TW202236131A - Digital signature private key verification method to ensure that the correlation between the private key and the issued document cannot be maliciously tampered with - Google Patents
Digital signature private key verification method to ensure that the correlation between the private key and the issued document cannot be maliciously tampered with Download PDFInfo
- Publication number
- TW202236131A TW202236131A TW110107382A TW110107382A TW202236131A TW 202236131 A TW202236131 A TW 202236131A TW 110107382 A TW110107382 A TW 110107382A TW 110107382 A TW110107382 A TW 110107382A TW 202236131 A TW202236131 A TW 202236131A
- Authority
- TW
- Taiwan
- Prior art keywords
- private key
- data
- public
- verification
- key
- Prior art date
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
本發明是有關於一種驗證方法,特別是指一種數位簽章私鑰驗證方法。The invention relates to a verification method, in particular to a digital signature private key verification method.
數位簽章是一種功能類似寫在紙上的普通簽名、但是使用了公鑰加密領域的技術,以用於鑑別數位訊息的方法。A digital signature is a method that functions similarly to an ordinary signature written on paper, but uses techniques in the field of public key encryption to authenticate digital messages.
在使用上,會有一個只有本人知道的私鑰,及一個公開的公鑰,簽名的時候用私鑰,驗證簽名的時候則用公鑰。因為任何人都可以落款聲稱他就是發送者本人,因此發送者的公鑰必須向接受者信任的人(身份認證機構)來註冊。註冊後,身份認證機構傳送一數位證書至發送者。對文件簽名後,發送者把該數位證書連同文件及簽名一起發給接受者,接受者向身份認證機構求證是否真的是用發送者的私鑰簽發的文件。In use, there will be a private key that only the person knows, and a public key that is public. The private key is used when signing, and the public key is used when verifying the signature. Because anyone can sign the money claiming that he is the sender himself, the sender's public key must be registered with someone trusted by the recipient (the identity authentication authority). After registration, the authentication authority sends a digital certificate to the sender. After signing the file, the sender sends the digital certificate together with the file and the signature to the recipient, and the recipient asks the identity authentication agency whether it is really a file signed with the sender's private key.
然而,若身份認證機構被駭客入侵,使得身份認證機構的資料被惡意竄改,則無法保證其公正性。However, if the identity authentication agency is hacked and the information of the identity authentication agency is maliciously tampered with, its fairness cannot be guaranteed.
因此,本發明的目的,即在提供一種能保證私鑰與所簽發文件的關聯性無法被惡意竄改的數位簽章私鑰驗證方法。Therefore, the object of the present invention is to provide a digital signature private key verification method that can ensure that the association between the private key and the issued file cannot be maliciously tampered with.
於是,本發明數位簽章私鑰驗證方法,由一伺服端、一使用端,及一區塊鏈系統來實施,該伺服端經由一通訊網路連接該使用端及該區塊鏈系統,該數位簽章私鑰驗證方法包含一步驟(A)、一步驟(B)、一步驟(C)、一步驟(D)、一步驟(E)、一步驟(F),及一步驟(G)。Therefore, the digital signature private key verification method of the present invention is implemented by a server end, a user end, and a block chain system, and the server end is connected to the use end and the block chain system through a communication network. The signature private key verification method includes a step (A), a step (B), a step (C), a step (D), a step (E), a step (F), and a step (G).
在該步驟(A)中,在接收到一來自該使用端的驗證資料後,該驗證資料包括一公鑰、一私鑰、一簽署資料,及一具有產生該公鑰及該私鑰所需參數的公私鑰產生資料,該伺服端根據該公鑰及該簽署資料,利用一第一雜湊演算法產生一雜湊值,並根據該雜湊值驗證該簽署資料。In the step (A), after receiving a verification data from the client, the verification data includes a public key, a private key, a signature data, and a parameter required to generate the public key and the private key According to the public key and the signature data, the server uses a first hash algorithm to generate a hash value, and verifies the signature data according to the hash value.
在該步驟(B)中,當驗證該簽署資料成功時,該伺服端傳送該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該區塊鏈系統。In the step (B), when the verification of the signed data is successful, the server sends the hash value, the public key of the verification data, the private key, and the data generated by the public and private keys to the blockchain system.
在該步驟(C)中,該區塊鏈系統根據該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料,產生一對應該區塊鏈系統且包括該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料的目標區塊。In the step (C), the blockchain system generates data based on the hash value and the public key, the private key, and the public-private key of the verification data, and generates a pair of corresponding blockchain systems including the hash value And the public key, the private key of the verification data, and the target block of the data generated by the public and private key.
在該步驟(D)中,該區塊鏈系統將該目標區塊加入該區塊鏈系統所對應之一區塊鏈,以產生一相關於該目標區塊的交易識別碼,並將該交易識別碼傳送至該伺服端。In the step (D), the block chain system adds the target block to a block chain corresponding to the block chain system to generate a transaction identification code related to the target block, and the transaction The identification code is sent to the server.
在該步驟(E)中,該伺服端產生並傳送一包括該交易識別碼的資料請求至該區塊鏈系統。In the step (E), the server generates and sends a data request including the transaction identification code to the blockchain system.
在該步驟(F)中,該區塊鏈系統根據該資料請求的該交易識別碼,傳送該目標區塊的該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該伺服端。In the step (F), the block chain system transmits the hash value of the target block and the public key, the private key, and the public-private key generation of the verification data according to the transaction identification code requested by the data. data to the server.
在該步驟(G)中,該伺服端根據該目標區塊的該驗證資料之該公鑰及該公私鑰產生資料,驗證該驗證資料的該私鑰。In the step (G), the server verifies the private key of the verification data according to the public key of the verification data of the target block and the public-private key generation data.
本發明的功效在於:藉由該伺服端根據該雜湊值驗證該簽署資料,以驗證該簽署資料與該私鑰的關聯性,並在驗證成功後,傳送該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該區塊鏈系統,並再次驗證該區塊鏈系統的該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料,以確保傳送至該區塊鏈系統的途中資料並未遭到竄改,當驗證驗證成功時,即表示該私鑰與該簽署資料的關聯性並未遭到竄改,且基於區塊鏈的特性,該私鑰與該簽署資料的關聯性無法被惡意竄改。The effect of the present invention is: verify the signed data according to the hash value by the server to verify the correlation between the signed data and the private key, and after successful verification, send the hash value and the public key of the verified data key, the private key, and the public-private key-generated data to the blockchain system, and verify the public key, the private key, and the public-private key-generated data of the verification data of the blockchain system again to ensure transmission The information on the way to the blockchain system has not been tampered with. When the verification is successful, it means that the association between the private key and the signed data has not been tampered with, and based on the characteristics of the blockchain, the private key The association with the signed data cannot be maliciously tampered with.
在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。Before the present invention is described in detail, it should be noted that in the following description, similar elements are denoted by the same numerals.
參閱圖1,示例說明用來實施本發明數位簽章私鑰驗證方法之一實施例的一伺服端11、一使用端12,及一區塊鏈系統13。Referring to FIG. 1 , a
該伺服端11經由一通訊網路100連接該使用端12及該區塊鏈系統13,該伺服端11例如為一個人電腦、一筆記型電腦、一伺服器電腦,或一雲端伺服器。該使用端12儲存一簽名資料,該簽名資料包括一相關於一簽署人的簽署人影像、一相關於該簽署人之簽署過程的簽署影片、一相關於該簽署人之簽名的簽名影像,及一相關於該簽署人之簽名的簽名手寫軌跡之其中至少一者,該使用端12例如為一個人電腦、一筆記型電腦、一平板電腦,或一智慧型手機,該通訊網路100例如為網際網路(Internet),但不以此為限。The
參閱圖1、2,以下將藉由本發明數位簽章私鑰驗證方法之該實施例來說明該伺服端11、該使用端12,及該區塊鏈系統13各元件的運作細節,並包含下列步驟。Referring to Figures 1 and 2, the following will illustrate the
在步驟21中,該使用端12根據一預定值及多個隨機鍵(Key)值,獲得該公鑰、該私鑰,及一具有產生該公鑰及該私鑰所需參數公私鑰產生資料。值得注意的是,在本實施例中,該預定值為一人臉特徵值、一一次性密碼(One Time Password, OTP),及一相關於一文件的文件雜湊值之其中一者,但不以此為限。In
搭配參閱圖3,步驟21包括子步驟211~213,以下說明步驟21所包括的子步驟。Referring to FIG. 3 ,
在步驟211中,該使用端12根據該預定值及該等隨機鍵值,利用一第二雜湊演算法,獲得多個分別對應該等隨機鍵值的摘要(Digest)值。值得注意的是,在本實施例中,該第二雜湊演算法例如為雜湊運算訊息認證碼(Hash-based Message Authentication Code, HMAC)演算法,但不以此為限。In
在步驟212中,該使用端12串接該等摘要值,以獲得一串接值。值得注意的是,在本實施例中該串接值長度例如為128位元,在其他實施方式中,亦可為256位元,不以此為限。In
在步驟213中,該使用端12根據該串接值獲得該公鑰、該私鑰,及該公私鑰產生資料。In
詳細而言,該使用端12根據一第一質數
p及一相異於該第一質數的第二質數
q,獲得一乘積值
,其中
,
,若該串接值與該乘積值
互質,則該串接值為該私鑰
d,若該串接值與該乘積值
不互質時,則慢慢增加該串接值直到該串接值與該乘積值
互質(例如每次該串接值增加1,直到該串接值與該乘積值
互質),以將與該乘積值
互質的值作為該私鑰
d,且該公鑰
e以下式獲得:
d×
e≡1 (mod (
p-1)(
q-1)),
其中,
d為該私鑰,
e為該公鑰,該公鑰
e與該乘積值
互質,且該公鑰
e小於該乘積值
,該公私鑰產生資料包括該第一質數
p、該第二質數
q,及該乘積值
。
In detail, the
在步驟22中,該使用端12根據該簽名資料,利用一第一雜湊演算法產生一驗證碼。值得注意的是,在本實施例中,該第一雜湊演算法例如為安全雜湊演算法(Secure Hash Algorithm, SHA),但不以此為限。In
在步驟23中,該使用端12利用該私鑰將該簽名資料、該驗證碼,及一相關於該公鑰及該私鑰的有效期限的短憑證加密,以產生一加密且具有該簽名資料、該驗證碼及短該憑證的簽署資料。In
在步驟24中,該使用端12根據該公鑰、該私鑰、該公私鑰產生資料,及該簽署資料,產生並傳送一驗證資料至該伺服端11,該驗證資料包括該公鑰、該私鑰、該簽署資料,及該公私鑰產生資料。In step 24, the
在步驟25中,該伺服端11根據該公鑰及該簽署資料,利用該第一雜湊演算法產生一雜湊值。In
在步驟26中,該伺服端11根據該雜湊值驗證該簽署資料。當驗證該簽署資料失敗時,流程進行步驟27;而當驗證該簽署資料成功時,流程進行步驟28。In step 26, the
搭配參閱圖4,步驟26包括子步驟261~263,以下說明步驟26所包括的子步驟。With reference to FIG. 4 , step 26 includes
在步驟261中,該伺服端11利用該公鑰解密該簽署資料,以獲得該驗證碼及該簽名資料。In
在步驟262中,該伺服端11根據該簽名資料,利用該第一雜湊演算法產生該雜湊值。In
在步驟263中,該伺服端11判斷該雜湊值是否等於該驗證碼,以驗證該簽署資料。當判斷出該雜湊值不等於該驗證碼時,表示驗證失敗,流程進行步驟27;而當判斷出該雜湊值等於該驗證碼時,表示驗證成功,流程進行步驟28。In
在步驟27中,該伺服端11產生並傳送一錯誤訊息至該使用端12。In
在步驟28中,該伺服端11傳送該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該區塊鏈系統13。In
在步驟29中,該區塊鏈系統13根據該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料,產生一對應該區塊鏈系統13且包括該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料的目標區塊。In step 29, the
在步驟30中,該區塊鏈系統13將該目標區塊加入該區塊鏈系統13所對應之一區塊鏈,以產生一相關於該目標區塊的交易識別碼及一紀錄該目標區塊加入該區塊鏈時間的時戳(time stamp),並將該交易識別碼及該時戳傳送至該伺服端11。值得注意的是,在本實施例中,該時戳可表示該簽署資料已在該時戳的時間公證,該短憑證會在短時間失效以確保該簽署資料僅在該時戳附近的時間使用,以使得該私鑰只使用於該簽署資料,在其他實施方式中,該區塊鏈系統13可僅產生並傳送該交易識別碼至該伺服端11,不以此為限。In
在步驟31中,該伺服端11產生並傳送一包括該交易識別碼的資料請求至該區塊鏈系統13。In
在步驟32中,該區塊鏈系統13根據該資料請求的該交易識別碼,傳送該目標區塊的該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該伺服端11。In
在步驟33中,該伺服端11根據該目標區塊的該驗證資料之該公鑰及該公私鑰產生資料,驗證該驗證資料的該私鑰,以驗證該驗證資料的該私鑰是否是由步驟21的該預定值及該等隨機鍵值所產生。當驗證該驗證資料的該私鑰失敗時,流程進行步驟27;而當驗證該驗證資料的該私鑰成功時,流程結束。In
搭配參閱圖5,步驟33包括子步驟331~332,以下說明步驟25所包括的子步驟。Referring to FIG. 5 ,
在步驟331中,該伺服端11根據該公私鑰產生資料及該公鑰產生一驗證私鑰。In
詳細而言,該伺服端11根據該公私鑰產生資料的該第一質數
p及該第二質數
q,與該公鑰
e,計算出該驗證私鑰
d’。
Specifically, the
在步驟332中,該伺服端11判斷該驗證私鑰是否等於該私鑰,以驗證該私鑰。當判斷出該驗證私鑰不等於該私鑰時,表示該驗證資料的該私鑰不是由步驟21的該預定值及該等隨機鍵值所產生,驗證失敗,流程進行步驟26;而當判斷出該驗證私鑰等於該私鑰時,表示該驗證資料的該私鑰是由步驟21的該預定值及該等隨機鍵值所產生,驗證成功,流程結束。In
綜上所述,本發明數位簽章私鑰驗證方法,藉由該伺服端11根據該雜湊值驗證該簽署資料,以驗證該簽署資料與該私鑰的關聯性,並在驗證成功後,傳送該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料至該區塊鏈系統13,該區塊鏈系統13產生包括該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料的該目標區塊,並將該目標區塊加入該區塊鏈系統13所對應之該區塊鏈,該伺服端11從該區塊鏈系統13獲得並驗證該目標區塊的該雜湊值及該驗證資料的該公鑰、該私鑰,及該公私鑰產生資料,以確保傳送至該區塊鏈系統13的途中資料並未遭到竄改,當驗證驗證成功時,即表示該私鑰與該簽署資料的關聯性並未遭到竄改,且基於區塊鏈的特性,該私鑰與該簽署資料的關聯性無法被惡意竄改,故確實能達成本發明的目的。To sum up, in the digital signature private key verification method of the present invention, the
惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。But the above-mentioned ones are only embodiments of the present invention, and should not limit the scope of the present invention. All simple equivalent changes and modifications made according to the patent scope of the present invention and the content of the patent specification are still within the scope of the present invention. Within the scope covered by the patent of the present invention.
11:伺服端
12:使用端
13:區塊鏈系統
100:通訊網路
21~33:步驟
211~213:步驟
261~263:步驟
331~332:步驟
11: Server side
12: Use end
13: Blockchain system
100:
本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中:
圖1是一方塊圖,說明用以實施本發明數位簽章私鑰驗證方法的一實施例的一伺服端、一使用端,及一區塊鏈系統之連接關係;
圖2是一流程圖,說明本發明數位簽章私鑰驗證方法的該實施例;
圖3是一流程圖,輔助說明圖2之步驟21所包括的子步驟;
圖4是一流程圖,輔助說明圖2之步驟25所包括的子步驟;及
圖5是一流程圖,輔助說明圖2之步驟32所包括的子步驟。
Other features and effects of the present invention will be clearly presented in the implementation manner with reference to the drawings, wherein:
Fig. 1 is a block diagram illustrating a connection relationship between a server end, a user end, and a block chain system for implementing an embodiment of the digital signature private key verification method of the present invention;
Fig. 2 is a flowchart illustrating this embodiment of the digital signature private key verification method of the present invention;
Fig. 3 is a flow chart, assists in explaining the sub-steps that step 21 of Fig. 2 comprises;
FIG. 4 is a flow chart to assist in explaining the sub-steps included in
21~33:步驟 21~33: Steps
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110107382A TWI773161B (en) | 2021-03-02 | 2021-03-02 | Digital signature private key verification method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110107382A TWI773161B (en) | 2021-03-02 | 2021-03-02 | Digital signature private key verification method |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI773161B TWI773161B (en) | 2022-08-01 |
TW202236131A true TW202236131A (en) | 2022-09-16 |
Family
ID=83806853
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW110107382A TWI773161B (en) | 2021-03-02 | 2021-03-02 | Digital signature private key verification method |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI773161B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI815779B (en) * | 2023-03-17 | 2023-09-11 | 英業達股份有限公司 | System for verifying edited image |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI807979B (en) * | 2022-08-30 | 2023-07-01 | 中華電信股份有限公司 | A fido certification and auditing system, method base on timestamp signature and computer-readable medium thereof |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20240051299A (en) * | 2018-02-15 | 2024-04-19 | 갤럭시 디지털 트레이딩 엘엘씨 | Cryptocurrency wallet and cryptocurrency account management |
CN109447602B (en) * | 2018-10-16 | 2021-11-02 | 北京航空航天大学 | Multi-center collaborative distributed digital currency mixing method for protecting privacy |
TWI715036B (en) * | 2019-05-15 | 2021-01-01 | 宏碁股份有限公司 | File verification method, file verification system and file verification server |
FR3099017B1 (en) * | 2019-07-16 | 2021-08-06 | Idemia Identity & Security France | Process for verifying a transaction in a blockchain-type database |
CN110380870B (en) * | 2019-08-29 | 2020-12-22 | 北京瑞策科技有限公司 | Block chain private key signing method and device for e-commerce platform user |
-
2021
- 2021-03-02 TW TW110107382A patent/TWI773161B/en active
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI815779B (en) * | 2023-03-17 | 2023-09-11 | 英業達股份有限公司 | System for verifying edited image |
Also Published As
Publication number | Publication date |
---|---|
TWI773161B (en) | 2022-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109067524B (en) | Public and private key pair generation method and system | |
WO2020062668A1 (en) | Identity authentication method, identity authentication device, and computer readable medium | |
CN108780548B (en) | Using elliptic curve cryptography for personal device security to share secrets | |
KR101054970B1 (en) | A system, apparatus, method, and computer readable recording medium for authenticating a communication party using an electronic certificate containing personal information | |
JP2003521154A (en) | How to issue electronic identification information | |
US20030126085A1 (en) | Dynamic authentication of electronic messages using a reference to a certificate | |
US10887110B2 (en) | Method for digital signing with multiple devices operating multiparty computation with a split key | |
CN111884811B (en) | Block chain-based data evidence storing method and data evidence storing platform | |
CN111147245A (en) | Algorithm for encrypting by using national password in block chain | |
CN114900304B (en) | Digital signature method and apparatus, electronic device, and computer-readable storage medium | |
TWI773161B (en) | Digital signature private key verification method | |
KR20120053929A (en) | The agent system for digital signature using sign private key with double encryption and method thereof features to store in web storage | |
CN114244508B (en) | Data encryption method, device, equipment and storage medium | |
CN111817857B (en) | Electronic document signing method based on electronic notarization and SM2 collaborative signature and server adopted by same | |
KR101253683B1 (en) | Digital Signing System and Method Using Chained Hash | |
CN114448641A (en) | Privacy encryption method, electronic equipment, storage medium and chip | |
CN114598533B (en) | Block chain side chain cross-chain identity trusted authentication and data encryption transmission method | |
CN112165386A (en) | Data encryption method and system based on ECDSA | |
CN116032613A (en) | Block chain digital certificate exchange method, file storage access method and system | |
TWI593267B (en) | Certificateless public key management method with timestamp verification | |
CN115242471B (en) | Information transmission method, information transmission device, electronic equipment and computer readable storage medium | |
EP1461891A1 (en) | A method and system for authenticating digital certificates | |
JP7400444B2 (en) | Public key certificate generation method for IoT key management system, secure device, IoT device, device management device, and secure element | |
CN112511297B (en) | Method and system for updating key pair and digital certificate | |
JP5004086B2 (en) | Authentication system using short sequences |