CN111641605B - Electronic signature method and system based on dynamic password - Google Patents

Electronic signature method and system based on dynamic password Download PDF

Info

Publication number
CN111641605B
CN111641605B CN202010416073.4A CN202010416073A CN111641605B CN 111641605 B CN111641605 B CN 111641605B CN 202010416073 A CN202010416073 A CN 202010416073A CN 111641605 B CN111641605 B CN 111641605B
Authority
CN
China
Prior art keywords
file
signature
signed
information
dynamic password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010416073.4A
Other languages
Chinese (zh)
Other versions
CN111641605A (en
Inventor
刘伟韡
孙炎森
徐晓剑
穆庆新
陈卓
李玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Citic Bank Corp Ltd
Original Assignee
China Citic Bank Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Citic Bank Corp Ltd filed Critical China Citic Bank Corp Ltd
Priority to CN202010416073.4A priority Critical patent/CN111641605B/en
Publication of CN111641605A publication Critical patent/CN111641605A/en
Application granted granted Critical
Publication of CN111641605B publication Critical patent/CN111641605B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The application provides an electronic signature method and system based on a dynamic password, which are applied to the technical field of electronic signature, wherein the method comprises the following steps: the server receives a first electronic signature request sent by a client, wherein the first electronic signature request comprises dynamic password information and a file to be signed; the server carries out target user identity authentication based on the dynamic password information; when the identity authentication of the target user passes, the server sends a second signature request to a CA signature system, wherein the second signature request comprises the dynamic password information and a file to be signed; the CA institution signature system is used for generating. The method solves the problem of how to realize the signature of the file to be signed based on the dynamic password, and simultaneously ensures the authenticity of the signer identity based on the identity authentication mechanism of the dynamic password.

Description

Electronic signature method and system based on dynamic password
Technical Field
The application relates to the technical field of electronic signature, in particular to an electronic signature method and system based on a dynamic password.
Background
Electronic signatures are an expression form of electronic signatures, and electronic signatures are widely used as a signature form to replace conventional paper signatures. The dynamic token (OTP for short) is generated by an unpredictable random number combination according to a specific algorithm, a dynamic password is randomly generated at a predetermined time interval, each password can be used only once, and a general financial institution uses the OTP at the counter by a user as a terminal device for subsequent identity authentication. However, since OTP is off-line computing and does not support online RSA and SM2 signatures, the signature of electronic files cannot be used by a large number of users of banks who have taken dynamic tokens.
Disclosure of Invention
The application provides an electronic signature method and system based on a dynamic password, which are used for realizing the signature of a file to be signed by a user based on the dynamic password, and the technical scheme adopted by the application is as follows:
in a first aspect, there is provided a dynamic password-based electronic signature method applied to a server, the method comprising,
the server receives a first electronic signature request sent by the client, wherein the first electronic signature request comprises dynamic password information and a file to be signed;
the server performs target user identity authentication based on the dynamic password information;
when the target user identity authentication passes, the server sends a second signature request to the CA signature system, wherein the second signature request comprises dynamic password information and a file to be signed; the CA organization signature system is used for generating an event key pair when receiving a second signature request, and the event key pair comprises a first private key and a first public key; the CA organization signature system is used for performing private key operation on a file to be signed based on a first private key to obtain an event signature value, generating an event digital certificate based on dynamic password information, the file to be signed and the first public key, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed; the CA organization signature system is used for sending the target signature file to the server;
and the server receives the target signature file fed back by the CA mechanism signature system and feeds back the target signature file to the client.
Optionally, the first signature request includes user-defined information, and the user-defined information is publicable user information;
the server sends the user-defined information to the CA institution signature system; the CA organization signature system is used for generating an event digital certificate based on an event signature value, a first public key, a file to be signed, dynamic password information and the user-defined information.
Optionally, the second signature request includes verification website information, and the verification website information is used to provide an interface for authenticating the target user identity to the user;
and the CA organization signature system is used for generating an event digital certificate based on the event signature value, the file to be signed, the dynamic password information and the verification website information.
Optionally, the method further comprises:
the server receives first service information of a target user sent by the client, and generates the file to be signed based on the first service information, wherein the file to be signed is a portable file format file;
the server calculates the hash value of the file to be signed based on a hash algorithm, and sends the file to be signed and the hash value of the file to be signed to the client, and the client performs integrity check based on the hash value and the file to be signed.
Optionally, the method further comprises:
the server receives second service information of the target user sent by the client and queries a database to obtain third service information of the target user;
and generating a file to be signed based on the second service information and the third service information, wherein the file to be signed is a portable file format file.
In a second aspect, there is provided a dynamic password-based electronic signature system, the system comprising: the system comprises a client, a server and a signature system of a CA organization; the method comprises the following steps:
the client sends a first signature request to the server;
the server receives a first electronic signature request sent by a client, wherein the first electronic signature request comprises dynamic password information and a file to be signed;
the server carries out target user identity authentication based on the dynamic password information;
when the identity authentication of the target user passes, the server sends a second signature request to a CA signature system, wherein the second signature request comprises the dynamic password information and a file to be signed;
the CA mechanism signature system is used for generating an event key pair when receiving a second signature request, wherein the event key pair comprises a first private key and a first public key; the CA organization signature system is used for carrying out private key operation on a file to be signed based on the first private key to obtain an event signature value, generating an event digital certificate based on the dynamic password information, the file to be signed and the first public key, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed; the CA mechanism signature system is used for sending the target signature file to the server;
and the server receives the target signature file fed back by the CA mechanism signature system and feeds back the target signature file to the client.
Optionally, the first signature request includes user-defined information, and the user-defined information is publicable user information;
the server is used for sending the user-defined information to the CA institution signature system;
the CA organization signature system is used for generating an event digital certificate based on an event signature value, a first public key, a file to be signed, dynamic password information and the user-defined information.
Optionally, the second signature request includes verification website information, and the verification website information is used to provide an interface for authenticating the target user identity to the user;
and the CA organization signature system is used for generating an event digital certificate based on the event signature value, the file to be signed, the dynamic password information and the verification website information.
Optionally, the system comprises:
the server is used for receiving first service information of a target user sent by the client and generating the file to be signed based on the first service information, wherein the file to be signed is a portable file format file;
the server is also used for calculating the hash value of the file to be signed based on a hash algorithm and sending the file to be signed and the hash value of the file to be signed to the client;
and the client is used for carrying out integrity check on the basis of the hash value and the file to be signed.
Optionally, the system comprises: the server is used for receiving second service information of the target user sent by the client and querying a database to obtain third service information of the target user;
the server is used for generating a file to be signed based on the second service information and the third service information, and the file to be signed is a portable file format file.
The application provides an electronic signature method and system based on a dynamic password, wherein a server receives a first electronic signature request sent by a client, and the first electronic signature request comprises dynamic password information and a file to be signed; the server carries out target user identity authentication based on the dynamic password information; when the identity authentication of the target user passes, the server sends a second signature request to a CA signature system, wherein the second signature request comprises the dynamic password information and a file to be signed; the CA mechanism signature system is used for generating an event key pair when receiving a second signature request, wherein the event key pair comprises a first private key and a first public key; the CA organization signature system is used for carrying out private key operation on a file to be signed based on the first private key to obtain an event signature value, generating an event digital certificate based on the dynamic password information, the file to be signed and the first public key, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed; the CA mechanism signature system is used for sending the target signature file to the server; and the server receives the target signature file fed back by the CA mechanism signature system and feeds back the target signature file to the client. The method solves the problem of how to realize the signature of the file to be signed based on the dynamic password, and simultaneously ensures the authenticity of the signer identity based on the identity authentication mechanism of the dynamic password.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a schematic flow chart of an electronic signature method based on dynamic passwords according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a signature system based on a dynamic password according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Example one
The embodiment of the application provides an electronic signature method based on a dynamic password, and as shown in fig. 1, the method may include the following steps:
step S101, the server receives a first electronic signature request sent by a client, wherein the first electronic signature request comprises dynamic password information and a file to be signed;
step S102, the server carries out target user identity authentication based on the dynamic password information;
step S103, when the identity authentication of the target user passes, the server sends a second signature request to a CA signature system, wherein the second signature request comprises the dynamic password information and a file to be signed; the CA mechanism signature system is used for generating an event key pair when receiving a second signature request, wherein the event key pair comprises a first private key and a first public key; the CA organization signature system is used for carrying out private key operation on a file to be signed based on the first private key to obtain an event signature value, generating an event digital certificate based on the dynamic password information, the file to be signed and the first public key, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed; the CA mechanism signature system is used for sending the target signature file to the server;
and step S104, the server receives the target signature file fed back by the CA mechanism signature system and feeds back the target signature file to the client.
The dynamic password (dynamic password) is an unpredictable random number combination generated according to a special algorithm, each password can be used only once, and the dynamic password is widely applied to the application fields of online banking, online games, telecom operators, electronic commerce, enterprises and the like. Dynamic passwords have been used by an increasing number of industries as one of the most secure authentication techniques. Because the system is convenient to use and independent of a platform, the dynamic password technology becomes the mainstream of the identity authentication technology along with the development of the mobile internet, the system is widely applied to the fields of enterprises, online games, finance and the like, more and more enterprises are engaged in the related research and development and production of dynamic passwords at home and abroad, the system has the advantages of fast and seamless interoperation with various business systems, the completely and autonomously researched and developed command dynamic password identity authentication software system is stable and efficient, supports various authentication modes, and the solution can serve enterprises of different scales.
The dynamic password information comprises a one-time dynamic password, a dynamic password serial number and time information.
Specifically, the client may be an app installed on a terminal device (e.g., a mobile phone, a PAD, a wearable device), or may be a web page version program.
The embodiment of the application provides an electronic signature method based on a dynamic password, wherein a first electronic signature request sent by a client is received through a server, and the first electronic signature request comprises dynamic password information and a file to be signed; the server carries out target user identity authentication based on the dynamic password information; when the identity authentication of the target user passes, the server sends a second signature request to a CA signature system, wherein the second signature request comprises the dynamic password information and a file to be signed; the CA mechanism signature system is used for generating an event key pair when receiving a second signature request, wherein the event key pair comprises a first private key and a first public key; the CA organization signature system is used for carrying out private key operation on a file to be signed based on the first private key to obtain an event signature value, generating an event digital certificate based on the dynamic password information, the file to be signed and the first public key, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed; the CA mechanism signature system is used for sending the target signature file to the server; and the server receives the target signature file fed back by the CA mechanism signature system and feeds back the target signature file to the client. The method solves the problem of how to realize the signature of the file to be signed based on the dynamic password, and simultaneously ensures the authenticity of the signer identity based on the identity authentication mechanism of the dynamic password.
The embodiment of the present application provides a possible implementation manner, and further, the method includes:
the first signature request comprises user-defined information, and the user-defined information is publicable user information;
the server sends the user-defined information to the CA institution signature system; the CA organization signature system is used for generating an event digital certificate based on an event signature value, a first public key, a file to be signed, dynamic password information and the user-defined information.
The user self-defined information is publicable user information, and the user self-defined information can be character information of a user or signature picture information; the user may be a natural person, a legal person, other organizations, and the like.
For the embodiment of the application, the user can define the public information in a self-defining mode, and the information which the user does not want to disclose is prevented from being leaked.
The embodiment of the present application provides a possible implementation manner, and specifically, the second signature request includes verification website information, and the verification website information is used to provide an interface for target user identity verification to a user;
and the CA organization signature system is used for generating an event digital certificate based on the event signature value, the file to be signed, the dynamic password information and the verification website information.
Specifically, the user may click the verification website, enter the corresponding address, and then input the dynamic password information to verify the authenticity of the target user identity.
For the embodiment of the application, the verification website information is used as the attribute information of the event digital certificate, and the user can verify the authenticity of the identity of the target user through the verification website information.
The embodiment of the present application provides a possible implementation manner, and further, the method further includes:
the server receives first service information of a target user sent by the client, and generates the file to be signed based on the first service information, wherein the file to be signed is a portable file format file;
the server calculates the hash value of the file to be signed based on a hash algorithm, and sends the file to be signed and the hash value of the file to be signed to the client, and the client performs integrity check based on the hash value and the file to be signed.
Specifically, the client sends the first service information of the target user to the server, and the server processes the first service information based on the received first service information to obtain the file to be signed.
For the embodiment of the application, the problem of determining the file to be signed is solved.
The embodiment of the present application provides a possible implementation manner, and further, the method further includes:
the server receives second service information of the target user sent by the client and queries a database to obtain third service information of the target user;
and generating a file to be signed based on the second service information and the third service information, wherein the file to be signed is a portable file format file.
Specifically, receiving second service information of a target user sent by the client, and querying a database to obtain third service information of the target user; and generating a file to be signed based on the second service information and the third service information, wherein the file to be signed is a portable file format file. Wherein, the portable document format file can be a file in PDF format.
For the embodiment of the application, the problem of determining the file to be signed is solved.
Example two
Fig. 2 is an electronic signature system based on a dynamic password according to an embodiment of the present application, where the electronic signature system based on a dynamic password includes: a client 201, a server 202 and a CA institution signature system 203; the method comprises the following steps:
the client 201 sends a first signing request to the server 202;
the server 202 receives a first electronic signature request sent by a client 201, wherein the first electronic signature request comprises dynamic password information and a file to be signed;
the server 202 performs target user identity authentication based on the dynamic password information;
when the identity authentication of the target user passes, the server 202 sends a second signature request to a CA signature system, wherein the second signature request comprises the dynamic password information and a file to be signed;
the CA institution signature system 203 is configured to generate an event key pair when receiving a second signature request, where the event key pair includes a first private key and a first public key; the CA organization signature system 203 is used for performing private key operation on a file to be signed based on the first private key to obtain an event signature value, generating an event digital certificate based on the dynamic password information, the file to be signed and the first public key, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed; the CA institution signature system 203 is used for sending the target signature file to the server;
the server 202 receives the target signature file fed back by the CA agency signature system 203, and feeds back the target signature file to the client.
The embodiment of the application provides an electronic signature system based on a dynamic password, wherein a server receives a first electronic signature request sent by a client, and the first electronic signature request comprises dynamic password information and a file to be signed; the server carries out target user identity authentication based on the dynamic password information; when the identity authentication of the target user passes, the server sends a second signature request to a CA signature system, wherein the second signature request comprises the dynamic password information and a file to be signed; the CA mechanism signature system is used for generating an event key pair when receiving a second signature request, wherein the event key pair comprises a first private key and a first public key; the CA organization signature system is used for carrying out private key operation on a file to be signed based on the first private key to obtain an event signature value, generating an event digital certificate based on the dynamic password information, the file to be signed and the first public key, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed; the CA mechanism signature system is used for sending the target signature file to the server; and the server receives the target signature file fed back by the CA mechanism signature system and feeds back the target signature file to the client. The method solves the problem of how to realize the signature of the file to be signed based on the dynamic password, and simultaneously ensures the authenticity of the signer identity based on the identity authentication mechanism of the dynamic password.
The electronic signature system based on dynamic password of the present embodiment can execute the electronic signature method based on dynamic password provided in the above embodiments of the present application, and the implementation principles are similar, and are not described herein again.
The embodiment of the present application provides a possible implementation manner, further, including:
the first signature request comprises user-defined information, and the user-defined information is publicable user information;
the server is used for sending the user-defined information to the CA institution signature system;
the CA organization signature system is used for generating an event digital certificate based on an event signature value, a first public key, a file to be signed, dynamic password information and the user-defined information.
The embodiment of the application provides a possible implementation manner, wherein the second signature request comprises verification website information, and the verification website information is used for providing an interface for target user identity verification for a user;
the CA organization signature system is used for generating an event digital certificate based on an event signature value, a first public key, a file to be signed, dynamic password information and the verification website information.
The embodiment of the present application provides a possible implementation manner, and the system includes:
the server is used for receiving first service information of a target user sent by the client and generating the file to be signed based on the first service information, wherein the file to be signed is a portable file format file;
the server is also used for calculating the hash value of the file to be signed based on a hash algorithm and sending the file to be signed and the hash value of the file to be signed to the client;
and the client is used for carrying out integrity check on the basis of the hash value and the file to be signed.
The embodiment of the present application provides a possible implementation manner, and the system includes:
the server is used for receiving second service information of the target user sent by the client and querying a database to obtain third service information of the target user;
the server is used for generating a file to be signed based on the second service information and the third service information, and the file to be signed is a portable file format file.
The beneficial effects of the embodiment of the present application are the same as those of the electronic signature method based on dynamic password in the first embodiment, and are not described herein again.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present application, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations should also be regarded as the protection scope of the present application.

Claims (8)

1. An electronic signature method based on dynamic password is applied to a server and comprises the following steps:
the server receives a first signature request sent by a client, wherein the first signature request comprises dynamic password information and a file to be signed;
the server carries out target user identity authentication based on the dynamic password information;
when the identity authentication of the target user passes, the server sends a second signature request to a signature system of a CA (certificate Authority), wherein the second signature request comprises the dynamic password information and a file to be signed; the CA mechanism signature system is used for generating an event key pair when receiving a second signature request, wherein the event key pair comprises a first private key and a first public key; the CA organization signature system is used for carrying out private key operation on a file to be signed based on the first private key to obtain an event signature value, generating an event digital certificate based on the dynamic password information, the file to be signed and the first public key, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed; the CA mechanism signature system is used for sending the target signature file to the server;
and the server receives the target signature file fed back by the CA mechanism signature system and feeds back the target signature file to the client.
2. The method of claim 1, characterized in that the method comprises:
the first signature request comprises user-defined information, and the user-defined information is publicable user information;
the server sends the user-defined information to the CA institution signature system; the CA organization signature system is used for generating an event digital certificate based on an event signature value, a first public key, a file to be signed, dynamic password information and the user-defined information.
3. The method according to claim 1 or 2,
the second signature request comprises verification website information, and the verification website information is used for providing an interface for verifying the identity of the target user for the user;
the CA organization signature system is used for generating an event digital certificate based on an event signature value, a first public key, a file to be signed, dynamic password information and the verification website information.
4. The method of claim 1, further comprising:
the server receives first service information of a target user sent by the client, and generates the file to be signed based on the first service information, wherein the file to be signed is a portable file format file;
the server calculates the hash value of the file to be signed based on a hash algorithm, and sends the file to be signed and the hash value of the file to be signed to the client, and the client performs integrity check based on the hash value and the file to be signed.
5. An electronic signature system based on dynamic password, wherein the electronic signature system comprises a client, a server and a CA organization signature system, and comprises:
the client sends a first signature request to the server;
the server receives a first signature request sent by a client, wherein the first signature request comprises dynamic password information and a file to be signed;
the server carries out target user identity authentication based on the dynamic password information;
when the identity authentication of the target user passes, the server sends a second signature request to a signature system of a CA (certificate Authority), wherein the second signature request comprises the dynamic password information and a file to be signed;
the CA mechanism signature system is used for generating an event key pair when receiving a second signature request, wherein the event key pair comprises a first private key and a first public key; the CA organization signature system is used for carrying out private key operation on a file to be signed based on the first private key to obtain an event signature value, generating an event digital certificate based on the dynamic password information, the file to be signed and the first public key, and obtaining a target signature file based on the event signature value, the event digital certificate and the file to be signed; the CA mechanism signature system is used for sending the target signature file to the server;
and the server receives the target signature file fed back by the CA mechanism signature system and feeds back the target signature file to the client.
6. The system of claim 5, comprising:
the first signature request comprises user-defined information, and the user-defined information is publicable user information;
the server is used for sending the user-defined information to the CA institution signature system;
the CA organization signature system is used for generating an event digital certificate based on an event signature value, a first public key, a file to be signed, dynamic password information and the user-defined information.
7. The system of claim 5, wherein the second signature request includes authentication web site information, the authentication web site information being used to provide an interface for user authentication of the target user;
and the CA organization signature system is used for generating an event digital certificate based on the event signature value, the file to be signed, the dynamic password information and the verification website information.
8. The system of claim 5, comprising:
the server is used for receiving first service information of a target user sent by the client and generating the file to be signed based on the first service information, wherein the file to be signed is a portable file format file;
the server is also used for calculating the hash value of the file to be signed based on a hash algorithm and sending the file to be signed and the hash value of the file to be signed to the client;
and the client is used for carrying out integrity check on the basis of the hash value and the file to be signed.
CN202010416073.4A 2020-05-16 2020-05-16 Electronic signature method and system based on dynamic password Active CN111641605B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010416073.4A CN111641605B (en) 2020-05-16 2020-05-16 Electronic signature method and system based on dynamic password

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010416073.4A CN111641605B (en) 2020-05-16 2020-05-16 Electronic signature method and system based on dynamic password

Publications (2)

Publication Number Publication Date
CN111641605A CN111641605A (en) 2020-09-08
CN111641605B true CN111641605B (en) 2022-04-15

Family

ID=72331976

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010416073.4A Active CN111641605B (en) 2020-05-16 2020-05-16 Electronic signature method and system based on dynamic password

Country Status (1)

Country Link
CN (1) CN111641605B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114697040A (en) * 2020-12-31 2022-07-01 科大国盾量子技术股份有限公司 Electronic signature method and system based on symmetric key
CN113139211A (en) * 2021-04-19 2021-07-20 广州腾盈信息技术有限公司 Electronic signature method and system based on dynamic password
CN113177236B (en) * 2021-05-31 2023-03-14 福建凯特信息安全技术有限公司 Signature method and system
CN115442143B (en) * 2022-09-05 2023-07-28 开普数智科技(广东)有限公司 Electronic signature method, device, equipment and readable medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101764691A (en) * 2009-12-17 2010-06-30 北京握奇数据系统有限公司 Method, equipment and system for obtaining dynamic passwords to generate keys
KR101371054B1 (en) * 2013-07-31 2014-03-07 이니텍(주) Method for digital signature and authenticating the same based on asymmetric-key generated by one-time_password and signature password
CN103841089A (en) * 2012-11-23 2014-06-04 中国移动通信集团公司 Digital signature method, system and server
CN107204854A (en) * 2017-06-30 2017-09-26 上海测吧信息技术有限公司 A kind of digital signature method based on USB TOKEN
CN108206831A (en) * 2017-12-29 2018-06-26 北京书生电子技术有限公司 Implementation method and server, the client and readable storage medium storing program for executing of E-seal
CN109614825A (en) * 2018-12-19 2019-04-12 平安国际融资租赁有限公司 Contract Signing method, apparatus, computer equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101764691A (en) * 2009-12-17 2010-06-30 北京握奇数据系统有限公司 Method, equipment and system for obtaining dynamic passwords to generate keys
CN103841089A (en) * 2012-11-23 2014-06-04 中国移动通信集团公司 Digital signature method, system and server
KR101371054B1 (en) * 2013-07-31 2014-03-07 이니텍(주) Method for digital signature and authenticating the same based on asymmetric-key generated by one-time_password and signature password
CN107204854A (en) * 2017-06-30 2017-09-26 上海测吧信息技术有限公司 A kind of digital signature method based on USB TOKEN
CN108206831A (en) * 2017-12-29 2018-06-26 北京书生电子技术有限公司 Implementation method and server, the client and readable storage medium storing program for executing of E-seal
CN109614825A (en) * 2018-12-19 2019-04-12 平安国际融资租赁有限公司 Contract Signing method, apparatus, computer equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于PKI的电子签章系统的实现;郭正荣等;《计算机科学》;20060925(第09期);全文 *

Also Published As

Publication number Publication date
CN111641605A (en) 2020-09-08

Similar Documents

Publication Publication Date Title
CN111641605B (en) Electronic signature method and system based on dynamic password
US20220058655A1 (en) Authentication system
KR101883156B1 (en) System and method for authentication, user terminal, authentication server and service server for executing the same
EP3073670B1 (en) A system and a method for personal identification and verification
EP3780543A1 (en) Blockchain cross-chain authentication method and system, and server and readable storage medium
CN111680324B (en) Credential verification method, management method and issuing method for blockchain
CN110677376B (en) Authentication method, related device and system and computer readable storage medium
EP2916484B1 (en) User Authentication using elliptic curve based OTP
US9219602B2 (en) Method and system for securely computing a base point in direct anonymous attestation
US20210036854A1 (en) Dynamic implementation and management of hash-based consent and permissioning protocols
CN106789033B (en) Electronic contract signing method based on certificateless bookmark encryption
US20070244833A1 (en) Maintaining Privacy for Transactions Performable by a User Device Having a Security Module
CN112989309B (en) Login method, authentication method and system based on multi-party authorization and computing equipment
CN111901106B (en) Method and computer readable medium for hiding true public key of user in decentralized identity system
CN112035870B (en) Method and computer readable medium for hiding specific age of user in decentralised identity system
CN112035806A (en) Method and computer readable medium for generating distributed identities based on fingerprinting in blockchains
KR102329221B1 (en) Blockchain-based user authentication model
US20170054561A1 (en) Double authenitication system for electronically signed documents
CN104657860A (en) Mobile banking security authentication method
Bhosale et al. Enhancing data security in cloud computing using 3d framework & digital signature with encryption
CN112035813A (en) Method and computer readable medium for hierarchical generation of distributed identities based on fingerprint identification in blockchains
CN111641604B (en) Signing method based on online banking certificate and signing system based on online banking certificate
JPWO2016013048A1 (en) Method and system for generating a sign code used to securely transfer money
CN114329610A (en) Block chain privacy identity protection method, device, storage medium and system
CN111539031A (en) Data integrity detection method and system for privacy protection of cloud storage tag

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant