CN1523515A - False proof method using digital signature - Google Patents
False proof method using digital signature Download PDFInfo
- Publication number
- CN1523515A CN1523515A CNA031118755A CN03111875A CN1523515A CN 1523515 A CN1523515 A CN 1523515A CN A031118755 A CNA031118755 A CN A031118755A CN 03111875 A CN03111875 A CN 03111875A CN 1523515 A CN1523515 A CN 1523515A
- Authority
- CN
- China
- Prior art keywords
- digital signature
- algorithm
- card
- product
- false
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention uses sophisticated digit signing algorithm in international, which is based on PKI (public key installation), the theory foundation is public key and cipher code in computer cryptology and mathematics. It attaches false preventing label on commodities, or prints 20-80 letters code on important text or ticket such as receipt invoice, points list, graduate certificate, each kind of certificate. The encrypted text can be obtained through computer or calculator when carrying test, if it accords with the label, it is certified product, or it is counterfeit. The system is off-line, the factory needn't to reserve the databank of product, and needn't to provide true-false inquiring service. It can incriminate the true-false of product.
Description
Technical field
Digital Signature Algorithm and PKI in the computer cryptology
Background technology
Utilize password to carry out commodity/certificate false proof technology ubiquity at present: (one) Cipher Strength is not enough, the ability that opposing is attacked.Real cryptographic algorithm is not to be afraid of disclosedly, can resist present cryptanalysis technology.The present invention adopts current in the world Digital Signature Algorithm.(2) manufacturer need preserve databank of product, needs the online service that true-false inquiring is provided, as Help by Phone.(3) can not discern the local modification of invoice, certificate etc.(4) each manufacturer must set up the CA of oneself, and this is the security breaches on the system, can steal the beams and change the pillars.When (five) verifying different producers is adopted diverse ways, the user feels trouble deeply.The present invention has overcome these shortcomings, and operating cost is low.
Summary of the invention
The present invention adopts ripe in the world Digital Signature Algorithm, is based upon on the PKI (Public Key Infrastructure), and theoretical foundation is public key cryptography and mathematics in the computer cryptology.At first on commodity, paste antifalsification label, or on invoice, student's school report, diploma, various certificate, various bill, important written material etc., print the password of 20-80 character.Just obtained ciphertext by computer or computer operation during checking, if the ciphertext of it and antifalsification label consistent be genuine piece, otherwise be fake products.Whole system is an off-line, need not preserve databank of product, need not provide the true-false inquiring service.Can recognition value true and false, certificate true and false or whether be modified in the duplicating process plays the effect of telling truth from falsehood.
Description of drawings
PKI system architecture (Fig. 1), signature-verification process (Fig. 2), (digital signature is in the lower left) for example of anti-forge cipher/label: diploma (Fig. 3), trade mark (Fig. 4), invoice (Fig. 5), amended invoice (Fig. 6) (only increase by a yuan, training expenses is made into 2161 yuan from 2160 yuan, promptly change 1 bit information, illustrate avalanche).
Embodiment
Manufacturer/licence issuing authority preliminary preparation: the ECSA (ellipse curve signature algorithm), the ECDSA Digital Signature Algorithms such as (ECDSA (Elliptic Curve Digital Signature Algorithm)) that use DSS/DSA (U.S.'s Digital Signature Standard), are based upon on the ECC (elliptic curve) generate PKI and private key, private key adopts to divide deposits algorithm by oneself secret to (many people many places) preservation, PKI uploads to CA (authentication center) website, and is open by CA signature back.Each checking/consumption terminal irregularly obtains up-to-date list of public keys from CA, sees Fig. 1.
The ciphering signature process: manufacturer is printed as antifalsification label to commodity bar code, date of manufacture, date of expiration, sequence number etc. and the password that correspondence generates, and sticks on the commodity.Licence issuing authority by scanner (or manual) input computer, is transformed into literal and digital content to written material, after inspection and original text are errorless, send into this product and obtains a ciphertext, is printed on the file, can be equipped with shelves to ciphertext simultaneously, sees Fig. 2.
Proof procedure: the consumption verification terminal can be computer or be integrated in authentication function in the counter.The consumer is input counter such as the commodity bar code on the antifalsification label, date of manufacture, date of expiration, sequence number or computer (or using barcode scanner), if the ciphertext that obtains consistent with ciphertext on the antifalsification label be genuine piece, otherwise be fake products.The certificate verification person at first imports computer to written material (comprising copy) by scanner (or manual), is transformed into literal and digital content, after inspection and original text are errorless, send into this product and obtains a ciphertext.If the ciphertext of printing on the ciphertext that obtains and the file is consistent, file is not modified, otherwise is modified, and sees Fig. 2.
Principle
This product is based upon on the PKI (Public Key Infrastructure), has utilized the character to the authentication of sender's identity of public key cryptosystem.Public-key cipher technology can be used for encryption, key change and signature.Digital signature technology is widely used in virtual ecommerce, E-mail, the secure communication, and integrality, non-repudiation, confidentiality and authentication service function can be provided.
This product is before encryption, if expressly length is oversize, uses Hash (hash) function the Information Compression of random length to be become the short message of regular length.The present invention mainly uses SHA-1 (U.S.'s hash function standard).The Hash function has (1) one-way, promptly establishes c=Hash (m), the c as a result of known output, and it is very difficult asking its input m.(2) anti-collision, known c=Hash (m1), structure m2, it is very difficult making Hash (m2)=c.(3) avalanche, promptly all each bit with m is relevant for each bit of c, and has high susceptibility, and the bit of every change m all will produce obviously influence to c, change almost near half bit number, please contrast (Fig. 5) (Fig. 6).(4) rapidity.
Manufacturer/licence issuing authority uses private key that hash value is encrypted, and forms digital signature.This is to judge whether the key signed and issued by certain authoritative department, mainly uses DSA, ECC public key algorithm, and these algorithms all are to be based upon on the basis of a complex mathematical difficult problem.The checking user uses public-key and verifies.Under present technical conditions, it is impossible releasing private key by PKI or ciphertext.
As if from present result of study, the discrete logarithm problem on the elliptic curve more is difficult to handle than the discrete logarithm on the Galois field.Also do not occur efficient and simple method up to now and separate discrete logarithm problem on the general elliptic curve.If r is the largest prime divisor of the rank n of P, estimate according to V.Oorschot and Wiener, if r is approximately 10
36=2
120, then need spend about 10,000,000 dollars and can build a machine that m=325000 processor arranged, can calculate a logarithm with about 35 days.(95 pages of " the public key cryptography algorithms and realize fast " of selecting from that Zhou Yujie, Feng Dengguo write), and the key length of this product is 160Bit, is 1,099,500,000,000 times of above-mentioned estimation.
The coherent reference book: " computer cryptology " Lu opens the magnificent university press of clarification; " applied cryptography " (U.S.) Shi Naier China Machine Press; " Public Key Infrastructure PKI and the CA of certification authority " closes to shake and wins the Electronic Industry Press; " public key cryptography algorithm and realization fast thereof " Zhou Yujie, Feng Deng state National Defense Industry Press.
Security breaches and countermeasure
(1) method that new wine in old bottles: because plaintext and ciphertext are disclosed, the fake producer can copy down several plaintexts and ciphertext, is attached on the fake products.But because the plain/cipher text of every commodity is all different, so if the plain/cipher text of two commodity is identical, then wherein having one at least is fake products, so can not mass selling.And expressly date of manufacture, term of validity item are arranged, so the effective property of antifalsification label.Can adopt special typographies such as hiding China ink to cover its ciphertext part to antifalsification label in addition, when checking, scrape off, prevent recycling.Above characteristic can not be produced the fake producer in batches.
(2) batch plagiarism method: the fake producer will make N spare fake products, then must copy down N to plaintext and ciphertext.The plagiarism that the ageing decision fake producer of antifalsification label must not stop.Manufacturer can be to dealer's coding in the sequence number of antifalsification label, and can find is who has assisted the fake producer.
(3) release next ciphertext method from a last ciphertext: cryptographic algorithm has avalanche, non-linear and 0/1 balance, expressly/and the change of 1 bit information of key all will cause the acute variation of ciphertext, can not release next ciphertext from a last ciphertext.
(4) extrapolate the private key method: only have private key, the formation ciphertext of just signing.Because these cryptographic algorithms all are based on a mathematical difficult problem, the time pecuniary consideration of breaking through private key all is to make the people intolerable.The key length of native system is 160Bit, and possible cipher key number is 2^160, can check on the supercomputer of 100,000,000 keys at a per second, needs 4.63E32 could exhaustively arrive key.And the solar age is only 6E9.
(5) bribe inner people's method: deposit because private key divides, know even the information of the relevant private key of a bit without any a private key preserver.Have only the preserver who surpasses half that the part of oneself preserving is taken out,, just can obtain private key through computing.
(6) middle attack method: private key exists with encrypted form outside cryptographic system, can not crack.PKI can not be stolen the beams and changed the pillars through authentication center's signature.The authentication center website is an off-line, keeps in touch with it when not taking.
(7) the verification terminal method of playing tricks: verification terminal has own unique number, can verify oneself.Also can generate verification msg at random by authentication center verifies.
(8) certificate/copy local modification: if the password of the copy of having revised or not, then checking is not pass by certainly.If the password of copy will be revised, but owing to there is not private key, can not form correct password, checking is not pass by certainly yet.Original paper in like manner can not be revised.
(9) 1,2 two kind of attack method is invalid to certificate false proof.
Advantage and application prospect
1) manufacturer/licence issuing authority only need generate/preserve PKI and private key, and product is signed, and need not preserve databank of product, and the online true-false inquiring service that provides is not provided.As long as the printing false-proof label, cost is very low.
2) this product is based upon on the PKI (Public Key Infrastructure), and many manufacturer/licence issuing authorities need not set up the CA (authentication center) of oneself, and the PKI of many manufacturer/licence issuing authorities is only open by a CA signature back, and CA also is an off-line.Be suitable for face width, can independently finish checking.
3) verifying software of verification terminal can be free, and authentication function can embed in the counter, carries, and can verify the true and false of the commodity/certificate of any manufacturer/licence issuing authority of knowing its PKI, broad covered area.
4) can prevent local modification to certificate, invoice and vital document etc.Also can prevent the modification of copy.
Claims (4)
1. Digital Signature Algorithm that theoretical foundation of the present invention is public key cryptography in the computer cryptology and Public Key Infrastructure PKI.The present invention utilizes Digital Signature Algorithm to differentiate that thought written, the physical items true and false needs protection, and the use of various algorithms also needs protection.
2. various Digital Signature Algorithms all can be used to signature, and this product mainly uses algorithm DSA (U.S.'s Digital Signature Standard), ECSA (ellipse curve signature algorithm), the ECDSA (ECDSA (Elliptic Curve Digital Signature Algorithm)) of short key.
3. Hash (hash) function that mainly uses of this product is the SHA-1 algorithm, and other is as principles such as MD5, MDC, RIPEMD are.
4. signature employing one-dimensional bar code and character style are in order conveniently to import on the basis cheaply, other forms such as magnetic card, ID card (password card), IC-card (smart card), OCR (optical read card taking), two-dimensional bar code (stack STACKED and matrix form MATRIX) etc. belongs to its variant.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA031118755A CN1523515A (en) | 2003-02-17 | 2003-02-17 | False proof method using digital signature |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA031118755A CN1523515A (en) | 2003-02-17 | 2003-02-17 | False proof method using digital signature |
Publications (1)
Publication Number | Publication Date |
---|---|
CN1523515A true CN1523515A (en) | 2004-08-25 |
Family
ID=34283542
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA031118755A Pending CN1523515A (en) | 2003-02-17 | 2003-02-17 | False proof method using digital signature |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1523515A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100391144C (en) * | 2004-11-26 | 2008-05-28 | 刘昕 | Generation and verification for digital certificate |
US8058973B2 (en) | 2005-09-13 | 2011-11-15 | Nec (China) Co., Ltd. | Radio frequency identification system and method |
CN104021482A (en) * | 2013-03-01 | 2014-09-03 | 成都市易恒信科技有限公司 | Certificate false-proof verification method base on identification authentication technology |
-
2003
- 2003-02-17 CN CNA031118755A patent/CN1523515A/en active Pending
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100391144C (en) * | 2004-11-26 | 2008-05-28 | 刘昕 | Generation and verification for digital certificate |
US8058973B2 (en) | 2005-09-13 | 2011-11-15 | Nec (China) Co., Ltd. | Radio frequency identification system and method |
CN104021482A (en) * | 2013-03-01 | 2014-09-03 | 成都市易恒信科技有限公司 | Certificate false-proof verification method base on identification authentication technology |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7490240B2 (en) | Electronically signing a document | |
CA2426447C (en) | Self-authentication of value documents using digital signatures | |
US8285991B2 (en) | Electronically signing a document | |
US7519825B2 (en) | Electronic certification and authentication system | |
EP1396142B8 (en) | Method of authenticating a plurality of files linked to a text document | |
CN101136046B (en) | Electric signing verification system and method thereof | |
CN109600228B (en) | Anti-quantum-computation signature method and system based on public key pool | |
Yen et al. | Improved digital signature suitable for batch verification | |
CN110414193A (en) | A kind of safe encryption method and system of the close PDF document E-seal of state | |
CN102377565A (en) | Linkable ring signature method based on appointed verifier | |
CN101610153A (en) | Electronic signature authentication method based on ellipse curve signature algorithm | |
Zhang et al. | The Improvement of digital signature algorithm based on elliptic curve cryptography | |
CN110417555A (en) | A kind of safe encryption method and system of personal electric signature | |
CN104320253A (en) | Two-dimension code authentication system and method based on CBS signature mechanism | |
Akl | On the security of compressed encodings | |
CN109586917B (en) | Anti-quantum-computation signature method and system based on asymmetric key pool | |
CN1523515A (en) | False proof method using digital signature | |
WO2016187689A1 (en) | Signature protocol | |
Naser et al. | QR code based two-factor authentication to verify paper-based documents | |
CN109120397B (en) | Document authentication method and system based on identification password | |
Murthy et al. | Elliptic curve based signature method to control fake paper based certificates | |
Varshney et al. | Digital signatures | |
EP1056053A2 (en) | Efficient digital signatures for mail systems | |
Balsubramanian et al. | Mark sheet verification | |
Lou et al. | QR code anti-counterfeiting technique with lattice-based cryptography |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C57 | Notification of unclear or unknown address | ||
DD01 | Delivery of document by public notice |
Addressee: Su Cheng Document name: Notification before expiration of term |
|
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |