CN1389786A - Digital signal system based on public cipher key algorithm - Google Patents
Digital signal system based on public cipher key algorithm Download PDFInfo
- Publication number
- CN1389786A CN1389786A CN 02125320 CN02125320A CN1389786A CN 1389786 A CN1389786 A CN 1389786A CN 02125320 CN02125320 CN 02125320 CN 02125320 A CN02125320 A CN 02125320A CN 1389786 A CN1389786 A CN 1389786A
- Authority
- CN
- China
- Prior art keywords
- digital
- key
- digital sealing
- public
- counterfeiting object
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
A computer secure and coding theory adopts common used public privacy lock and secrete code system and operation to generate a pair of private and public privacy keys in which the private key is kept by a special person and the public one is stored in WEB server to enter motif information of anti-fake object into WEB database. Digital seal is based on digital fingerprint and private privacy key on an independent computer and printed on anti-fake object. The user presents numbers and digital seal of anti-fake object. WEB server calculates verification value according to the digital fingerprint, digital seal and public privacy key and reports the result, used in educational background certificates, passports identify cards etc anti-fake and vertification.
Description
1, affiliated technical field
Computer information security and coding theory.
2, prior art
Having only similar techniques---digital signature technology is used for the discriminating of virtual network world addresser identity and the affirmation of the information content, at present, still is not used in the digital sealing system of aspects such as certificate false proof in the real world, bill anti-counterfeit and official document be false proof.
Online certificate verification system, electronic seal management system or product digital anti-counterfeiting system that the digital sealing system is different from that some tissues, mechanism or enterprise using, detailed content sees also the 5th joint.
3, Fa Ming purpose
Be used for the false proof of article made of paper such as certificate, bill and official document or other article and confirm.
Reach hereinafter in declaration material, needing false proof paper article or other article be referred to as anti-counterfeiting object.
Digital sealing is meant that get by mathematical method, relevant with anti-counterfeiting object providing gear and anti-counterfeiting object content a string condition code of being made up of character.
Digital finger-print is meant the summary output that forms after any file in the computing machine or data are by the one-way hash function computing.
Digital sealing is based on digital finger-print (being similar to somatic fingerprint), have the advantages that to forge, can not palm off and can not repeat, can replace traditional manual signature, individual seal or unit official seal, also can replace traditional physics or optical anti-counterfeiting method, can be used for the false proof of academic certificate, passport, I.D., employee's card, property ownership certificate, bank note, check, invoice, admission ticket, official document and other article and discriminating, not only have innovative value, and have practical value.4, content
The digital sealing system mainly is meant the computer application software section, but it must move by means of Internet network, computer hardware and system software.4.1 the composition of application software
The digital sealing application software adopts server/browser (Server/Browse) architecture, comprises 4 functional modules:
(1) key generates and administration module;
(2) subject information typing and editor module, subject information are meant the information content that notable feature is arranged that is printed onto on the anti-counterfeiting object, and the subject information of each anti-counterfeiting object is not exclusively the same;
(3) digital sealing generates and output module;
(4) digital sealing inquiry and authentication module.
Each module is made up of database file, program and webpage.4.2 key generates and administration module
This module runs on the high level platform independent computing machine, does not network, and its function and implementation method are:
(1) adopt general public-key cryptosystem and algorithm to produce a private cipher key and a public-key cryptography;
(2) private cipher key leaves on floppy disk or the IC-card, by special messenger's keeping, must not divulge a secret, and is used to generate digital sealing;
(3) public-key cryptography should leave on the WEB server, is used to verify digital sealing;
(4) backup keys is right, right distribution and the operating position of record key, the authority of distributing relevant operating personnel.
Notice that a tissue can only have a unified key to generate and administrative authority, but each department or subordinate unit can there be oneself private cipher key and public-key cryptography.4.3 subject information typing and editor module
This module resides on WWW (WEB) server, and by browser access, its function and implementation method are:
(1) adopt general data base management system (DBMS) (DBMS) to design the database structure of anti-counterfeiting object, database file leaves on the WEB server, can be from the browser dynamic access;
(2) from the subject information of browser typing anti-counterfeiting object, wherein, comprise a unduplicated numbering, the corresponding data-base recording of each subject information;
(3) allow authorized user that subject information is made amendment or deletion action.4.4 digital sealing generates and output module
This module runs on same rank or the low-level stand-alone computer, does not network, and its function and implementation method are:
(1) copies the database file of anti-counterfeiting object to this TV station computing machine from the WEB server;
(2) obtain digital finger-print according to one-way hash function (HASH function) corresponding to certain anti-counterfeiting object record;
(3) according to the digital sealing of digital finger-print, private cipher key and an anti-counterfeiting object of Digital Signature Algorithm generation, digital sealing can leave on the stand-alone computer, but can not leave on the WEB server;
(4) output and printing digital sealing are on anti-counterfeiting object, and the digital sealing on paper or the front cover can directly be the form of character, also can be the form of bar code, can also be other form of conveniently depositing and reading.4.5 digital sealing inquiry and authentication module
This module resides on the WEB server, and by browser access, its function and implementation method are:
(1) user is by the website of browser access tissue or unit, and enters into corresponding query page;
(2) user imports and submits to the numbering and the digital sealing of certain anti-counterfeiting object;
(3) the WEB server finds corresponding record according to numbering from database, and recorded content is turned back to browser, simultaneously, obtains the digital finger-print of this record according to the HASH function;
(4) the WEB server is according to digital finger-print, digital sealing, public-key cryptography and authentication algorithm computation validation value, if validation value satisfies certain established condition, illustrate that then anti-counterfeiting object is real, otherwise, illustrate that it forges, and tell the user conclusion by browser.5, advantage and good effect
At present, spurious certificate, fictitious bill, false official document overflow, havoc social justice and just.Though to the false proof attention that causes people already of certificate, bill and official document,, existing anti-counterfeiting technology and method can be utilized by the fake producer, are difficult to reach real false proof purpose.And the digital sealing system adopts complicated coding theory and technology, based on the digital finger-print of certificate, bill or official document etc., can play real false proof effect.5.1 have the advantage that to forge, can not palm off, can not repeat
The digital sealing system is core with the Digital Signature Algorithm, and Digital Signature Algorithm has two keys, and one privately owned, one open, and can not extrapolate private cipher key from public-key cryptography, therefore, this characteristic has guaranteed can not forging and can not palming off of digital sealing.
Hash function has guaranteed that the digital finger-print of anti-counterfeiting object record is unique, as long as subject information is slightly different, digital finger-print will be different.The big integer of 128 bit range has guaranteed that the every pair of key that generates is not the same.Therefore, hash function and big integer have guaranteed that each digital sealing can not repeat, but closely bound up with anti-counterfeiting object providing gear and anti-counterfeiting object content.
Private cipher key is only appeared on the stand-alone computer of not networking by special messenger's keeping, and therefore, any not authorized people can't obtain private cipher key, and this point has guaranteed that digital sealing is safe, reliable and can not steals.5.2 false proof technology and method can disclose
Even all open the anti-counterfeiting technology of digital sealing system and method, as long as private cipher key is underground, system still can keep real false proof effect.5.3 be not physics or method of optics but mathematical method
At present, check, bank note, invoice, diploma, employee's card passport, etc. false proof physics or the method for optics (watermark, steel seal, mimeograph, tinsel, holographic shadow etc.) of just adopting, but, these methods can both be copied or be palmed off under existence conditions, can not play real false proof effect.And the digital sealing system adopts the method for mathematics, and is next false proof according to the digital finger-print relevant with object providing gear and content, is the fundamental change on the technology and method.5.4 be not that simple data compare
End of the year calendar year 2001, the Ministry of Education has opened online academic certificate verification system, but, 11 days have only been spent, media report is just arranged: the Fake Diplomas dealer can be input to information such as the numbering of spurious certificate, name, date of birth, sex in the system, thereby makes the authentication web system can not discern Fake Diplomas.At this defective, the Ministry of Education represents: will take measures, and prepare student's photograph also is input in the system, to improve the difficulty of faking.But Fake Diplomas the dealer declare again, and they also can move spurious certificate holder's photograph in the system to, makes Verification System can not discern Fake Diplomas equally.
In fact, it is text message or graphical information that the key of problem does not lie in data, and is to differentiate to be to adopt which type of technology.Present academic certificate authentication web system adopts the technology of data comparison to distinguish true from false, i.e. the technology of paper card.Present academic certificate authentication web system adopts the technology of data comparison to distinguish true from false, promptly the paper certificate information can inquire on the net, whether consistent, obviously, this method is insecure.Difference mutually therewith, the digital sealing system adopts data technology relatively, but adopts digital signature technology to distinguish true from false.5.5 be not digital anti-counterfeiting technology intuitively
Some enterprises have been used in numeral the false proof aspect of product, promptly stamp a string random numeral and covering in the external packing of product, after client has bought product, scrape off coverture and numeric string is input to enterprise to discern the false from the genuine by phone.But these numeric strings can not repeat input validation (if repeated authentication can tell that then your product may be false), and do not have positive connection between numeric string and manufacturing enterprise and the product information.So this is the primary stage of digital anti-counterfeiting, essential difference is arranged with the digital sealing system.5.6 be not the electronization of seal
For supervision and the service efficiency that improves official seal, at present, some tissues are using the software of a kind of being called " control of stamping system ", a distinguishing feature of this system is the graph scanning of physics official seal to be stored in the computing machine become electronic seal, shares for a plurality of departments or employee by network and uses.At first necessary key feeding cipher or input somatic fingerprint when the employee uses electronic seal, system just outputs to electronic seal on the paper by the transfer printing device after having only the identity of confirming the employee.Because electronic seal is printed onto on the paper from the transfer printing device, so trace is even, compared with the physics official seal better anti-fake effect is arranged, still, this anti-fake effect remains limited.So " E-seal " is two different notions with " digital sealing ", and different emphasis is arranged, nature, anti-fake effect also cannot be mentioned in the same breath.
6, implementation
The digital sealing system realizes by computer network (Internet), computer hardware, computer software, Digital Signature Algorithm and one-way hash function.
Digital Signature Algorithm can adopt more general RSA, ECC and DSA algorithm at present, also can adopt REESSE (new key element) algorithm, and one-way hash function can adopt MD2, MD5 and SHA scheduling algorithm.
The digital sealing system adopts the Server/Browse structure, comprise 4 modules such as key generation and management, subject information typing and editor, digital sealing generation and output, digital sealing inquiry and checking, each module is made up of database file, webpage and program.
The WEB server side operation system of digital sealing system can be Windows NT or Unix series, browser end operating system can be Windows 98/2000, data base management system (DBMS) can MS SQL Server or OracleDBMS, the making of webpage can be adopted ASP (the dynamic Service page) and ADO (active data object) technology, and the establishment of program can be adopted language such as C++, Java, VBScript.Illustrate the digital sealing system below
In this example, we will adopt rsa cryptosystem system and Digital Signature Algorithm thereof, and structure HASH function is as follows:
H
0=101100111100 (binary numbers)
H
i=(H
I-1(10) T
i)
2Mod M (i=1,2 ..., k-1, k)
Wherein, (ten) represent binary XOR, T
iThe expression block length is 12 quilt label binary block, and k equals the binary digit sum of the information of being signed divided by 12, and M represents modulus.
This HASH function only is used for saying something, and the HASH function in the practical application is than this HASH function complexity.(1) key generates and management
Suppose that the digital sealing system is used for the false proof of Peking University's diploma, the generation of key is responsible for by academic degrees committee of Beijing University with management.Adopt RSA public-key cryptosystem and algorithm.
Choose p=47, q=71, M=pq=3337 then, φ (M)=(p-1) (q-1)=46
*70=3220
Picked at random e=79 satisfies gcd (e, φ (n))=1
Utilize the expansion Euclidean algorithm to try to achieve: d=e
-1Mod 3220=1019
P, q, φ (M) maintain secrecy and abandon, so that (d M) as private cipher key, leaves on floppy disk or the IC-card, is issued to each institute or is by the special messenger of department keeping, must not divulge a secret, so that (e M) as public-key cryptography, leaves on the WEB server of Beijing University.In addition, should leave the right backup of key on academic degrees committee's stand-alone computer.(2) subject information typing and editor
If the subject information of certain certificate is:
Numbering: 0123
Name: Li Xu
Date of birth: 1980/02/03
Previous graduate college: Peking University
Specialty: the Computer that learns
Degree: Bachelor (actual certificate information is more than foregoing, especially, identification card number be arranged)
From department's browser above-mentioned information is entered into the WEB data in server storehouse, and supposes that they store with ASCII character, then their binary mode is (disregarding separator):
00110000?00110001?00110010?00110011
01001100?01101001?01011000?01110101
00110001?00111001?00111000?00110000?00110000?00110010?00110000?00110011
01010000?01100101?01101011?01101001?01101110?01100111?01010101?01101110
01101001?01110110?01100101?01110010?01110011?01101001?01110100?01111001
01000011?01101111?01101101?01110000?01110101?01110100?01100101?01110010
01000010?01100001?01100011?01101000?01100101?01101100?01101111?01110010
A record in each subject information correspondence database can be transferred on the browser after the typing and edit.(3) digital sealing generates and output
From on the WEB server the Relational database document copying to department's stand-alone computer.
Below, the HASH function output (digital finger-print) of calculating 0123 Li Xu, 1980/02/03 this record of Peking University Computer Bachelor.
On stand-alone computer, generate the digital sealing of this certificate according to digital finger-print, private cipher key and Digital Signature Algorithm.
S=(H
32)
d?mod?M=18
1019mod?3337=2168
2168 promptly is the digital sealing of certificate (0123 Li Xu, 1980/02/03 Peking University Computer Bachelor), it is exported from stand-alone computer, and be printed onto on the physics certificate.It can not be placed on the WEB server.(4) digital sealing inquiry and checking
At first, desire is differentiated the user of the certificate true and false from browser access Peking University website, and enters corresponding query page.Then, input and submission certificate number 0123 and digital sealing 2168.
The WEB server finds corresponding certificate record according to numbering from database, and recorded content (0123 Li Xu1980/02/03 Peking University Computer Bachelor) come out by browser display, simultaneously, calculate the HASH function output (digital finger-print) of this record.According to (3), we know: H
32=0018=000000010010.
The WEB server is according to digital finger-print, digital sealing, public-key cryptography and authentication algorithm computation validation value:
V=(S)
emod?M=2168
79mod?3337=18
So, V=H is arranged
32=18, this illustrates that this certificate is presented to Li Xu classmate by Peking University really, is real.This conclusion returns to the user by browser.
Finish for example.
Claims (5)
1, based on the digital sealing application software of public key algorithm, it comprises 4 functional modules, and each module is made up of database file, program and webpage; It is characterized in that adopting the server/browser architecture, utilize HASH function and Digital Signature Algorithm to realize effectively false proof to certificate, bill and official document etc.; Wherein, key generates with administration module and mainly is responsible for calculating a pair of private cipher key and public-key cryptography; Subject information typing and editor module mainly are responsible for the subject information of input anti-counterfeiting object in the WEB database; Digital sealing generates the digital sealing of mainly being responsible for calculating anti-counterfeiting object with output module; Digital sealing inquiry and authentication module are responsible for mainly differentiating that the anti-counterfeiting object that is printed on digital sealing is very or vacation.
2, described key generation mainly is responsible for calculating a pair of private cipher key and public-key cryptography with administration module according to claim 1, and it is characterized in that: (1) this module runs on the high level platform independent computing machine, does not network; (2) produce a private cipher key and a public-key cryptography with general public-key cryptosystem and algorithm; (3) private cipher key leaves on floppy disk or the IC-card, by special messenger's keeping, must not divulge a secret, and is used to generate digital sealing; (4) public-key cryptography should leave on the WEB server, is used to verify digital sealing; (5) backup keys is right, right distribution and the operating position of record key, the authority of distributing relevant operating personnel.
3, the subject information of mainly being responsible for the input anti-counterfeiting object according to the described subject information typing of claim 1 and editor module is in the WEB database, and it is characterized in that: (1) this module resides on the WEB server, passes through browser access; (2) adopt general data base management system (DBMS) to design the database structure of anti-counterfeiting object, database file leaves on the WEB server, can be from the browser dynamic access; (3) from the subject information of browser typing anti-counterfeiting object, wherein, comprise a unduplicated numbering, the corresponding data-base recording of each subject information; (4) allow authorized user that subject information is made amendment or deletion action.
4, generate the digital sealing of mainly being responsible for calculating anti-counterfeiting object with output module according to the described digital sealing of claim 1, it is characterized in that: (1) this module runs on same rank or the low-level stand-alone computer, does not network; (2) copy the database file of anti-counterfeiting object to this TV station computing machine from the WEB server; (3) obtain digital finger-print according to the HASH function corresponding to certain anti-counterfeiting object record; (4) according to the digital sealing of digital finger-print, private cipher key and an anti-counterfeiting object of Digital Signature Algorithm generation, digital sealing can leave on the stand-alone computer, but can not leave on the WEB server; (5) output and printing digital sealing are on anti-counterfeiting object, and the digital sealing on paper or the front cover can directly be the form of character, also can be the form of bar code, can also be other form of conveniently depositing and reading.
5, be responsible for mainly differentiating that according to inquiry of the described digital sealing of claim 1 and authentication module the anti-counterfeiting object that is printed on digital sealing is very or vacation, it is characterized in that: (1) this module resides on the WEB server, passes through browser access; (2) user is by the website of browser access tissue or unit, and enters into corresponding query page; (3) user imports and submits to the numbering and the digital sealing of certain anti-counterfeiting object; (4) the WEB server finds corresponding record according to numbering from database, and recorded content is turned back to browser, simultaneously, obtains the digital finger-print of this record according to the HASH function; (5) the WEB server is according to digital finger-print, digital sealing, public-key cryptography and authentication algorithm computation validation value, if validation value satisfies certain established condition, illustrate that then anti-counterfeiting object is real, otherwise, illustrate that it forges, and tell the user conclusion by browser.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02125320 CN1389786A (en) | 2002-07-24 | 2002-07-24 | Digital signal system based on public cipher key algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02125320 CN1389786A (en) | 2002-07-24 | 2002-07-24 | Digital signal system based on public cipher key algorithm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1389786A true CN1389786A (en) | 2003-01-08 |
Family
ID=4745524
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02125320 Pending CN1389786A (en) | 2002-07-24 | 2002-07-24 | Digital signal system based on public cipher key algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1389786A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1324836C (en) * | 2003-12-17 | 2007-07-04 | 上海市高级人民法院 | Method of applying timestamp in remote signature system |
| CN101859359A (en) * | 2009-04-08 | 2010-10-13 | 黄金富 | Secret treatment method and software for dividing file contents in to two parts, and decryption reader |
| CN101329750B (en) * | 2008-07-24 | 2011-08-24 | 武汉理工大学 | Method for generating and verifying anti-false stamp with file content protection function |
| US8091015B2 (en) | 2004-07-20 | 2012-01-03 | Fujitsu Limited | Digital document management system, digital document management method, and digital document management program |
| CN1949308B (en) * | 2005-10-11 | 2012-07-25 | 株式会社日立制作所 | Signature log storing apparatus |
| CN103383793A (en) * | 2012-05-02 | 2013-11-06 | 深圳长城开发科技股份有限公司 | Method and system for achieving invoice identification with browser |
| CN104601600B (en) * | 2015-02-17 | 2019-04-23 | 苏盛辉 | Rogue program preventing control method based on asymmetric identity |
-
2002
- 2002-07-24 CN CN 02125320 patent/CN1389786A/en active Pending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1324836C (en) * | 2003-12-17 | 2007-07-04 | 上海市高级人民法院 | Method of applying timestamp in remote signature system |
| US8091015B2 (en) | 2004-07-20 | 2012-01-03 | Fujitsu Limited | Digital document management system, digital document management method, and digital document management program |
| CN1989498B (en) * | 2004-07-20 | 2012-10-17 | 富士通株式会社 | Electronic document management system |
| CN1949308B (en) * | 2005-10-11 | 2012-07-25 | 株式会社日立制作所 | Signature log storing apparatus |
| CN101329750B (en) * | 2008-07-24 | 2011-08-24 | 武汉理工大学 | Method for generating and verifying anti-false stamp with file content protection function |
| CN101859359A (en) * | 2009-04-08 | 2010-10-13 | 黄金富 | Secret treatment method and software for dividing file contents in to two parts, and decryption reader |
| CN103383793A (en) * | 2012-05-02 | 2013-11-06 | 深圳长城开发科技股份有限公司 | Method and system for achieving invoice identification with browser |
| CN103383793B (en) * | 2012-05-02 | 2016-05-25 | 深圳长城开发科技股份有限公司 | A kind of browser that utilizes is realized the method and system that true from false of bills is differentiated |
| CN104601600B (en) * | 2015-02-17 | 2019-04-23 | 苏盛辉 | Rogue program preventing control method based on asymmetric identity |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ghazali et al. | A graduation certificate verification model via utilization of the blockchain technology | |
| CN110771095B (en) | System and method for implementing blockchain-based digital certificates | |
| Hakak et al. | Approaches for preserving content integrity of sensitive online Arabic content: A survey and research challenges | |
| CN1259634C (en) | Encryption antiforgery method based on substance characteristics | |
| CN110800254B (en) | System and method for generating digital signature | |
| WO2018103755A1 (en) | Combined two-dimensional code, electronic certificate carrier, and generation and reading apparatus and method | |
| CA2594018C (en) | Method and process for creating an electronically signed document | |
| US20050132194A1 (en) | Protection of identification documents using open cryptography | |
| US20150052615A1 (en) | System and method for field-verifiable record authentication | |
| CN1767434A (en) | Electronic seal and user authentic binding method, electronic seal obtained by the same and its using method | |
| CN1838163A (en) | Universal electronic stamping system based on PKI | |
| CN1858793A (en) | Electronic contract managing system operation platform | |
| CN109447602B (en) | Multi-center collaborative distributed digital currency mixing method for protecting privacy | |
| CN101030852B (en) | Method for enciphering and deciphering human-body safety | |
| Hsu et al. | Design of an e-diploma system based on consortium blockchain and facial recognition | |
| Mthethwa et al. | Proposing a blockchain-based solution to verify the integrity of hardcopy documents | |
| CN1389786A (en) | Digital signal system based on public cipher key algorithm | |
| Salau et al. | Secure document verification system using blockchain | |
| CN1932852A (en) | Tax control machine material characteristic encrypted antifaking method | |
| Rajeswari et al. | Generating and validating certificates using blockchain | |
| Dlamini et al. | Mitigating the challenge of hardcopy document forgery | |
| Triand et al. | Digital document security on legalize higher education diplomas with digital signature and SHA-1 algorithm | |
| Yahya et al. | A new academic certificate authentication using leading edge technology | |
| Anitha et al. | Authentication of digital documents using secret key biometric watermarking | |
| CN1858795A (en) | Identifying system and method for electronic bill credit based on CPK |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |