1, checking signer certificate information after the electronic signature in the PDF document passes verification;
step 2, assembling and abstracting the identity information of the signer to be verified;
and 3, comparing whether the digest result is consistent with the signer information displayed in the number, if so, indicating that the person to be verified is the current signer, otherwise, indicating that the person is incorrect.
2. The privacy-preserving-oriented digital certificate signing method of claim 1, characterized by: the digital signature is a joint superposition of an asymmetric algorithm and a digest algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811616922.XA CN111385095A (en) | 2018-12-28 | 2018-12-28 | Privacy protection-oriented digital certificate signature method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811616922.XA CN111385095A (en) | 2018-12-28 | 2018-12-28 | Privacy protection-oriented digital certificate signature method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111385095A true CN111385095A (en) | 2020-07-07 |
Family
ID=71220033
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811616922.XA Pending CN111385095A (en) | 2018-12-28 | 2018-12-28 | Privacy protection-oriented digital certificate signature method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111385095A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114900312A (en) * | 2022-04-18 | 2022-08-12 | 中国科学院大学 | Privacy-protecting identity certificate endorsement generation and verification method |
-
2018
- 2018-12-28 CN CN201811616922.XA patent/CN111385095A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114900312A (en) * | 2022-04-18 | 2022-08-12 | 中国科学院大学 | Privacy-protecting identity certificate endorsement generation and verification method |
| CN114900312B (en) * | 2022-04-18 | 2023-12-19 | 中国科学院大学 | Identity credential endorsement generation and verification method for protecting privacy |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102577229B (en) | Key certification in one round trip | |
| Kou | Payment technologies for E-commerce | |
| US10559049B2 (en) | Digital passport country entry stamp | |
| CN109614802B (en) | Anti-quantum-computation signature method and signature system | |
| CN106375092A (en) | Digital certificate signature method for privacy protection | |
| CN101800637A (en) | Token provides | |
| KR19990044692A (en) | Document authentication system and method | |
| JP2001237827A (en) | Structural digital certificate | |
| US20080098214A1 (en) | Encryption/decryption method, method for safe data transfer across a network, computer program products and computer readable media | |
| JPS6256043A (en) | Electronic transaction system | |
| CN113824564A (en) | Online signing method and system based on block chain | |
| CN110826109A (en) | Penetrating signature method suitable for PDF document | |
| CN109586918B (en) | Anti-quantum-computation signature method and signature system based on symmetric key pool | |
| CN113761578A (en) | Document true checking method based on block chain | |
| Wu et al. | Security Architecture for sensitive information systems | |
| CN111385095A (en) | Privacy protection-oriented digital certificate signature method | |
| CN109586917A (en) | The signature method and sealing system of anti-quantum calculation based on unsymmetrical key pond | |
| CN111539032B (en) | Electronic signature application system resistant to quantum computing disruption and implementation method thereof | |
| Li et al. | E-passport EAC scheme based on Identity-Based Cryptography | |
| Blanchette | The digital signature dilemma | |
| KR20210060746A (en) | System for processing electronic contracts based on privatd key of blockchai | |
| Patel et al. | The study of digital signature authentication process | |
| CN110572257A (en) | Anti-quantum computing data source identification method and system based on identity | |
| More et al. | Decentralized Fingerprinting for Secure Peer-To-Peer Data Exchange of Aadhaar Via Public Key Infrastructure | |
| CN109104393A (en) | A kind of identity authentication method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200707 |
|
| WD01 | Invention patent application deemed withdrawn after publication |