TW202236131A - Digital signature private key verification method to ensure that the correlation between the private key and the issued document cannot be maliciously tampered with - Google Patents

Digital signature private key verification method to ensure that the correlation between the private key and the issued document cannot be maliciously tampered with Download PDF

Info

Publication number
TW202236131A
TW202236131A TW110107382A TW110107382A TW202236131A TW 202236131 A TW202236131 A TW 202236131A TW 110107382 A TW110107382 A TW 110107382A TW 110107382 A TW110107382 A TW 110107382A TW 202236131 A TW202236131 A TW 202236131A
Authority
TW
Taiwan
Prior art keywords
private key
data
public
verification
key
Prior art date
Application number
TW110107382A
Other languages
Chinese (zh)
Other versions
TWI773161B (en
Inventor
吳右任
Original Assignee
雲想科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 雲想科技股份有限公司 filed Critical 雲想科技股份有限公司
Priority to TW110107382A priority Critical patent/TWI773161B/en
Application granted granted Critical
Publication of TWI773161B publication Critical patent/TWI773161B/en
Publication of TW202236131A publication Critical patent/TW202236131A/en

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention discloses a digital signature private key verification method. After receiving a verification data including a public key, a private key, a signature data, and a public and private key generation data, the server terminal uses a first hash algorithm to generate a hash value according to the public key and the signature data, and verifies the signature data according to the hash value. When the signature data is verified successfully, the server terminal transmits the hash value, the public key, the private key, and the public and private key generation data to the blockchain system. The blockchain system generates a target block corresponding to the blockchain system and including the hash value, the public key, the private key, and the public and private key generation data, and adds the target block to the blockchain corresponding to the blockchain system. Finally, the server terminal verifies the private key according to the public key of the target block and the public and private key generation data.

Description

數位簽章私鑰驗證方法Digital signature private key verification method

本發明是有關於一種驗證方法,特別是指一種數位簽章私鑰驗證方法。The invention relates to a verification method, in particular to a digital signature private key verification method.

數位簽章是一種功能類似寫在紙上的普通簽名、但是使用了公鑰加密領域的技術,以用於鑑別數位訊息的方法。A digital signature is a method that functions similarly to an ordinary signature written on paper, but uses techniques in the field of public key encryption to authenticate digital messages.

在使用上,會有一個只有本人知道的私鑰,及一個公開的公鑰,簽名的時候用私鑰,驗證簽名的時候則用公鑰。因為任何人都可以落款聲稱他就是發送者本人,因此發送者的公鑰必須向接受者信任的人(身份認證機構)來註冊。註冊後,身份認證機構傳送一數位證書至發送者。對文件簽名後,發送者把該數位證書連同文件及簽名一起發給接受者,接受者向身份認證機構求證是否真的是用發送者的私鑰簽發的文件。In use, there will be a private key that only the person knows, and a public key that is public. The private key is used when signing, and the public key is used when verifying the signature. Because anyone can sign the money claiming that he is the sender himself, the sender's public key must be registered with someone trusted by the recipient (the identity authentication authority). After registration, the authentication authority sends a digital certificate to the sender. After signing the file, the sender sends the digital certificate together with the file and the signature to the recipient, and the recipient asks the identity authentication agency whether it is really a file signed with the sender's private key.

然而,若身份認證機構被駭客入侵,使得身份認證機構的資料被惡意竄改,則無法保證其公正性。However, if the identity authentication agency is hacked and the information of the identity authentication agency is maliciously tampered with, its fairness cannot be guaranteed.

因此,本發明的目的,即在提供一種能保證私鑰與所簽發文件的關聯性無法被惡意竄改的數位簽章私鑰驗證方法。Therefore, the object of the present invention is to provide a digital signature private key verification method that can ensure that the association between the private key and the issued file cannot be maliciously tampered with.

於是,本發明數位簽章私鑰驗證方法,由一伺服端、一使用端,及一區塊鏈系統來實施,該伺服端經由一通訊網路連接該使用端及該區塊鏈系統,該數位簽章私鑰驗證方法包含一步驟(A)、一步驟(B)、一步驟(C)、一步驟(D)、一步驟(E)、一步驟(F),及一步驟(G)。Therefore, the digital signature private key verification method of the present invention is implemented by a server end, a user end, and a block chain system, and the server end is connected to the use end and the block chain system through a communication network. The signature private key verification method includes a step (A), a step (B), a step (C), a step (D), a step (E), a step (F), and a step (G).

在該步驟(A)中,在接收到一來自該使用端的驗證資料後,該驗證資料包括一公鑰、一私鑰、一簽署資料,及一具有產生該公鑰及該私鑰所需參數的公私鑰產生資料,該伺服端根據該公鑰及該簽署資料,利用一第一雜湊演算法產生一雜湊值,並根據該雜湊值驗證該簽署資料。In the step (A), after receiving a verification data from the client, the verification data includes a public key, a private key, a signature data, and a parameter required to generate the public key and the private key According to the public key and the signature data, the server uses a first hash algorithm to generate a hash value, and verifies the signature data according to the hash value.

在該步驟(B)中,當驗證該簽署資料成功時,該伺服端傳送該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該區塊鏈系統。In the step (B), when the verification of the signed data is successful, the server sends the hash value, the public key of the verification data, the private key, and the data generated by the public and private keys to the blockchain system.

在該步驟(C)中,該區塊鏈系統根據該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料,產生一對應該區塊鏈系統且包括該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料的目標區塊。In the step (C), the blockchain system generates data based on the hash value and the public key, the private key, and the public-private key of the verification data, and generates a pair of corresponding blockchain systems including the hash value And the public key, the private key of the verification data, and the target block of the data generated by the public and private key.

在該步驟(D)中,該區塊鏈系統將該目標區塊加入該區塊鏈系統所對應之一區塊鏈,以產生一相關於該目標區塊的交易識別碼,並將該交易識別碼傳送至該伺服端。In the step (D), the block chain system adds the target block to a block chain corresponding to the block chain system to generate a transaction identification code related to the target block, and the transaction The identification code is sent to the server.

在該步驟(E)中,該伺服端產生並傳送一包括該交易識別碼的資料請求至該區塊鏈系統。In the step (E), the server generates and sends a data request including the transaction identification code to the blockchain system.

在該步驟(F)中,該區塊鏈系統根據該資料請求的該交易識別碼,傳送該目標區塊的該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該伺服端。In the step (F), the block chain system transmits the hash value of the target block and the public key, the private key, and the public-private key generation of the verification data according to the transaction identification code requested by the data. data to the server.

在該步驟(G)中,該伺服端根據該目標區塊的該驗證資料之該公鑰及該公私鑰產生資料,驗證該驗證資料的該私鑰。In the step (G), the server verifies the private key of the verification data according to the public key of the verification data of the target block and the public-private key generation data.

本發明的功效在於:藉由該伺服端根據該雜湊值驗證該簽署資料,以驗證該簽署資料與該私鑰的關聯性,並在驗證成功後,傳送該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該區塊鏈系統,並再次驗證該區塊鏈系統的該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料,以確保傳送至該區塊鏈系統的途中資料並未遭到竄改,當驗證驗證成功時,即表示該私鑰與該簽署資料的關聯性並未遭到竄改,且基於區塊鏈的特性,該私鑰與該簽署資料的關聯性無法被惡意竄改。The effect of the present invention is: verify the signed data according to the hash value by the server to verify the correlation between the signed data and the private key, and after successful verification, send the hash value and the public key of the verified data key, the private key, and the public-private key-generated data to the blockchain system, and verify the public key, the private key, and the public-private key-generated data of the verification data of the blockchain system again to ensure transmission The information on the way to the blockchain system has not been tampered with. When the verification is successful, it means that the association between the private key and the signed data has not been tampered with, and based on the characteristics of the blockchain, the private key The association with the signed data cannot be maliciously tampered with.

在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。Before the present invention is described in detail, it should be noted that in the following description, similar elements are denoted by the same numerals.

參閱圖1,示例說明用來實施本發明數位簽章私鑰驗證方法之一實施例的一伺服端11、一使用端12,及一區塊鏈系統13。Referring to FIG. 1 , a server 11 , a user 12 , and a blockchain system 13 for implementing an embodiment of the digital signature private key verification method of the present invention are illustrated.

該伺服端11經由一通訊網路100連接該使用端12及該區塊鏈系統13,該伺服端11例如為一個人電腦、一筆記型電腦、一伺服器電腦,或一雲端伺服器。該使用端12儲存一簽名資料,該簽名資料包括一相關於一簽署人的簽署人影像、一相關於該簽署人之簽署過程的簽署影片、一相關於該簽署人之簽名的簽名影像,及一相關於該簽署人之簽名的簽名手寫軌跡之其中至少一者,該使用端12例如為一個人電腦、一筆記型電腦、一平板電腦,或一智慧型手機,該通訊網路100例如為網際網路(Internet),但不以此為限。The server 11 is connected to the user 12 and the blockchain system 13 via a communication network 100 , and the server 11 is, for example, a personal computer, a notebook computer, a server computer, or a cloud server. The user terminal 12 stores a signature data, the signature data includes a signatory image related to a signatory, a signature video related to the signing process of the signatory, a signature image related to the signature of the signatory, and One of at least one of the signature handwriting tracks related to the signature of the signatory, the user terminal 12 is, for example, a personal computer, a notebook computer, a tablet computer, or a smart phone, and the communication network 100 is, for example, the Internet Road (Internet), but not limited to this.

參閱圖1、2,以下將藉由本發明數位簽章私鑰驗證方法之該實施例來說明該伺服端11、該使用端12,及該區塊鏈系統13各元件的運作細節,並包含下列步驟。Referring to Figures 1 and 2, the following will illustrate the server end 11, the user end 12, and the details of the operation of each element of the block chain system 13 by this embodiment of the digital signature private key verification method of the present invention, and include the following step.

在步驟21中,該使用端12根據一預定值及多個隨機鍵(Key)值,獲得該公鑰、該私鑰,及一具有產生該公鑰及該私鑰所需參數公私鑰產生資料。值得注意的是,在本實施例中,該預定值為一人臉特徵值、一一次性密碼(One Time Password, OTP),及一相關於一文件的文件雜湊值之其中一者,但不以此為限。In step 21, the user terminal 12 obtains the public key, the private key, and a public-private key generation data with parameters required for generating the public key and the private key according to a predetermined value and a plurality of random key (Key) values . It is worth noting that, in this embodiment, the predetermined value is one of a facial feature value, a one-time password (One Time Password, OTP), and a file hash value related to a file, but not This is the limit.

搭配參閱圖3,步驟21包括子步驟211~213,以下說明步驟21所包括的子步驟。Referring to FIG. 3 , step 21 includes sub-steps 211 to 213 , and the sub-steps included in step 21 are described below.

在步驟211中,該使用端12根據該預定值及該等隨機鍵值,利用一第二雜湊演算法,獲得多個分別對應該等隨機鍵值的摘要(Digest)值。值得注意的是,在本實施例中,該第二雜湊演算法例如為雜湊運算訊息認證碼(Hash-based Message Authentication Code, HMAC)演算法,但不以此為限。In step 211 , the client 12 obtains a plurality of digest values respectively corresponding to the random key values by using a second hash algorithm according to the predetermined value and the random key values. It should be noted that, in this embodiment, the second hash algorithm is, for example, a hash-based message authentication code (Hash-based Message Authentication Code, HMAC) algorithm, but it is not limited thereto.

在步驟212中,該使用端12串接該等摘要值,以獲得一串接值。值得注意的是,在本實施例中該串接值長度例如為128位元,在其他實施方式中,亦可為256位元,不以此為限。In step 212, the user terminal 12 concatenates the digest values to obtain a concatenated value. It should be noted that, in this embodiment, the length of the concatenated value is, for example, 128 bits, and in other implementation manners, it may also be 256 bits, which is not limited thereto.

在步驟213中,該使用端12根據該串接值獲得該公鑰、該私鑰,及該公私鑰產生資料。In step 213, the user 12 obtains the public key, the private key, and the public-private key generation data according to the concatenated value.

詳細而言,該使用端12根據一第一質數 p及一相異於該第一質數的第二質數 q,獲得一乘積值

Figure 02_image001
,其中
Figure 02_image003
Figure 02_image005
,若該串接值與該乘積值
Figure 02_image001
互質,則該串接值為該私鑰 d,若該串接值與該乘積值
Figure 02_image001
不互質時,則慢慢增加該串接值直到該串接值與該乘積值
Figure 02_image001
互質(例如每次該串接值增加1,直到該串接值與該乘積值
Figure 02_image001
互質),以將與該乘積值
Figure 02_image001
互質的值作為該私鑰 d,且該公鑰 e以下式獲得: d× e≡1 (mod ( p-1)( q-1)), 其中, d為該私鑰, e為該公鑰,該公鑰 e與該乘積值
Figure 02_image001
互質,且該公鑰 e小於該乘積值
Figure 02_image001
,該公私鑰產生資料包括該第一質數 p、該第二質數 q,及該乘積值
Figure 02_image001
。 In detail, the user terminal 12 obtains a product value according to a first prime number p and a second prime number q different from the first prime number
Figure 02_image001
,in
Figure 02_image003
,
Figure 02_image005
, if the concatenated value and the product value
Figure 02_image001
mutual prime, then the concatenation value is the private key d , if the concatenation value and the product value
Figure 02_image001
When not mutually prime, slowly increase the concatenation value until the concatenation value and the product value
Figure 02_image001
Mutually prime (for example, each time the concatenation value increases by 1, until the concatenation value and the product value
Figure 02_image001
coprime), so that the product value with the
Figure 02_image001
The mutually prime value is used as the private key d , and the public key e is obtained by the following formula: d × e ≡1 (mod ( p -1)( q -1)), where d is the private key, e is the public key key, the public key e and the product value
Figure 02_image001
Mutually prime, and the public key e is less than the product value
Figure 02_image001
, the public-private key generation data includes the first prime number p , the second prime number q , and the product value
Figure 02_image001
.

在步驟22中,該使用端12根據該簽名資料,利用一第一雜湊演算法產生一驗證碼。值得注意的是,在本實施例中,該第一雜湊演算法例如為安全雜湊演算法(Secure Hash Algorithm, SHA),但不以此為限。In step 22, the client 12 uses a first hash algorithm to generate a verification code according to the signature data. It should be noted that, in this embodiment, the first hash algorithm is, for example, a secure hash algorithm (Secure Hash Algorithm, SHA), but it is not limited thereto.

在步驟23中,該使用端12利用該私鑰將該簽名資料、該驗證碼,及一相關於該公鑰及該私鑰的有效期限的短憑證加密,以產生一加密且具有該簽名資料、該驗證碼及短該憑證的簽署資料。In step 23, the client 12 uses the private key to encrypt the signature data, the verification code, and a short certificate related to the validity period of the public key and the private key to generate an encrypted , the verification code and the signature information of the short certificate.

在步驟24中,該使用端12根據該公鑰、該私鑰、該公私鑰產生資料,及該簽署資料,產生並傳送一驗證資料至該伺服端11,該驗證資料包括該公鑰、該私鑰、該簽署資料,及該公私鑰產生資料。In step 24, the client 12 generates and transmits a verification data to the server 11 according to the public key, the private key, the data generated by the public and private keys, and the signature data, the verification data includes the public key, the The private key, the signing data, and the public and private key generation data.

在步驟25中,該伺服端11根據該公鑰及該簽署資料,利用該第一雜湊演算法產生一雜湊值。In step 25, the server 11 uses the first hash algorithm to generate a hash value according to the public key and the signature data.

在步驟26中,該伺服端11根據該雜湊值驗證該簽署資料。當驗證該簽署資料失敗時,流程進行步驟27;而當驗證該簽署資料成功時,流程進行步驟28。In step 26, the server 11 verifies the signature data according to the hash value. When the verification of the signature data fails, the process proceeds to step 27 ; and when the verification of the signature data succeeds, the process proceeds to step 28 .

搭配參閱圖4,步驟26包括子步驟261~263,以下說明步驟26所包括的子步驟。With reference to FIG. 4 , step 26 includes sub-steps 261 to 263 , and the sub-steps included in step 26 are described below.

在步驟261中,該伺服端11利用該公鑰解密該簽署資料,以獲得該驗證碼及該簽名資料。In step 261, the server 11 uses the public key to decrypt the signature data to obtain the verification code and the signature data.

在步驟262中,該伺服端11根據該簽名資料,利用該第一雜湊演算法產生該雜湊值。In step 262, the server 11 uses the first hash algorithm to generate the hash value according to the signature data.

在步驟263中,該伺服端11判斷該雜湊值是否等於該驗證碼,以驗證該簽署資料。當判斷出該雜湊值不等於該驗證碼時,表示驗證失敗,流程進行步驟27;而當判斷出該雜湊值等於該驗證碼時,表示驗證成功,流程進行步驟28。In step 263, the server 11 judges whether the hash value is equal to the verification code to verify the signed data. When it is judged that the hash value is not equal to the verification code, it means that the verification fails, and the process proceeds to step 27; when it is judged that the hash value is equal to the verification code, it means that the verification is successful, and the process proceeds to step 28.

在步驟27中,該伺服端11產生並傳送一錯誤訊息至該使用端12。In step 27 , the server 11 generates and sends an error message to the user 12 .

在步驟28中,該伺服端11傳送該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該區塊鏈系統13。In step 28 , the server 11 sends the public key, the private key, and the public-private key generation data of the hash value and the verification data to the blockchain system 13 .

在步驟29中,該區塊鏈系統13根據該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料,產生一對應該區塊鏈系統13且包括該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料的目標區塊。In step 29, the block chain system 13 generates data based on the hash value and the public key, the private key, and the public-private key of the verification data, and generates a pair of block chain systems 13 including the hash value and The public key, the private key of the verification data, and the target block of data generated by the public and private keys.

在步驟30中,該區塊鏈系統13將該目標區塊加入該區塊鏈系統13所對應之一區塊鏈,以產生一相關於該目標區塊的交易識別碼及一紀錄該目標區塊加入該區塊鏈時間的時戳(time stamp),並將該交易識別碼及該時戳傳送至該伺服端11。值得注意的是,在本實施例中,該時戳可表示該簽署資料已在該時戳的時間公證,該短憑證會在短時間失效以確保該簽署資料僅在該時戳附近的時間使用,以使得該私鑰只使用於該簽署資料,在其他實施方式中,該區塊鏈系統13可僅產生並傳送該交易識別碼至該伺服端11,不以此為限。In step 30, the block chain system 13 adds the target block to a block chain corresponding to the block chain system 13 to generate a transaction identification code related to the target block and a record of the target block Add the time stamp (time stamp) of the block chain time to the block, and transmit the transaction identification code and the time stamp to the server 11. It is worth noting that in this embodiment, the time stamp can indicate that the signed data has been notarized at the time of the time stamp, and the short certificate will expire in a short time to ensure that the signed data can only be used around the time stamp , so that the private key is only used for the signing data. In other implementations, the blockchain system 13 can only generate and transmit the transaction identification code to the server 11, but it is not limited thereto.

在步驟31中,該伺服端11產生並傳送一包括該交易識別碼的資料請求至該區塊鏈系統13。In step 31 , the server 11 generates and sends a data request including the transaction identification code to the blockchain system 13 .

在步驟32中,該區塊鏈系統13根據該資料請求的該交易識別碼,傳送該目標區塊的該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該伺服端11。In step 32, the block chain system 13 transmits the hash value of the target block and the public key, the private key, and the public-private key generation data of the verification data according to the transaction identification code requested by the data to The server end 11.

在步驟33中,該伺服端11根據該目標區塊的該驗證資料之該公鑰及該公私鑰產生資料,驗證該驗證資料的該私鑰,以驗證該驗證資料的該私鑰是否是由步驟21的該預定值及該等隨機鍵值所產生。當驗證該驗證資料的該私鑰失敗時,流程進行步驟27;而當驗證該驗證資料的該私鑰成功時,流程結束。In step 33, the server 11 generates data according to the public key and the public-private key of the verification data of the target block, and verifies the private key of the verification data to verify whether the private key of the verification data is obtained from The predetermined value and the random key values in step 21 are generated. When the verification of the private key of the verification material fails, the process proceeds to step 27; and when the verification of the private key of the verification material succeeds, the process ends.

搭配參閱圖5,步驟33包括子步驟331~332,以下說明步驟25所包括的子步驟。Referring to FIG. 5 , step 33 includes sub-steps 331 to 332 , and the sub-steps included in step 25 are described below.

在步驟331中,該伺服端11根據該公私鑰產生資料及該公鑰產生一驗證私鑰。In step 331, the server 11 generates a verification private key according to the public-private key generation data and the public key.

詳細而言,該伺服端11根據該公私鑰產生資料的該第一質數 p及該第二質數 q,與該公鑰 e,計算出該驗證私鑰 d’。 Specifically, the server 11 calculates the verification private key d ′ according to the first prime number p and the second prime number q of the public-private key generation data and the public key e .

在步驟332中,該伺服端11判斷該驗證私鑰是否等於該私鑰,以驗證該私鑰。當判斷出該驗證私鑰不等於該私鑰時,表示該驗證資料的該私鑰不是由步驟21的該預定值及該等隨機鍵值所產生,驗證失敗,流程進行步驟26;而當判斷出該驗證私鑰等於該私鑰時,表示該驗證資料的該私鑰是由步驟21的該預定值及該等隨機鍵值所產生,驗證成功,流程結束。In step 332, the server 11 determines whether the verification private key is equal to the private key to verify the private key. When it is judged that the verification private key is not equal to the private key, it means that the private key of the verification data is not generated by the predetermined value and the random key values in step 21, the verification fails, and the process proceeds to step 26; When the verification private key is equal to the private key, it means that the private key of the verification data is generated by the predetermined value and the random key values in step 21, the verification is successful, and the process ends.

綜上所述,本發明數位簽章私鑰驗證方法,藉由該伺服端11根據該雜湊值驗證該簽署資料,以驗證該簽署資料與該私鑰的關聯性,並在驗證成功後,傳送該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該區塊鏈系統13,該區塊鏈系統13產生包括該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料的該目標區塊,並將該目標區塊加入該區塊鏈系統13所對應之該區塊鏈,該伺服端11從該區塊鏈系統13獲得並驗證該目標區塊的該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料,以確保傳送至該區塊鏈系統13的途中資料並未遭到竄改,當驗證驗證成功時,即表示該私鑰與該簽署資料的關聯性並未遭到竄改,且基於區塊鏈的特性,該私鑰與該簽署資料的關聯性無法被惡意竄改,故確實能達成本發明的目的。To sum up, in the digital signature private key verification method of the present invention, the server 11 verifies the signature data according to the hash value, so as to verify the correlation between the signature data and the private key, and after successful verification, transmit The public key, the private key, and the public-private key generation data of the hash value and the verification data are sent to the blockchain system 13, and the blockchain system 13 generates the public key, including the hash value and the verification data, The private key, and the public-private key generate the target block of data, and add the target block to the block chain corresponding to the block chain system 13, the server 11 obtains from the block chain system 13 and Verify the hash value of the target block and the public key of the verification data, the private key, and the data generated by the public and private keys to ensure that the data transmitted to the blockchain system 13 has not been tampered with. When the verification is successful, it means that the association between the private key and the signed data has not been tampered with, and based on the characteristics of the blockchain, the association between the private key and the signed data cannot be maliciously tampered with, so this can indeed be achieved. purpose of the invention.

惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。But the above-mentioned ones are only embodiments of the present invention, and should not limit the scope of the present invention. All simple equivalent changes and modifications made according to the patent scope of the present invention and the content of the patent specification are still within the scope of the present invention. Within the scope covered by the patent of the present invention.

11:伺服端 12:使用端 13:區塊鏈系統 100:通訊網路 21~33:步驟 211~213:步驟 261~263:步驟 331~332:步驟 11: Server side 12: Use end 13: Blockchain system 100: Communication network 21~33: Steps 211~213: Steps 261~263: Steps 331~332: Steps

本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一方塊圖,說明用以實施本發明數位簽章私鑰驗證方法的一實施例的一伺服端、一使用端,及一區塊鏈系統之連接關係; 圖2是一流程圖,說明本發明數位簽章私鑰驗證方法的該實施例; 圖3是一流程圖,輔助說明圖2之步驟21所包括的子步驟; 圖4是一流程圖,輔助說明圖2之步驟25所包括的子步驟;及 圖5是一流程圖,輔助說明圖2之步驟32所包括的子步驟。 Other features and effects of the present invention will be clearly presented in the implementation manner with reference to the drawings, wherein: Fig. 1 is a block diagram illustrating a connection relationship between a server end, a user end, and a block chain system for implementing an embodiment of the digital signature private key verification method of the present invention; Fig. 2 is a flowchart illustrating this embodiment of the digital signature private key verification method of the present invention; Fig. 3 is a flow chart, assists in explaining the sub-steps that step 21 of Fig. 2 comprises; FIG. 4 is a flow chart to assist in explaining the sub-steps included in step 25 of FIG. 2; and FIG. 5 is a flowchart to assist in explaining the sub-steps included in step 32 of FIG. 2 .

21~33:步驟 21~33: Steps

Claims (10)

一種數位簽章私鑰驗證方法,由一伺服端、一使用端,及一區塊鏈系統來實施,該伺服端經由一通訊網路連接該使用端及該區塊鏈系統,該數位簽章私鑰驗證方法包含以下步驟: (A)藉由該伺服端,在接收到一來自該使用端的驗證資料後,該驗證資料包括一公鑰、一私鑰、一簽署資料,及一具有產生該公鑰及該私鑰所需參數的公私鑰產生資料,根據該公鑰及該簽署資料,利用一第一雜湊演算法產生一雜湊值,並根據該雜湊值驗證該簽署資料; (B)藉由該伺服端,當驗證該簽署資料成功時,傳送該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該區塊鏈系統; (C)藉由該區塊鏈系統,根據該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料,產生一對應該區塊鏈系統且包括該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料的目標區塊; (D)藉由該區塊鏈系統,將該目標區塊加入該區塊鏈系統所對應之一區塊鏈,以產生一相關於該目標區塊的交易識別碼,並將該交易識別碼傳送至該伺服端; (E)藉由該伺服端,產生並傳送一包括該交易識別碼的資料請求至該區塊鏈系統; (F)藉由該區塊鏈系統,根據該資料請求的該交易識別碼,傳送該目標區塊的該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該伺服端;及 (G)藉由該伺服端,根據該目標區塊的該驗證資料之該公鑰及該公私鑰產生資料,驗證該驗證資料的該私鑰。 A digital signature private key verification method is implemented by a server, a user, and a block chain system, the server is connected to the user and the block chain system through a communication network, and the digital signature is private The key authentication method consists of the following steps: (A) After the server receives a verification data from the client, the verification data includes a public key, a private key, a signature data, and a The public and private key generation data of the parameters, using a first hash algorithm to generate a hash value based on the public key and the signing data, and verifying the signing data according to the hash value; (B) Through the server, when the verification of the signature data is successful, transmit the hash value and the public key of the verification data, the private key, and the data generated by the public and private keys to the blockchain system; (C) Generate data based on the public key, the private key, and the public-private key of the hash value and the verification data through the blockchain system, generate a pair of blockchain systems including the hash value and the Verify the public key of the data, the private key, and the target block of the data generated by the public and private key; (D) Add the target block to a block chain corresponding to the block chain system through the block chain system to generate a transaction identification code related to the target block, and use the transaction identification code sent to the server; (E) generating and sending a data request including the transaction identification code to the blockchain system through the server; (F) Send the hash value of the target block and the public key, the private key, and the public-private key generation data of the verification data to the server; and (G) Verifying the private key of the verification data by the server side according to the public key of the verification data of the target block and the public-private key generation data. 如請求項1所述的數位簽章私鑰驗證方法,在步驟(A)之前還包含以下步驟: (H)藉由該使用端,根據一預定值及多個隨機鍵值,獲得該公鑰、該私鑰,及該公私鑰產生資料; (I)藉由該使用端,根據一簽名資料,利用該第一雜湊演算法產生一驗證碼; (J)藉由該使用端,利用該私鑰將該簽名資料及該驗證碼加密,以產生具有該簽名資料及該驗證碼的該簽署資料;及 (K)藉由該使用端,根據該公鑰、該私鑰、該公私鑰產生資料,及該簽署資料,產生並傳送具有該驗證碼及該簽名資料該驗證資料至該伺服端。 The digital signature private key verification method as described in claim item 1 also includes the following steps before step (A): (H) Obtain the public key, the private key, and the public-private key generation data according to a predetermined value and a plurality of random key values through the client; (1) using the first hash algorithm to generate a verification code according to a signature data by the user; (J) using the private key to encrypt the signature data and the verification code by the client to generate the signature data with the signature data and the verification code; and (K) Using the client to generate and transmit the verification data including the verification code and the signature data to the server according to the public key, the private key, the public-private key-generated data, and the signature data. 如請求項2所述的數位簽章私鑰驗證方法,其中,步驟(H)包括以下子步驟: (H-1)藉由該使用端,根據該預定值及該等隨機鍵值,利用一第二雜湊演算法,獲得多個分別對應該等隨機鍵值的摘要值; (H-2)藉由該使用端,串接該等摘要值,以獲得一串接值;及 (H-3)藉由該使用端,根據該串接值獲得該公鑰、該私鑰,及該公私鑰產生資料。 The digital signature private key verification method as described in claim 2, wherein, step (H) includes the following sub-steps: (H-1) Obtain a plurality of digest values respectively corresponding to the random key values by using a second hash algorithm according to the predetermined value and the random key values by the user end; (H-2) concatenating the digest values by the client to obtain a concatenated value; and (H-3) Obtain the public key, the private key, and the public-private key generation data according to the concatenated value through the client. 如請求項3所述的數位簽章私鑰驗證方法,其中,在步驟(A)中,該第一雜湊演算法為安全雜湊演算法,在步驟(H-1)中,該第二雜湊演算法為雜湊運算訊息認證碼演算法。The digital signature private key verification method as described in claim 3, wherein, in step (A), the first hash algorithm is a secure hash algorithm, and in step (H-1), the second hash algorithm The method is a hash operation message authentication code algorithm. 如請求項3所述的數位簽章私鑰驗證方法,其中,在步驟(K)及步驟(A)中,該簽署資料還具有一文件,在步驟(H-1)中,該預定值為一人臉特徵值、一一次性密碼,及一關於該文件的文件雜湊值之其中一者。The digital signature private key verification method as described in claim 3, wherein, in step (K) and step (A), the signing data also has a file, and in step (H-1), the predetermined value is One of a facial feature value, a one-time password, and a file hash value related to the file. 如請求項3所述的數位簽章私鑰驗證方法,其中,在步驟(H-3)中該使用端根據一第一質數 p及一相異於該第一質數的第二質數 q獲得一乘積值
Figure 03_image001
,其中
Figure 03_image003
Figure 03_image005
,若該串接值與該乘積值
Figure 03_image001
不互質時,則增加該串接值直到該串接值與該乘積值
Figure 03_image001
互質,且該公鑰 e以下式獲得: d× e≡1 (mod ( p-1)( q-1)), 其中, d為該私鑰, e為該公鑰,該公鑰 e與該乘積值
Figure 03_image001
互質,且該公鑰 e小於該乘積值
Figure 03_image001
,該公私鑰產生資料包括該第一質數 p、該第二質數 q,及該乘積值
Figure 03_image001
The digital signature private key verification method as described in Claim 3, wherein, in step (H-3), the user obtains a prime number p based on a first prime number p and a second prime number q different from the first prime number product value
Figure 03_image001
,in
Figure 03_image003
,
Figure 03_image005
, if the concatenated value and the product value
Figure 03_image001
When not mutually prime, increase the concatenated value until the concatenated value and the product value
Figure 03_image001
are mutually prime, and the public key e is obtained by the following formula: d × e ≡1 (mod ( p -1)( q -1)), where d is the private key, e is the public key, and the public key e and The product value
Figure 03_image001
Mutually prime, and the public key e is less than the product value
Figure 03_image001
, the public-private key generation data includes the first prime number p , the second prime number q , and the product value
Figure 03_image001
. 如請求項2所述的數位簽章私鑰驗證方法,其中,在步驟(I)中,該簽名資料包括一相關於一簽署人的簽署人影像、一相關於該簽署人之簽署過程的簽署影片、一相關於該簽署人之簽名的簽名影像,及一相關於該簽署人之簽名的簽名手寫軌跡之其中至少一者。The digital signature private key verification method as described in claim 2, wherein, in step (1), the signature data includes a signatory image related to a signatory, a signature related to the signing process of the signatory At least one of a video, a signature image related to the signatory's signature, and a signature handwriting trace related to the signatory's signature. 如請求項2所述的數位簽章私鑰驗證方法,其中,在步驟(J)中,該使用端還將一相關於該公鑰及該私鑰的有效期限的短憑證加密,該簽署資料還具有該短憑證,在步驟(D)中,該區塊鏈系統還產生一紀錄該目標區塊加入該區塊鏈時間的時戳,且還將該時戳傳送至該伺服端。The digital signature private key verification method as described in claim 2, wherein, in step (J), the user also encrypts a short certificate related to the validity period of the public key and the private key, and the signature data Also having the short certificate, in step (D), the block chain system also generates a time stamp recording the time when the target block was added to the block chain, and also transmits the time stamp to the server. 如請求項1所述的數位簽章私鑰驗證方法,其中,步驟(A)包括以下子步驟: (A-1)利用該公鑰解密該簽署資料,以獲得該驗證碼及該簽名資料; (A-2)根據該簽名資料,利用該第一雜湊演算法產生該雜湊值;及 (A-3)判斷該雜湊值是否等於該驗證碼,以驗證該簽署資料。 The digital signature private key verification method as described in claim 1, wherein, step (A) includes the following sub-steps: (A-1) Use the public key to decrypt the signature data to obtain the verification code and the signature data; (A-2) using the first hash algorithm to generate the hash value based on the signature data; and (A-3) Judging whether the hash value is equal to the verification code, so as to verify the signed data. 如請求項1所述的數位簽章私鑰驗證方法,其中,步驟(G)包括以下子步驟: (G-1)藉由該伺服端,根據該公私鑰產生資料及該公鑰產生一驗證私鑰;及 (G-2)藉由該伺服端,判斷該驗證私鑰是否等於該私鑰,以驗證該私鑰。 The digital signature private key verification method as described in claim 1, wherein, step (G) includes the following sub-steps: (G-1) Generate data according to the public and private keys and generate a verification private key from the public key through the server; and (G-2) Using the server to determine whether the verification private key is equal to the private key to verify the private key.
TW110107382A 2021-03-02 2021-03-02 Digital signature private key verification method TWI773161B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110107382A TWI773161B (en) 2021-03-02 2021-03-02 Digital signature private key verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110107382A TWI773161B (en) 2021-03-02 2021-03-02 Digital signature private key verification method

Publications (2)

Publication Number Publication Date
TWI773161B TWI773161B (en) 2022-08-01
TW202236131A true TW202236131A (en) 2022-09-16

Family

ID=83806853

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110107382A TWI773161B (en) 2021-03-02 2021-03-02 Digital signature private key verification method

Country Status (1)

Country Link
TW (1) TWI773161B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI815779B (en) * 2023-03-17 2023-09-11 英業達股份有限公司 System for verifying edited image

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI807979B (en) * 2022-08-30 2023-07-01 中華電信股份有限公司 A fido certification and auditing system, method base on timestamp signature and computer-readable medium thereof

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20240051299A (en) * 2018-02-15 2024-04-19 갤럭시 디지털 트레이딩 엘엘씨 Cryptocurrency wallet and cryptocurrency account management
CN109447602B (en) * 2018-10-16 2021-11-02 北京航空航天大学 Multi-center collaborative distributed digital currency mixing method for protecting privacy
TWI715036B (en) * 2019-05-15 2021-01-01 宏碁股份有限公司 File verification method, file verification system and file verification server
FR3099017B1 (en) * 2019-07-16 2021-08-06 Idemia Identity & Security France Process for verifying a transaction in a blockchain-type database
CN110380870B (en) * 2019-08-29 2020-12-22 北京瑞策科技有限公司 Block chain private key signing method and device for e-commerce platform user

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI815779B (en) * 2023-03-17 2023-09-11 英業達股份有限公司 System for verifying edited image

Also Published As

Publication number Publication date
TWI773161B (en) 2022-08-01

Similar Documents

Publication Publication Date Title
CN109067524B (en) Public and private key pair generation method and system
WO2020062668A1 (en) Identity authentication method, identity authentication device, and computer readable medium
CN108780548B (en) Using elliptic curve cryptography for personal device security to share secrets
KR101054970B1 (en) A system, apparatus, method, and computer readable recording medium for authenticating a communication party using an electronic certificate containing personal information
JP2003521154A (en) How to issue electronic identification information
US20030126085A1 (en) Dynamic authentication of electronic messages using a reference to a certificate
US10887110B2 (en) Method for digital signing with multiple devices operating multiparty computation with a split key
CN111884811B (en) Block chain-based data evidence storing method and data evidence storing platform
CN111147245A (en) Algorithm for encrypting by using national password in block chain
CN114900304B (en) Digital signature method and apparatus, electronic device, and computer-readable storage medium
TWI773161B (en) Digital signature private key verification method
KR20120053929A (en) The agent system for digital signature using sign private key with double encryption and method thereof features to store in web storage
CN114244508B (en) Data encryption method, device, equipment and storage medium
CN111817857B (en) Electronic document signing method based on electronic notarization and SM2 collaborative signature and server adopted by same
KR101253683B1 (en) Digital Signing System and Method Using Chained Hash
CN114448641A (en) Privacy encryption method, electronic equipment, storage medium and chip
CN114598533B (en) Block chain side chain cross-chain identity trusted authentication and data encryption transmission method
CN112165386A (en) Data encryption method and system based on ECDSA
CN116032613A (en) Block chain digital certificate exchange method, file storage access method and system
TWI593267B (en) Certificateless public key management method with timestamp verification
CN115242471B (en) Information transmission method, information transmission device, electronic equipment and computer readable storage medium
EP1461891A1 (en) A method and system for authenticating digital certificates
JP7400444B2 (en) Public key certificate generation method for IoT key management system, secure device, IoT device, device management device, and secure element
CN112511297B (en) Method and system for updating key pair and digital certificate
JP5004086B2 (en) Authentication system using short sequences