CN1197248A - Numeral signature method - Google Patents
Numeral signature method Download PDFInfo
- Publication number
- CN1197248A CN1197248A CN96117110A CN96117110A CN1197248A CN 1197248 A CN1197248 A CN 1197248A CN 96117110 A CN96117110 A CN 96117110A CN 96117110 A CN96117110 A CN 96117110A CN 1197248 A CN1197248 A CN 1197248A
- Authority
- CN
- China
- Prior art keywords
- signature
- information
- black box
- check
- digital signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
A digital signature method features that an information sender inputs the information to be signed to signature black box, where a digital signature is created by operating the functions contained in signature algorithm program, and after digital signature has been received, the receiver calculates out the ID code and signature check code through function operation, which are used to compare and check for authentication. Its advantages include high security, quick operation and less possessed resources.
Description
The present invention relates to a kind of method of digital signature, exactly, it is a guarantee information integrality of utilizing the encrypting and authenticating technology in computer technology and the cryptography to realize, the method in confirmation source.
In daily social activities and economic interaction, signed and sealed (SS) and identification signed and sealed (SS) play an important role.Resemble banking especially as the important ring in the economic activity, just need differentiate the validity of check by the true and false of seal on the identification check.Yet, perfect day by day along with the computer carving technology, the seal seal of forging will more and more be difficult to differentiate, and along with the development of bank computer network, in order to break the region restriction, realize the service of service for corporate customers networking banking procedure where deposits and withdrawals are processed at any branch bank, also pressed for a kind of safety, differentiate the method for check validity effectively, easily.
In addition, development along with professional electronization such as finance, security, futures, in order to provide convenient, financial service timely to the client, little by little various services are extended in client's the office or family, can allow the client in its office or family, use a computer or special-purpose terminal equipment, computing machine by computer network and bank, security center, futures center links, and directly handles the picture bank transfer, transaction such as dealing security and futures--promptly realize the electrical connection transactional services.Because the electrical connection transaction is directly to handle by computer network not have traditional paper-bill, thereby can't continue to use the true and false that transaction content and client identity are distinguished in traditional signed and sealed (SS).Thus, realize digital signature is carried out in important electrical connection transaction, obviously have important and practical meanings with computing machine and cryptographic technology.
Digital signature is exactly to realize signature to a certain information with string number, desirable digital signature should have the characteristics of traditional signatures usually, suppose that information transmitter A has sent an information that has digital signature to the information receiver, then this digital signature should satisfy following three conditions:
(1) information receiver can the confirmatory message sender to the signature of information;
(2) signature that anyone who comprises the information receiver can not the spurious sender;
(3) if information transmitter is denied the signature to information, to solve bipartite dispute by arbitration;
At present, the method for realization digital signature all is to adopt the public key cryptography encryption system to realize basically.And its signature figure place of the digital signature that the public key cryptography algorithm is realized is long, with regard to present foremost RSA public key algorithm, its safe digital signature figure place more than 200 (ten system numbers), can't be used, as cashier's check is carried out digital signature at least in a lot of fields; And the operand of public key cryptography algorithm is very big, and the computer resource that takies is also quite a lot of, the digital signature that very difficult realization is cheap safely and fast.
By retrieval as can be known, also there is not a kind of new desirable digital signature to come out at present.
The objective of the invention is to design and a kind ofly can realize the safe coefficient height, the digital signature method that operation time is fast.
The present invention is achieved in that it is that a kind of information transmitter is utilized information receiver or message pick-up and sent the method for signature black box through after the initialization information being signed that mechanism that both sides trust provides.
Its signature process is:
By information receiver or message pick-up and send the mechanism that both sides trust and provide a dedicated signatures black box to information transmitter, information transmitter uses the signature black box that the information that sends to the information receiver is carried out digital signature.
Include a typical computer in the signature black box, comprise processor on the hardware, memory under program, data memory, I/O part, and by being with the intermediate result of algorithm routine, critical data and program operation process in the special technical safety measures protection; Guarantee anyone can't or in fact can't break through safety precautions and obtain or revise intermediate result in protected algorithm routine, critical data, the program operation process; comprise I/O control section, cipher key initialization part on the software, calculate the digital signature part; partly include several main functions in cipher key initialization part and calculating digital signature; unidirectional irreversible function is wherein arranged; and including extremely complicated conversion, anyone can't or in fact can't obtain function itself by input, the output of collection analysis function.
1) information transmitter is carried out initialization to the signature black box, initialization procedure is that information transmitter is made one group of identity code by oneself, import the signature black box down by I/O control in the signature black box, the function that is comprised by the cipher key initialization program part in the signature black box generates check key and identity characteristic key respectively, and be stored in the data memory of signature black box always, unless carry out initialization next time again, only check key is wherein sent the signature black box by I/O control simultaneously, locate registration by the approach of maintaining secrecy the information receiver, identity code that information transmitter is made by oneself and identity characteristic key are not located registration the information receiver, after the initialization, the signature black box just can be used for information is produced signature;
2) information transmitter utilization signature black box produces digital signature to the information that sends to the information receiver, information transmitter input information under the I/O control in the signature black box, the signature black box fall into a trap count word signature following of programmed control input information and be stored in identity characteristic key in the black box data memory of signing, by an one-way function, obtain identity feature code, again information, be stored in the check key in the signature black box, identity feature code is by another one-way function, calculate the signature check sign indicating number, at last identity feature code, the signature check sign indicating number is calculated digital signature as the input parameter of an invertible function.
The information and the signature that have the digital signature check system of a correspondence that information transmitter is sent here at the information receiver place carry out verification.
Information receiver's digital signature check system is a typical computer, the data file or the database of the check key that produces when on software, comprising the digital signature checking routine and preserving its signature black box of information transmitter initialization, the function F 3, F4, the F5 that include in the digital signature checking routine in the signature black box of function and information transmitter are identical, and checking procedure is as follows after the information receiver receives information that information transmitter is sent here and digital signature:
1) under the control of digital signature checking routine,, releases identity feature code, signature check sign indicating number by digital signature by invertible function;
2),, obtain the value of checking of signature check sign indicating number as the input parameter of one-way function the identity feature code of releasing, the information of sending here and from data file or database, extract the check key of corresponding this information transmitter registration;
3) whether the signature check sign indicating number of relatively releasing in the value of checking of signature check sign indicating number and the first step equates, if equal in the value of checking of signature check sign indicating number, then the information receiver can think that information is to be sent and information is not distorted by information transmitter.
Utilize digital signature that the technology of the present invention realizes and utilize public key cryptography encryption system system to compare, have:
(1) safe, because the present invention generates the important parameter of digital signature--identity feature code and check code key only are stored in the signature black box, as the signature black box that just must the acquired information sender uses of the signature of wanting to forge certain information transmitter, and can break through the signature black box safety precautions, it is safe thus;
(2) because its algorithm of public key cryptography encryption system system is disclosed, the key that different are to use, in case thereby this cryptographic algorithm is decrypted, then all users' safety all will be on the hazard, and the algorithm flow that comprises in the signature black box that each user of the present invention uses can be different, even certain user's signature black box is broken, algorithm flow is decrypted, and also can not influence other user's safety;
(3) because the algorithm flow that relates among the present invention can use the conventional cipher cryptographic algorithm to realize, compare with the public key cryptography algorithm, its arithmetic speed will improve several orders of magnitude; And the digital signature figure place of utilizing the present invention to generate can be set under the short figure place according to actual needs, and good security is arranged equally, and its shared system resource is much less also.
In a word, what the invention provides a kind of novelty can realize that safe coefficient height, operation time are fast, take the few digital signature generation method of resource, and it can be widely used in the systems such as bank, security, futures.
The invention will be further described below with reference to accompanying drawing:
Fig. 1 uses the workflow synoptic diagram of signature black box for information transmitter among the present invention
The synoptic diagram of the workflow that Fig. 2 authenticates digital signature for information receiver among the present invention
As can be known from Fig. 1, receive and send the machine that both sides trust by information receiver or information Structure provides the signature black box of special use to information transmitter A, and information transmitter A is to the signature black box Son initializes, and initialization procedure is made one group of identity code SA by oneself for information transmitter A, letter Breath sender A obtains check key to identity code SA input signature black box by function F 1 KXA only passes to the information receiver to check key KXA by hidden passageway and locates to preserve, and guarantees There is not the third party to know check key KXA, and the check key that is generated by function F 1, F2 KXA, identity characteristic key K TA also are kept in the signature black box simultaneously.
Suppose information transmitter A send signed name information M to the information receiver, produce so The process of digital signature is: by the signature algorithm programme-control of signature in the black box information M And the inner identity characteristic key K TA that preserves, generate identity feature code T through function F 3, Again information M, identity feature code T, the inner check key KXA that preserves, through function F 4 generate signature check code H, at last identity feature code T and signature check code H process function F5 generating digital signature Q, and send the signature black box and finish digital signature.
As can be known from Fig. 2: the information receiver receives after information M and the corresponding digital signature Q, Under the control of its digital signature check system, by function F 5 digital signature Q is restored Identity feature code T and signature check code H, the school of registration when initializing according to information transmitter A Test key K XA, and the identity feature code T that has just produced, information M is by one-way function F4 Calculate again the signature check code value of checking H ', compare then signature check code H and signature check code The value of the value of checking H ' can be distinguished the correctness of signature check code H, thus identifying information M The true and false, judge whether information M is tampered.
Because one in function F 4, F5 and the signature black box in the digital signature check system Sample is if the function F 4 therefore in the digital signature check system, the input parameter of F5---check key KXA, information M, identity feature code T and label at information transmitter A That imports when function F 4, F5 computing in the name black box is inconsistent, then signature check code H with H ' is with inconsistent for the signature check code value of checking.
Owing to only have the information receiver that the check key KXA of registration client A is arranged, as long as judge the school Test the correctness of yard H, the authenticity that the information receiver just can identifying information M, this satisfies number First condition of word signature.
Because the check key KXA that has also only registered information transmitter at the information receiver place, Do not have register information identity of the sender feature key KTA, thereby the information receiver can't forge Go out identity feature code T, again because identity feature code T participates in the computing of signature check code H, because of And also can't puppet produce signature check code H, thereby can't spurious information sender A to information M Digital signature, this satisfies second condition of digital signature.
Because the information receiver can't learn information transmitter A identity characteristic key K TA, thereby Can't forge digital signature, and information transmitter A is because it is to use the signature black box to calculate number Word signature, identity characteristic key K TA are to be kept in the signature black box, and information transmitter can't Obtain also can't to change, and calculate digital signature procedure also in the signature black box, middle junction Fruit and whole computational process can't change, thereby, the digital signature information sender who produces like this A can't deny, if disputable, then by information transmitter A provide identity code SA to The arbitrator differentiates. The arbitrator utilizes function F 1 and locates register information the information receiver and send out The check key KXA of the person of sending A comes the correctness of identity verification code SA, pushes away by function F 2 Go out identity feature key KTA, by information M, identity characteristic key K TA, function F 3 is released The identity feature code value of checking T ' utilizes digital signature Q, by function F 5, releases identity Condition code T judges whether identity feature code T is the identity feature code value of checking T ', if body Part condition code T equates that with the identity feature code value of checking T ' then digital signature Q is that information sends Person A is to the signature of information M.
If information transmitter A denies the signature Q to information M, then the arbitrator differentiates that by above method detailed process is as follows:
(1) require information transmitter A that identity code SA is provided;
Check key KXA and the function F 1 identity verification code of (2) being registered by the information receiver The correctness of SA;
(3) release identity characteristic key K TA by function F 2;
(4) by information M, identity characteristic key K TA, function F 3 is released identity feature code The value of checking T ';
(5) by digital signature Q, function F 5 is released identity feature code T;
(6) judge whether identity feature code T equates with the identity feature code value of checking T ';
If identity feature code T equates with the identity feature code value of checking T ', digital signature Q then That information transmitter A is to the signature of information M. This satisfies the 3rd condition of digital signature.
The digital signature method that utilizes the present invention to realize, the F2 function can omit, and makes the identity spy Levy key K TA and equal identity code SA.
Embodiment:
Below with reference to the use of the present invention in bank's service for corporate customers, introduce concrete digital signature using method, here bank is as the information receiver, and the client of bank's service for corporate customers is as information transmitter.
(1) offered special-purpose machines and tools that are used for digital signature of client A--" payment cipher " of each service for corporate customers by bank, it mainly comprises keyboard, display device, secret single-chip microcomputer or special-purpose IC-card.Wherein secret single-chip microcomputer or special-purpose IC-card are exactly the foregoing signature black box of the present invention, and it is made up of several sections such as microprocessor, memory under program, data memories.Owing to be used for adopting on the signature black box integrated circuit (IC) chip manufacture craft of digital signature special physical security safeguard measure, the outside pole difficulty cracks and revises the algorithm routine in secret single-chip microcomputer or the special-purpose IC-card, the result in algorithm parameter and the computing.Keyboard, display device etc. are input, the output of assisting to realize the signature black box.The function F 1, F2, F3, F4, F5 and the whole flow process control program that in the memory under program of signature black box, comprise above-mentioned digital signature method.Storage check key KXA in data memory, some intermediate results in identity characteristic key K TA scheduling algorithm parameter and the computing.
It can be that corresponding each client A is inequality that bank offers F1, F2, F3, F4, F5, these five functions that the signature black box in the payment cipher that each client uses comprises.Just in case the signature black box in the payment cipher of a certain client A is broken, also can not influence other client's safety like this.
(2) after client A takes payment cipher for the first time, at first set its identity code SA, the input payment cipher, calculate check key KXA by the signature black box in the payment cipher by function F 1, function F 2 is calculated identity characteristic key K TA, be stored in the signature black box in the payment cipher, in the IC-card internal data memory of promptly secret single-chip microcomputer or special use.
(3) link to each other with the banking main frame by the communication interface of maintaining secrecy, check key KXA is delivered to bank register, after registration was good, the client can carry out digital signature to various checks.
When (4) client A writes a check, after filling in the check key element, use payment cipher, according to prompting, the check information M key element of importing check one by one comprises (account number, the amount of money, date, cheque number etc.), according to algorithm flow, function F 3, F4, F5, identity characteristic key K TA, check key KXA calculate the digital signature Q of this check and fill on the check by payment cipher.
(5) after check was received by bank, the digital signature syndrome system that check information and digital signature are delivered in the banking main frame carried out verification, released identity feature code T, signature check sign indicating number H by function F 5.Identity feature code T and the check key KXA that registers in advance according to the check information M that fills on the check and this client A utilize function F 4 to calculate the signature check sign indicating number value of checking H ', with the validity of signature check sign indicating number H contrast judgement check.
(6) client A is if deny, and whether arbitration body can correctly differentiate by verification identity feature code T.
Because bank does not need to calculate the payment cipher on the check in advance, so bank cashier do not know yet, and payment cipher is just to be produced when drawing a cheque by client A oneself, also do not need to preserve payment cipher, both increase security, alleviated the burden of client A preservation code book again.Simultaneously, adopt the payment cipher mode, can make factors such as the date of issuance, account number, the amount of money, date, cheque number participate in computing, thereby can guarantee the fund security of client A effectively.
Claims (2)
1. digital signature method, it is characterized in that: by information receiver or message pick-up and send the mechanism that both sides trust and provide a dedicated signatures black box to information transmitter A, information transmitter A uses the signature black box that the information that sends to the information receiver is carried out digital signature, and its signature process is:
1) information transmitter A carries out initialization to the signature black box, initialization procedure is made one group of identity code SA by oneself for information transmitter A, input signature black box under the I/O control in the signature black box, the function F 1 that in the signature black box, comprises by the cipher key initialization program part, F2 generates check key KXA and identity characteristic key K TA respectively, and be stored in the data memory of signature black box always, only wherein check key KXA is sent the signature black box by I/O control simultaneously, locate registration by the approach of maintaining secrecy the information receiver, identity code SA that information transmitter A makes by oneself and identity characteristic key K TA do not locate registration the information receiver, after the initialization, the signature black box just can be used for information is produced signature;
So-called signature black box is meant and includes a typical computer, comprise processor, memory under program, data memory, I/O part on the hardware, and the intermediate result by band algorithm routine, critical data and program operation process in the special technical safety measures protection, guarantee that anyone can't or in fact can't break through safety precautions and obtain or revise intermediate result in protected algorithm routine, critical data, the program operation process; Comprise I/O control section, cipher key initialization part on the software, calculate the digital signature part, partly include main function F 1, F2 in cipher key initialization, calculate digital signature and partly include several main function F 3, F4, F5, wherein F1, F3, F4 are unidirectional irreversible function, and having extremely complicated conversion, anyone can't or in fact can't obtain function F 1, F3, F4 itself by input, the output of these functions of collection analysis;
2) information transmitter A utilizes the signature black box that the information M that sends to the information receiver is produced digital signature Q, information transmitter A input information M under the I/O control in the signature black box, the signature black box fall into a trap count word signature following input information M of programmed control and be stored in identity characteristic key K TA in the black box data memory of signing, input parameter as one-way function F3, calculate identity feature code T, again information M, be stored in the check key KXA in the signature black box, identity feature code T is as the input parameter of function F 4, calculate signature check sign indicating number H, at last identity feature code T, check code H calculates digital signature Q as the input parameter of invertible function F5.
2, a kind of digital signature method according to claim 1 is characterized in that the F2 function can omit, and makes identity characteristic key K TA equal identity code SA.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN96117110A CN1197248A (en) | 1996-09-25 | 1996-09-25 | Numeral signature method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN96117110A CN1197248A (en) | 1996-09-25 | 1996-09-25 | Numeral signature method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1197248A true CN1197248A (en) | 1998-10-28 |
Family
ID=5124047
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN96117110A Pending CN1197248A (en) | 1996-09-25 | 1996-09-25 | Numeral signature method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1197248A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1099780C (en) * | 1999-12-10 | 2003-01-22 | 北京深思洛克数据保护中心 | Key transmission and digital signature method |
| CN100363856C (en) * | 2003-02-04 | 2008-01-23 | 伊斯曼柯达公司 | Preservations system for digitally created and digitally signed documents |
| CN1689269B (en) * | 2002-09-26 | 2010-04-28 | 国际商业机器公司 | System and method for guaranteeing software integrity |
| CN101562524B (en) * | 2009-05-31 | 2011-08-03 | 河海大学 | Digital signature method based on identity |
| CN101661636B (en) * | 2008-08-27 | 2011-10-19 | 深圳市络道科技有限公司 | Digital postage black box and method for processing digital postage thereof |
| CN101697190B (en) * | 2009-10-23 | 2012-10-17 | 北京派瑞根科技开发有限公司 | Electronic signature for signing on electronic paper |
| CN107332669A (en) * | 2017-06-07 | 2017-11-07 | 燕山大学 | A kind of fast digital signature method of courier packages |
| CN111401672A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Block chain based validity checking method, equipment and system |
-
1996
- 1996-09-25 CN CN96117110A patent/CN1197248A/en active Pending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1099780C (en) * | 1999-12-10 | 2003-01-22 | 北京深思洛克数据保护中心 | Key transmission and digital signature method |
| CN1689269B (en) * | 2002-09-26 | 2010-04-28 | 国际商业机器公司 | System and method for guaranteeing software integrity |
| CN100363856C (en) * | 2003-02-04 | 2008-01-23 | 伊斯曼柯达公司 | Preservations system for digitally created and digitally signed documents |
| CN101661636B (en) * | 2008-08-27 | 2011-10-19 | 深圳市络道科技有限公司 | Digital postage black box and method for processing digital postage thereof |
| CN101562524B (en) * | 2009-05-31 | 2011-08-03 | 河海大学 | Digital signature method based on identity |
| CN101697190B (en) * | 2009-10-23 | 2012-10-17 | 北京派瑞根科技开发有限公司 | Electronic signature for signing on electronic paper |
| CN107332669A (en) * | 2017-06-07 | 2017-11-07 | 燕山大学 | A kind of fast digital signature method of courier packages |
| CN111401672A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Block chain based validity checking method, equipment and system |
| CN111401672B (en) * | 2019-01-02 | 2023-11-28 | 中国移动通信有限公司研究院 | Block chain-based validity verification method, device and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Poelstra et al. | Confidential assets | |
| US6081610A (en) | System and method for verifying signatures on documents | |
| KR100486062B1 (en) | Biometric certificates | |
| US6237096B1 (en) | System and method for electronic transmission storage and retrieval of authenticated documents | |
| US5748738A (en) | System and method for electronic transmission, storage and retrieval of authenticated documents | |
| DE60021183T2 (en) | HIGH-SECURITY BIOMETRIC AUTHENTICATION BY PRIVATE AND PUBLIC KEY PAIRS | |
| US20030101348A1 (en) | Method and system for determining confidence in a digital transaction | |
| US7526653B1 (en) | Method of data protection | |
| JPH11502331A (en) | Multipurpose transaction card system | |
| US10395053B2 (en) | Method for inhibiting mass credential theft | |
| CN105052072A (en) | Remote authentication and transaction signatures | |
| CA2361405A1 (en) | Tokenless biometric atm access system | |
| CN1614924A (en) | Identity certifying system based on intelligent card and dynamic coding | |
| CN110503434A (en) | Data verification method, device, equipment and storage medium based on hash algorithm | |
| CN108805574B (en) | Transaction method and system based on privacy protection | |
| CN101409622B (en) | Digital signing system and method | |
| CN1197248A (en) | Numeral signature method | |
| Smid et al. | Response to comments on the NIST proposed Digital Signature Standard | |
| Jueneman et al. | Biometrics and digital signatures in electronic commerce | |
| Ishengoma | NFC-Blockchain Based COVID-19 Immunity Certificate: Proposed System and Emerging Issues. | |
| CN111553791A (en) | Digital cash object currency, method, system, device and storage medium for generating same | |
| CN113657893B (en) | Digital wallet payment encryption and decryption method and digital wallet | |
| Gerdes Jr et al. | Incorporating biometrics into veiled certificates: preventing unauthorized use of anonymous certificates | |
| CN115374422B (en) | Anti-disclosure electronic signature verification method based on block chain | |
| CN106056378A (en) | Anti-fake method and system of electronic payment terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |