CN111641604B - Signing method based on online banking certificate and signing system based on online banking certificate - Google Patents
Signing method based on online banking certificate and signing system based on online banking certificate Download PDFInfo
- Publication number
- CN111641604B CN111641604B CN202010416070.0A CN202010416070A CN111641604B CN 111641604 B CN111641604 B CN 111641604B CN 202010416070 A CN202010416070 A CN 202010416070A CN 111641604 B CN111641604 B CN 111641604B
- Authority
- CN
- China
- Prior art keywords
- file
- signature
- signed
- certificate
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The application provides a signing method based on an online banking certificate and a signing system based on the online banking certificate, which are applied to the technical field of computers, wherein the method comprises the following steps: the disclosed target signature file discloses a hash value of the online bank certificate, but not the online bank certificate itself, and information of the online bank certificate cannot be reversely deduced based on the hash value of the online bank certificate, so that leakage of user information is avoided; meanwhile, the event digital certificate is generated based on the Hash value of the online banking certificate, the file to be signed, the first signature value and the second Hash algorithm, so that the verifiability of the signature can be realized under the condition of providing the online banking certificate.
Description
Technical Field
The application relates to the technical field of computers, in particular to a signing method based on an online banking certificate and a signing system based on the online banking certificate.
Background
Electronic signatures are an expression form of electronic signatures, and electronic signatures are widely used as a signature form to replace conventional paper signatures.
Because the internet bank UKey has high security and an identity authentication mechanism, financial institutions such as banks and the like can realize electronic signature based on the internet bank of users. When the electronic file is signed based on the online banking certificate, in order to ensure the verifiability of the signature, the online banking certificate of the user needs to be contained in the electronic file, namely the signed file comprises three parts, namely a file to be signed, a signature value and the online banking certificate. However, the user information is stored in the internet bank certificate information, and the direct disclosure of the internet bank certificate may cause the leakage of the user information.
Disclosure of Invention
The application provides a signing method based on an online banking certificate and a signing system based on the online banking certificate, which are used for avoiding information leakage of a user while electronic signing is carried out based on the online banking certificate, and the technical scheme adopted by the application is as follows:
in a first aspect, a signing method based on an online banking certificate is provided, which is applied to a server, and comprises,
the server calculates the hash value of the file to be signed based on a first hash algorithm, and sends the file to be signed and the hash value of the file to be signed to the client;
the server receives first signature file information sent by the client, wherein the first signature file information comprises an online bank certificate, a file to be signed and a first signature value obtained by carrying out private key operation on a hash value of the file to be signed based on a first private key;
the server calculates the Hash value of the online bank certificate based on a second Hash algorithm, and sends the Hash value of the online bank certificate, the second Hash algorithm, the file to be signed and the first signature value to the electronic signature system for signature; the electronic signature system is used for generating an event key pair when receiving a signature request, and the event key pair comprises a second private key; the electronic signature system is used for carrying out private key operation on the file to be signed based on the second private key to obtain an event signature value, generating an event digital certificate based on the Hash value of the internet bank certificate, the second Hash algorithm, the file to be signed and the first signature value, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed.
Further, the method further comprises:
the server receives user-defined information sent by the client and sends the user-defined information to the electronic signature system; the electronic signature system is used for generating an event digital certificate based on the Hash value of the online banking certificate, the second Hash algorithm, the file to be signed, the first signature value and the user-defined information.
Further, the server calculates a hash value of the online banking certificate based on a second hash algorithm, and sends the hash value of the online banking certificate, the second hash algorithm, the file to be signed and the first signature value to the electronic signature system to request signature, which includes:
and the server performs signature verification on the first signature value.
Further, the method further comprises:
the server receives first service information of a target user sent by the client, and generates the file to be signed based on the first service information, wherein the file to be signed is a portable file format file.
Further, the method further comprises:
receiving second service information of the target user sent by the client, and querying a database to obtain third service information of the target user;
and generating a file to be signed based on the second service information and the third service information, wherein the file to be signed is a portable file format file.
In a second aspect, a signing system based on an online bank certificate is provided, and the system includes: the system comprises a client, a server and an electronic signature system; the method comprises the following steps:
the server calculates the hash value of the file to be signed based on a first hash algorithm and sends the file to be signed and the hash value of the file to be signed to the client;
the client performs private key operation on the hash value of the file to be signed based on a first private key to obtain a first signature value, and sends first signature file information to a server, wherein the first signature file information comprises an online banking certificate, the file to be signed and the first signature value;
the server receives the first signature file information, calculates a hash value of the online bank certificate based on a second hash algorithm, and sends the hash value of the online bank certificate, the second hash algorithm, the file to be signed and the first signature value to an electronic signature system for requesting signature;
the electronic signature system generates an event key pair when receiving a signature request, wherein the event key pair comprises a second private key; the electronic signature system carries out private key operation on the file to be signed based on the second private key to obtain an event signature value, generates an event digital certificate based on the Hash value of the online banking certificate, the second Hash algorithm, the file to be signed and the first signature value, and obtains a target signature file based on the event signature value, the event digital certificate and the file to be signed.
Further, comprising:
the client sends user-defined information to the server;
the server sends the user-defined information to the electronic signature system;
the electronic signature system generates an event digital certificate based on the Hash value of the online banking certificate, a second Hash algorithm, a file to be signed, a first signature value and the user-defined information.
Further, the server calculates a hash value of the online banking certificate based on a second hash algorithm, and sends the hash value of the online banking certificate, the second hash algorithm, the file to be signed and the first signature value to the electronic signature system to request signature, which includes:
and the server performs signature verification on the first signature value.
Further, comprising:
the client sends first service information of a target user to a server;
the server receives first service information of a target user sent by the client, and generates the file to be signed based on the first service information, wherein the file to be signed is a portable file format file.
Further, comprising:
the client sends second service information of the target user to the server;
the server queries a database to obtain third service information of the target user;
and the server generates a file to be signed based on the second service information and the third service information, wherein the file to be signed is a portable file format file.
Compared with the prior art that the online bank certificate is directly used as part of an electronic file after signature, the server calculates the hash value of the online bank certificate based on a second hash algorithm and sends the hash value of the online bank certificate, the second hash algorithm, the file to be signed and a first signature value to the electronic signature system to request signature; the electronic signature system is used for generating an event key pair when a signature request is received, wherein the event key pair comprises a second private key; the electronic signature system is used for carrying out private key operation on the file to be signed based on the second private key to obtain an event signature value, generating an event digital certificate based on the Hash value of the online banking certificate, the second Hash algorithm, the file to be signed and the first signature value, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed. The disclosed target signature file discloses the hash value of the online bank certificate, but not the online bank certificate, and the information of the online bank certificate can not be deduced reversely based on the hash value of the online bank certificate, so that the leakage of user information is avoided; meanwhile, the event digital certificate is generated based on the Hash value of the online banking certificate, the file to be signed, the first signature value and the second Hash algorithm, so that the verifiability of the signature can be realized under the condition of providing the online banking certificate.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flowchart of a signing method based on an online banking certificate according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a signing system based on an online banking certificate according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Example one
The embodiment of the application provides a signing method based on an online banking certificate, and as shown in fig. 1, the signing method may include the following steps:
step S101, the server calculates the hash value of the file to be signed based on a first hash algorithm, and sends the file to be signed and the hash value of the file to be signed to a client.
Specifically, the server calculates a hash value of a file to be signed based on a first hash algorithm, and sends the file to be signed and the hash value of the file to be signed to the client.
Where the hash algorithm maps a binary value of arbitrary length to a shorter binary value of fixed length, this small binary value is called the hash value. Hash values are a unique and extremely compact representation of a piece of data as a value. If a piece of plaintext is hashed and even if only one letter of the piece is altered, the subsequent hash will produce a different value. It is computationally infeasible to find two different inputs whose hash is the same value, so the hash value of the data can verify the integrity of the data.
The first hash algorithm may be any one of MD2, MD4, MD5 and SHA-1, and is also other algorithms capable of implementing the present application.
The file to be signed is a PDF (portable document format) file.
The client can be a mobile phone, a PAD, a computer, a wearable device, and the like of a user.
Step S102, the server receives first signature file information sent by the client, wherein the first signature file information comprises an online banking certificate, a file to be signed and a first signature value obtained by carrying out private key operation on a hash value of the file to be signed based on a first private key.
Specifically, the server receives first signature file information sent by the client, wherein the first signature file information comprises an online banking certificate, a file to be signed and a first signature value. The client side can verify the hash value of the file to be signed first, and after the verification is passed, the client side carries out private key operation on the hash value of the file to be signed based on the first private key and the first private key to obtain a first signature value. The first private key can be obtained through a mobile phone shield or through a Ukey (that is, the Ukey device and the client are connected through a Bluetooth or usb interface). The mobile phone shield is a mobile phone cryptographic technology for realizing the traditional U Shield (USBKEY) function by using a mobile phone, does not depend on a hardware cryptographic chip, realizes all functions such as reliable cryptographic equipment, cryptographic operation, a CA digital certificate and the like by using software, and is a core technology for realizing the application security of the mobile internet. The mobile phone shield provides cryptographic operation support capability for mobile internet application, and is used for identity authentication, electronic signature, data protection and the like.
Step S103, the server calculates the Hash value of the online silver certificate based on a second Hash algorithm, and sends the Hash value of the online silver certificate, the second Hash algorithm, the file to be signed and the first signature value to an electronic signature system for requesting signature; the electronic signature system is used for generating an event key pair when a signature request is received, wherein the event key pair comprises a second private key; the electronic signature system is used for carrying out private key operation on the file to be signed based on the second private key to obtain an event signature value, generating an event digital certificate based on the Hash value of the online banking certificate, the second Hash algorithm, the file to be signed and the first signature value, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed.
Specifically, the server calculates the hash value of the online banking certificate based on a second hash algorithm, and sends the hash value of the online banking certificate, the second hash algorithm, the file to be signed and the first signature value to the electronic signature system for requesting signature. The first hash algorithm and the second hash algorithm may be the same or different.
Specifically, the electronic signature system generates an event key pair when receiving a signature request; the event key pair is a one-time event key pair, is generated for the signature request, and is different from the key pairs generated for any two signature requests. Wherein the event key pair comprises a second private key and a second public key.
Specifically, the electronic signature system is configured to perform private key operation on the file to be signed based on the second private key to obtain an event signature value, and generate an event digital certificate based on the hash value of the online banking certificate, the second hash algorithm, the file to be signed, and the first signature value. The event digital certificate can further comprise a second public key, wherein the hash value of the internet banking certificate, the second hash algorithm, the file to be signed and the hash value of the first signature value can be obtained through calculation, then the signature value is obtained by signing the hash value based on a second private key and is used as a signature of the event digital certificate, and the hash value of the internet banking certificate, the second hash algorithm, the file to be signed and the first signature value are used as attributes of the event digital certificate.
Specifically, the target signature file is obtained based on the event signature value, the event digital certificate and the file to be signed.
When the signature is verified, the target signature file comprises a file to be signed, an event signature and an event digital certificate, wherein the event digital certificate comprises the hash value of the internet bank certificate, a second hash algorithm, the file to be signed, a first signature value and other attribute information. Either party (for example, a user corresponding to the client or a bank corresponding to the server, if a dispute occurs) may determine whether the signature is performed by the to-be-confirmed online banking certificate based on the to-be-confirmed online banking certificate and the second hash algorithm, the hash value of the online banking certificate. And then, whether the file to be signed is signed or not can be determined based on the first signature value, the online banking certificate to be confirmed and the file to be signed, so that the signature can be verified.
The embodiment of the application provides a signing method based on an online silver certificate, compared with the prior art that the online silver certificate is directly used as a part of an electronic file after signing, in the application, a server calculates a hash value of the online silver certificate based on a second hash algorithm, and sends the hash value of the online silver certificate, the second hash algorithm, a file to be signed and a first signature value to an electronic signing system for requesting signing; the electronic signature system is used for generating an event key pair when a signature request is received, wherein the event key pair comprises a second private key; the electronic signature system is used for carrying out private key operation on the file to be signed based on the second private key to obtain an event signature value, generating an event digital certificate based on the Hash value of the online banking certificate, the second Hash algorithm, the file to be signed and the first signature value, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed. The disclosed target signature file discloses the hash value of the online bank certificate, but not the online bank certificate, and the information of the online bank certificate can not be deduced reversely based on the hash value of the online bank certificate, so that the leakage of user information is avoided; meanwhile, the event digital certificate is generated based on the Hash value of the online banking certificate, the file to be signed, the first signature value and the second Hash algorithm, so that the verifiability of the signature can be realized under the condition of providing the online banking certificate.
The embodiment of the present application provides a possible implementation manner, and further, the method includes:
step S104 (not shown in the figure), the server receives the user-defined information sent by the client and sends the user-defined information to the electronic signature system; the electronic signature system is used for generating an event digital certificate based on the Hash value of the online banking certificate, the second Hash algorithm, the file to be signed, the first signature value and the user-defined information.
Specifically, the client may further send user-defined information to the server, where the user-defined information may be information that the user agrees to be published, and the user-defined information may be picture information, such as a name stamp picture of the user.
For the embodiment of the application, the user information carried in the online bank certificate is relatively more, so that the leakage of the user information in the online bank certificate can be avoided, and meanwhile, the disclosure of user-defined information can be realized.
The embodiment of the application provides a possible implementation manner, the server calculates the hash value of the online silver certificate based on the second hash algorithm, and sends the hash value of the online silver certificate, the second hash algorithm, the file to be signed and the first signature value to the electronic signature system to request signature, and the server comprises the following steps:
step S105 (not shown), the server performs signature verification on the first signature value.
Specifically, the server may verify the signature of the first signature value based on a first public key obtained from the online bank certificate.
The embodiment of the present application provides a possible implementation manner, and further, the method further includes:
step S106 (not shown in the figure), the server receives the first service information of the target user sent by the client, and generates the file to be signed based on the first service information, where the file to be signed is a portable document format file.
Specifically, the client sends the first service information of the target user to the server, and the server processes the first service information based on the received first service information to obtain the file to be signed.
For the embodiment of the application, the problem of determining the file to be signed is solved.
The embodiment of the present application provides a possible implementation manner, and further, the method further includes:
step S107 (not shown in the figure), receiving the second service information of the target user sent by the client, and querying a database to obtain third service information of the target user;
step S108 (not shown in the figure), generating a file to be signed based on the second service information and the third service information, where the file to be signed is a portable document format file.
Specifically, receiving second service information of a target user sent by the client, and querying a database to obtain third service information of the target user; and generating a file to be signed based on the second service information and the third service information, wherein the file to be signed is a portable file format file.
For the embodiment of the application, the problem of determining the file to be signed is solved.
Example two
Fig. 2 is a signature system based on an online banking certificate according to an embodiment of the present application, where the signature system based on an online banking certificate includes: a client 201, a server 202 and an electronic signature system 203; the method comprises the following steps:
the server 202 calculates a hash value of a file to be signed based on a first hash algorithm, and sends the file to be signed and the hash value of the file to be signed to the client 201;
the client 201 performs private key operation on the hash value of the file to be signed based on a first private key to obtain a first signature value, and sends first signature file information to the server 202, wherein the first signature file information comprises an online banking certificate, the file to be signed and the first signature value;
the server 202 receives the first signature file information, calculates a hash value of the online banking certificate based on a second hash algorithm, and sends the hash value of the online banking certificate, the second hash algorithm, the file to be signed and the first signature value to the electronic signature system 203 for requesting signature;
the electronic signature system 203 generates an event key pair when receiving the signature request, wherein the event key pair comprises a second private key; the electronic signature system carries out private key operation on the file to be signed based on the second private key to obtain an event signature value, generates an event digital certificate based on the Hash value of the online banking certificate, the second Hash algorithm, the file to be signed and the first signature value, and obtains a target signature file based on the event signature value, the event digital certificate and the file to be signed.
The embodiment of the application provides a signing system based on an online silver certificate, compared with the prior art that the online silver certificate is directly used as a part of an electronic file after signing, in the application, a server calculates a hash value of the online silver certificate based on a second hash algorithm, and sends the hash value of the online silver certificate, the second hash algorithm, a file to be signed and a first signature value to the electronic signing system to request signing; the electronic signature system is used for generating an event key pair when a signature request is received, wherein the event key pair comprises a second private key; the electronic signature system is used for carrying out private key operation on the file to be signed based on the second private key to obtain an event signature value, generating an event digital certificate based on the Hash value of the online banking certificate, the second Hash algorithm, the file to be signed and the first signature value, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed. The disclosed target signature file discloses the hash value of the online bank certificate, but not the online bank certificate, and the information of the online bank certificate can not be deduced reversely based on the hash value of the online bank certificate, so that the leakage of user information is avoided; meanwhile, the event digital certificate is generated based on the Hash value of the online banking certificate, the file to be signed, the first signature value and the second Hash algorithm, so that the verifiability of the signature can be realized under the condition of providing the online banking certificate.
The signing system based on the online banking certificate of the present embodiment can execute the signing method based on the online banking certificate provided in the above embodiments of the present application, and the implementation principles are similar, and are not described herein again.
The embodiment of the present application provides a possible implementation manner, further, including:
the client 201 sends user-defined information to the server 202;
the server 202 sends the user-defined information to the electronic signature system 203;
the electronic signature system 203 generates an event digital certificate based on the hash value of the online banking certificate, the second hash algorithm, the file to be signed, the first signature value and the user-defined information.
The embodiment of the present application provides a possible implementation manner, further, including:
the server 202 calculates the hash value of the online banking certificate based on a second hash algorithm, and sends the hash value of the online banking certificate, the second hash algorithm, the file to be signed and the first signature value to the electronic signature system to request signature, which includes:
the server 202 performs signature verification on the first signature value.
The embodiment of the present application provides a possible implementation manner, further, including:
the client 201 sends first service information of a target user to the server 202;
the server 202 receives the first service information of the target user sent by the client 201, and generates the file to be signed based on the first service information, wherein the file to be signed is a portable file with a document format.
The embodiment of the present application provides a possible implementation manner, further, including:
the client sends second service information of the target user to the server;
the server queries a database to obtain third service information of the target user;
and the server generates a file to be signed based on the second service information and the third service information, wherein the file to be signed is a portable file format file.
The beneficial effects of the embodiment of the present application are the same as those of the first embodiment, and are not described herein again.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present application, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations should also be regarded as the protection scope of the present application.
Claims (10)
1. The signature system based on the online banking certificate is characterized by comprising a client, a server and an electronic signature system, and comprises:
the server calculates the hash value of the file to be signed based on a first hash algorithm and sends the file to be signed and the hash value of the file to be signed to the client;
the client performs private key operation on the hash value of the file to be signed based on a first private key to obtain a first signature value, and sends first signature file information to a server, wherein the first signature file information comprises an online banking certificate, the file to be signed and the first signature value;
the server receives the first signature file information, calculates a hash value of the online bank certificate based on a second hash algorithm, and sends the hash value of the online bank certificate, the second hash algorithm, the file to be signed and the first signature value to an electronic signature system for requesting signature;
the electronic signature system generates an event key pair when receiving a signature request, wherein the event key pair comprises a second private key; the electronic signature system carries out private key operation on the file to be signed based on the second private key to obtain an event signature value, generates an event digital certificate based on the Hash value of the online banking certificate, the second Hash algorithm, the file to be signed and the first signature value, and obtains a target signature file based on the event signature value, the event digital certificate and the file to be signed.
2. The system of claim 1, comprising:
the client sends user-defined information to the server;
the server sends the user-defined information to the electronic signature system;
the electronic signature system generates an event digital certificate based on the Hash value of the online banking certificate, a second Hash algorithm, a file to be signed, a first signature value and the user-defined information.
3. The system of claim 1, wherein the server calculates the hash value of the online silver certificate based on a second hash algorithm, and sends the hash value of the online silver certificate, the second hash algorithm, the file to be signed and the first signature value to the electronic signature system for signature request, which previously comprises:
and the server performs signature verification on the first signature value.
4. The system of claim 1, comprising:
the client sends first service information of a target user to a server;
the server receives first service information of a target user sent by the client, and generates the file to be signed based on the first service information, wherein the file to be signed is a portable file format file.
5. The system of claim 1, comprising:
the client sends second service information of the target user to the server;
the server queries a database to obtain third service information of the target user;
and the server generates a file to be signed based on the second service information and the third service information, wherein the file to be signed is a portable file format file.
6. A signature method based on an online banking certificate is applied to a server and comprises the following steps:
the server calculates the hash value of the file to be signed based on a first hash algorithm and sends the file to be signed and the hash value of the file to be signed to the client;
the server receives first signature file information sent by the client, wherein the first signature file information comprises an online banking certificate, a file to be signed and a first signature value obtained by the client through private key operation on a hash value of the file to be signed based on a first private key;
the server calculates the Hash value of the online silver certificate based on a second Hash algorithm, and sends the Hash value of the online silver certificate, the second Hash algorithm, the file to be signed and the first signature value to an electronic signature system for signature; the electronic signature system is used for generating an event key pair when a signature request is received, wherein the event key pair comprises a second private key; the electronic signature system is used for carrying out private key operation on the file to be signed based on the second private key to obtain an event signature value, generating an event digital certificate based on the Hash value of the online banking certificate, the second Hash algorithm, the file to be signed and the first signature value, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed.
7. The method of claim 6, characterized in that the method comprises:
the server receives user-defined information sent by the client and sends the user-defined information to the electronic signature system; the electronic signature system is used for generating an event digital certificate based on the Hash value of the online banking certificate, the second Hash algorithm, the file to be signed, the first signature value and the user-defined information.
8. The method according to claim 6, wherein the server calculates the hash value of the online silver certificate based on a second hash algorithm, and sends the hash value of the online silver certificate, the second hash algorithm, the file to be signed and the first signature value to the electronic signature system for signature request, and the steps comprise:
and the server performs signature verification on the first signature value.
9. The method of claim 6, further comprising:
the server receives first service information of a target user sent by the client, and generates the file to be signed based on the first service information, wherein the file to be signed is a portable file format file.
10. The method of claim 6, further comprising:
receiving second service information of the target user sent by the client, and querying a database to obtain third service information of the target user;
and generating a file to be signed based on the second service information and the third service information, wherein the file to be signed is a portable file format file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010416070.0A CN111641604B (en) | 2020-05-16 | 2020-05-16 | Signing method based on online banking certificate and signing system based on online banking certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010416070.0A CN111641604B (en) | 2020-05-16 | 2020-05-16 | Signing method based on online banking certificate and signing system based on online banking certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111641604A CN111641604A (en) | 2020-09-08 |
| CN111641604B true CN111641604B (en) | 2022-04-15 |
Family
ID=72330909
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010416070.0A Active CN111641604B (en) | 2020-05-16 | 2020-05-16 | Signing method based on online banking certificate and signing system based on online banking certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111641604B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112364385B (en) * | 2020-10-19 | 2022-08-30 | 山东省国土空间数据和遥感技术中心 | OFD format real estate electronic certificate file signature method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106375092A (en) * | 2016-08-25 | 2017-02-01 | 杭州天谷信息科技有限公司 | Digital certificate signature method for privacy protection |
| CN109194465A (en) * | 2018-09-30 | 2019-01-11 | 巍乾全球技术集团有限责任公司 | For managing method, user equipment, management equipment, storage medium and the computer program product of key |
| CN109981289A (en) * | 2019-03-26 | 2019-07-05 | 电子科技大学 | Batch authentication method of elliptic curve digital signature algorithm under implicit certificate |
| CN110222692A (en) * | 2019-05-21 | 2019-09-10 | 深圳壹账通智能科技有限公司 | A kind of contract method of calibration and relevant device |
| CN110414193A (en) * | 2019-06-26 | 2019-11-05 | 珠海横琴新区润成科技股份有限公司 | A kind of safe encryption method and system of the close PDF document E-seal of state |
-
2020
- 2020-05-16 CN CN202010416070.0A patent/CN111641604B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106375092A (en) * | 2016-08-25 | 2017-02-01 | 杭州天谷信息科技有限公司 | Digital certificate signature method for privacy protection |
| CN109194465A (en) * | 2018-09-30 | 2019-01-11 | 巍乾全球技术集团有限责任公司 | For managing method, user equipment, management equipment, storage medium and the computer program product of key |
| CN109981289A (en) * | 2019-03-26 | 2019-07-05 | 电子科技大学 | Batch authentication method of elliptic curve digital signature algorithm under implicit certificate |
| CN110222692A (en) * | 2019-05-21 | 2019-09-10 | 深圳壹账通智能科技有限公司 | A kind of contract method of calibration and relevant device |
| CN110414193A (en) * | 2019-06-26 | 2019-11-05 | 珠海横琴新区润成科技股份有限公司 | A kind of safe encryption method and system of the close PDF document E-seal of state |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111641604A (en) | 2020-09-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111859348B (en) | Identity authentication method and device based on user identification module and block chain technology | |
| CN111628868B (en) | Digital signature generation method and device, computer equipment and storage medium | |
| CN107483212B (en) | Method for generating digital signature by cooperation of two parties | |
| CN111680324B (en) | Credential verification method, management method and issuing method for blockchain | |
| JP4993674B2 (en) | Information processing apparatus, verification processing apparatus, control method thereof, computer program, and storage medium | |
| US20070136599A1 (en) | Information processing apparatus and control method thereof | |
| CN111641605B (en) | Electronic signature method and system based on dynamic password | |
| CN101359989A (en) | Method, apparatus and mobile communication terminal generating safe digital photograph | |
| KR102403402B1 (en) | Management system, control method therefor, and program | |
| US11436597B1 (en) | Biometrics-based e-signatures for pre-authorization and acceptance transfer | |
| US11870897B1 (en) | Post quantum unique key per token system | |
| KR20210095705A (en) | Techniques for securely performing offline authentication | |
| CN110569672A (en) | efficient credible electronic signature system and method based on mobile equipment | |
| EP3133791B1 (en) | Double authentication system for electronically signed documents | |
| US11070378B1 (en) | Signcrypted biometric electronic signature tokens | |
| CN110401531B (en) | Cooperative signature and decryption system based on SM9 algorithm | |
| CN111641604B (en) | Signing method based on online banking certificate and signing system based on online banking certificate | |
| KR20130021126A (en) | Image-based user authentication method, and computer readable recording medium storing program for the same | |
| US7853793B2 (en) | Trusted signature with key access permissions | |
| JP4105552B2 (en) | Non-repudiation method using cryptographic signature in small devices | |
| US6839842B1 (en) | Method and apparatus for authenticating information | |
| CN111865605A (en) | Electronic signature method and terminal, and electronic signature verification method and terminal | |
| CN116069856A (en) | Data integrity verification method and system based on blockchain | |
| TW201944278A (en) | Method, terminal electronic device and computer readable recordable medium of using biometric feature to verify electronic document wherein encrypted information is transmitted between the terminal electronic device and an authentication server | |
| CN114329542A (en) | File signature method, device, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |