Nothing Special   »   [go: up one dir, main page]

CN107979470A - For signature server, the method for terminal and signature server, terminal - Google Patents

For signature server, the method for terminal and signature server, terminal Download PDF

Info

Publication number
CN107979470A
CN107979470A CN201610940759.7A CN201610940759A CN107979470A CN 107979470 A CN107979470 A CN 107979470A CN 201610940759 A CN201610940759 A CN 201610940759A CN 107979470 A CN107979470 A CN 107979470A
Authority
CN
China
Prior art keywords
signed
data
signature
terminal
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610940759.7A
Other languages
Chinese (zh)
Inventor
张雪辉
王申
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201610940759.7A priority Critical patent/CN107979470A/en
Publication of CN107979470A publication Critical patent/CN107979470A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

Offer of the embodiment of the present invention is a kind of to be used for sign electronically server, the method for terminal and electronic signature server, terminal, belongs to computer security technique field, wherein the method for the server that signs electronically includes:Obtain data to be signed;Data to be signed are sent, for the terminal encrypted signature with signature algorithm and generate signature result;Signature is obtained as a result, at least acquired signature result is added in above-mentioned data to be signed to generate signed data;Send signed data and execution is verified with standby service server.Thus, a kind of electronic signature platform general, convenient, security reliability is high is provided at, to solve the prior art during electronic signature, technical problem that private key for user is easily forged by criminal, distorted.

Description

For signature server, the method for terminal and signature server, terminal
Technical field
The present invention relates to field of computer technology, and in particular, to a kind of to be used for sign electronically server, the method for terminal With electronic signature server, terminal.
Background technology
With the development of wireless communication technique and mobile terminal technology, computer networking technology has gradually penetrated into people The every field lived, such as:Shopping online, make a reservation, booking tickets on net etc. on the net so that the life of people is more and more just It is prompt.But incident is that requirement of the people for the security of data transfer is also improved constantly.
The scheme for realizing electronic signature in the prior art is mainly to be used as client using USB cipher keys (USB key) Device stores private key for user, signs electronically to electronic document.In practical applications, need to lead using USB cipher keys Machine possesses USB interface, but the extensive use which prevent USB cipher keys on the mobile terminal device.Also, in user's profit During carrying out data signature transmission data with private key, steal private key for user there are criminal and forge, distort or pretend to be User identity, it is greatly unfavorable that user is caused.At the same time, for businessman, the security of user data is directly closed It is the operation public praise to businessman;But many small merchants, due to scale of operation, no image of Buddha large enterprises equally expend greatly The fund of amount goes to establish the high data transfer encryption system of dedicated safe and reliable coefficient, and the secure user data problem of burst is past It is past that these small merchants can be allowed to be in very deep predicament.Also, traditional electronic signature mode excessively relies on business end, makes The realization that must be signed electronically is also not convenient and efficient enough.It will be apparent that traditional data signature mode cannot meet at present it is numerous Businessman and user is convenient to data transfer, the demand of security reliability.
Therefore a kind of electronic signature mode general, convenient, that security reliability is high is the urgently to be resolved hurrily of current industry Technical barrier.
Found it should be noted that above-mentioned technical problem is the present invention during the present invention is put into practice.
The content of the invention
The purpose of the embodiment of the present invention be to provide a kind of general, convenient, security reliability it is high be used to sign electronically Server, the method for terminal and electronic signature server, terminal, at least to solve to be illustrated at least in above-mentioned background technology One technical problem.
To achieve these goals, on the one hand the embodiment of the present invention provides the method for the server that signs electronically, it is special Sign is that this method includes:
Data to be signed are sent, for the terminal encrypted signature with signature algorithm and generate signature result;
Above-mentioned signature is obtained as a result, at least acquired signature result is added in above-mentioned data to be signed to generate Signed data;
Send above-mentioned signed data and execution is verified with standby service server.
Preferably, the above-mentioned data to be signed of above-mentioned transmission, for the terminal encrypted signature with signature algorithm and generate label Name result includes:Mark URL of the generation corresponding to above-mentioned data to be signed;Above-mentioned mark URL is sent, for signature algorithm Terminal perform to obtain above-mentioned data to be signed.
Preferably, the above-mentioned mark URL of above-mentioned transmission, is included so that terminal is performed with obtaining above-mentioned data to be signed:According to Above-mentioned mark URL, generation include the two-dimension code image of above-mentioned mark URL;Above-mentioned two-dimension code image is sent, for being calculated with signature The terminal scanning of method and perform above-mentioned mark URL to obtain corresponding data to be signed.
Preferably, it is above-mentioned at least acquired signature result to be added in above-mentioned data to be signed to generate number of signature According to comprising:Determine and the above-mentioned corresponding timestamp information of signature result;Above-mentioned timestamp information and above-mentioned signature result are added Add in above-mentioned data to be signed to generate signed data.
Preferably, the above-mentioned terminal with signature algorithm is the terminal with Arm Trustzone modules, and above-mentioned Arm Trustzone module memories contain signature algorithm.
Preferably, the data to be signed are the data to be signed for including cryptographic Hash.
Another aspect of the present invention provides a kind of method for terminal, it is characterised in that this method includes:
Based on the interactive operation with user, service request is sent;
Obtain data to be signed corresponding with above-mentioned service request;
Signed electronically according to certain signature algorithm to acquired data to be signed, and generate signature result;
Above-mentioned signature result is sent to verify with standby service server.
Preferably, above-mentioned acquisition data to be signed corresponding with above-mentioned service request include:Scanning contains data to be signed The two-dimension code image of corresponding mark URL;Above-mentioned two-dimension code image is parsed, it is to be signed corresponding to mark URL to obtain Data.
Preferably, it is stored in the movement in the block of Arm Trustzone moulds eventually when this method is applied to prestore with signature algorithm During end, it is characterised in that this method includes:Above-mentioned Arm Trustzone modules are according to pre-stored signature algorithm to acquired Data to be signed sign electronically, and generate signature result.
One aspect of the present invention provides a kind of electronic signature server, it is characterised in that including:
Data to be signed transmitting element, for sending above-mentioned data to be signed, for the terminal signature with signature algorithm Encrypt and generate signature result;
Signed data generation unit, for obtaining above-mentioned signature as a result, being at least added to acquired signature result To generate signed data in above-mentioned data to be signed;
Signed data transmitting element, execution is verified for sending above-mentioned signed data with standby service server.
Preferably, above-mentioned data to be signed transmitting element includes:Address generation module is identified, for generating corresponding to above-mentioned The mark URL of data to be signed;Address sending module is identified, for sending above-mentioned mark URL, for the end with signature algorithm End is performed to obtain above-mentioned data to be signed.
Preferably, it is characterised in that above-mentioned mark address sending module includes:Quick Response Code formation component, for according to Mark URL is stated, generation includes the two-dimension code image of above-mentioned mark URL;Quick Response Code sending assembly, for sending above-mentioned Quick Response Code figure Piece, above-mentioned mark URL is performed for the terminal scanning with signature algorithm to obtain corresponding data to be signed.
Preferably, the above-mentioned generation unit of signed data includes:Timestamp determining module, for determining and above-mentioned signature knot The corresponding timestamp information of fruit;Timestamp add-on module, for above-mentioned timestamp information and above-mentioned signature result to be added to To generate signed data in above-mentioned data to be signed.
Preferably, the above-mentioned terminal with signature algorithm is the terminal with Arm Trustzone modules, and above-mentioned Arm Trustzone module memories contain signature algorithm.
Preferably, the data to be signed are the data to be signed for including cryptographic Hash.
Another aspect of the present invention provides a kind of terminal, it is characterised in that including:
Service transmitting unit, for based on the interactive operation with user, sending service request;
Data to be signed acquiring unit, for obtaining data to be signed corresponding with above-mentioned service request;
Encrypted signature unit, for being signed electronically according to certain signature algorithm to acquired data to be signed, And generate signature result;
Signature result transmitting element, is sent above-mentioned signature result and is verified with standby service server.
Preferably, above-mentioned data to be signed acquiring unit includes:Response Code scan module, contains number to be signed for scanning According to the two-dimension code image of corresponding mark URL;Mark link execution module, parses above-mentioned two-dimension code image, to obtain the mark Know the data to be signed corresponding to URL.
Preferably, which is stored in Arm Trustzone moulds mobile terminal in the block to prestore with signature algorithm.
Through the above technical solutions, on the one hand, compared with the prior art in can only complete electronics in server-side or user terminal Signature, since the present invention creatively make use of the terminal comprising signature algorithm to perform signature algorithm, and utilizes signature server Attaching signature algorithm, the verification of signature result is completed at service server end, in the communication interaction of server-side and user terminal Electronic signature provides a set of brand-new solution, while has also been more convenient user and electronic signature is completed in the Internet, applications Operation;On the other hand,, can be universal based on the data signature platform the present invention provides a kind of universal data signature platform Common business server and user terminal interaction are solved to complete the technical barrier of authentication.
The further feature and advantage of the embodiment of the present invention will be described in detail in subsequent specific embodiment part.
Brief description of the drawings
Attached drawing is that the embodiment of the present invention is further understood for providing, and a part for constitution instruction, with The embodiment in face is used to explain the embodiment of the present invention together, but does not form the limitation to the embodiment of the present invention.Attached In figure:
Fig. 1 shows the system architecture schematic diagram for being suitable for the application of the present invention;
Fig. 2 is illustrated that the operation principle flow diagram of one embodiment of the invention electric endorsement method;
Fig. 3 is illustrated that one embodiment of the invention is used for the flow chart of the method for signature server;
Fig. 4 is illustrated that one embodiment of the invention is used for the flow chart of the method for terminal;
Fig. 5 is illustrated that the structure diagram of one embodiment of the invention signature server;
Fig. 6 is illustrated that the structure diagram of one embodiment of the invention terminal.
Description of reference numerals
I access request, II data to be signed
III two-dimension code image IV signature result
V 101 terminal of signed data
102 business platform server, 103 signature server
401 data to be signed transmitting elements 402 signed data generation unit
403 501 service transmitting units of signed data transmitting element
502 data to be signed acquiring unit, 503 encrypted signature unit
504 signature result transmitting elements
Embodiment
The exemplary system architecture 100 of the embodiment of the present invention can be applied by being shown referring to Fig. 1.
As shown in Figure 1, system architecture 100 can include terminal 101, business platform server 102 and signature server 103.Terminal 101 can be the various electronic equipments for having display screen and supporting information browse, include but not limited to computer, intelligence Energy mobile phone, tablet computer, E-book reader and wearable smart machine etc..
User can be interacted with using terminal 101 by network with business platform server 102 and/or signature server 103, To receive or send message etc..Various client applications, such as the application of application market class, map can be installed in terminal 101 Class application, web browser applications, the application of shopping class, searching class application, instant messaging tools, mailbox client, social platform Software etc..Meanwhile interacting based on terminal and server, complete electronic signature.
The operation principle flow diagram of one embodiment of the invention electric endorsement method is illustrated that referring to Fig. 2, in order to make Technical scheme is obtained to be easier to be understood by the public, as an example, the present invention is included in conjunction with Fig. 2 and Fig. 1 A part for technical solution is described,
User sends service request access service Platform Server 102 by terminal 101;
Business platform server 102 generates data to be signed corresponding with service request according to service request;
Business platform server 102 performs hash algorithm to data to be signed and obtains cryptographic Hash;
Business platform server 102 sends the data to be signed with cryptographic Hash to signature server 103;
Signature server 103 verifies service server system identity, is treated after being verified according to cryptographic Hash Signed data generation mark URL, and generate the two-dimension code image for including mark URL;
Signature server 103 is sent comprising mark URL two-dimension code images, and terminal 101 scans the two-dimension code image, and identification is simultaneously Request performs and identifies URL included in Quick Response Code;
Signature server 103 verifies the user identity of terminal, after being verified, by this with the to be signed of cryptographic Hash Data sending is to terminal 101;
Terminal 101 carries out data to be signed based on certain signature algorithm signature computing to generate signature as a result, and will The signed data is sent to signature server 103;
Signature result is added to data to be signed with life by signature server 103 together with the timestamp corresponding to signature result Sent into signed data, and by signed data to service server 102;
Service server 102 carries out signature check to signed data, to complete to sign electronically.
In the present embodiment, since business platform server performs data to be signed specific Hash operation so that It can not also know real signed data to be signed in signature server end and user terminal, more effectively ensure the peace of user information Whole step, improves the security reliability of electronic signature.
It is understood that terminal 101 should be equipped with the terminal of signature algorithm in Fig. 1, so that electronic signature Algorithm performs process can be completed in terminal;Also, in order to ensure the security for the algorithm routine that signs electronically, terminal can be selected The electronic signature algorithm routine is stored with the higher Arm Trustzone modules of safety coefficient;Further, signature server 106 and service server 105 should be in advance by mutual authorization;Based on signature server 103, service server 102 and terminal The operation of the electronic signature in data communication process is completed in 101 interaction, there is provided while a kind of brand-new data signature mode Also the security of electronic signature has more been ensured.
In the present invention, the signature result of electronic signature terminal generate, signature server complete signature result and when Between stab the additional completion of information data to be signed be converted into signed data, service server end identifies this, and signed data has been simultaneously Perform service.
It should be noted that the number of the terminal and server in Fig. 1 is only schematical., can according to needs are realized With with any number of terminal, network and server.
Following embodiment does the framework with reference to shown in Fig. 1 further the technical solution of present invention electronic signature algorithm Explanation.
It is illustrated that one embodiment of the invention is used for the flow chart of the method for signature server referring to Fig. 3, this method includes:
Step 201:Signature server obtains data to be signed;
It should be noted that signature server can obtain the data to be signed that business platform server end is forwarded, Signature server can also directly obtain data to be signed from terminal, therefore should be not limited herein.Wherein preferably, business Platform Server obtains the service request transmitted by self terminal, and is generated according to service request at business platform server end and wait to sign Name data, signature server obtain the data to be signed that business platform server end is generated.
Step 202:Signature server sends data to be signed, for the terminal encrypted signature with signature algorithm and generates Signature result;
It should be appreciated that the data to be signed due to without signature as a result, be cannot be by the electricity of service server The safety check of son signature, can not directly be performed by service server.The signature algorithm of terminal in the present embodiment should It is to match with the signature algorithm at service server end, can is that storage is pre-configured with the terminal based on service server 's.In addition, not doing particular provisions to the signature algorithm in the present embodiment, signature algorithm of the prior art can be used for reference, may be used also To be brand-new signature algorithm.
Step 203:Signature server obtains signature as a result, acquired signature result at least is added to data to be signed In to generate signed data;
In the present embodiment, can be after generating signature result by terminal, signature result is fed back to label by terminal Signature result is added in the data to be signed acquired in step 201, thus just generates just by name server, signature server Signed data with signature result.
Step 204:Signature server sends signed data and verifies execution with standby service server.
In the present embodiment, one has been built between user terminal businessman's Operation Server by signature server to be based on The good authentication bridge of electronic signature, can provide a kind of brand-new electronics label for the service server operation of numerous businessmans Name solution, improves the security reliability of electronic signature;And compared with prior art, shared using signature server The electronic signature work of user terminal and server-side, reduces pressure of the electronic signature to the resource consumption of user terminal and server-side.
As a kind of preferred embodiment for the method for being used for signature server shown in Fig. 3, the execution of the step 201 in Fig. 2 Specifically include following steps:
Mark URL of the generation corresponding to data to be signed;
Mark URL is sent, so that the terminal with signature algorithm is performed to obtain data to be signed.
In the present embodiment, mark URL and data to be signed are corresponded, realized when signature server receives at the same time When large number of signature result and data to be signed, it is capable of the calling of effective guarantee data to be signed and additional will not occurs Entanglement, can allow signature server to perform multiple data signature flows at the same time.
More optimally, above-mentioned transmission mark URL, is included so that terminal is performed with obtaining data to be signed:According to mark URL, generation include the two-dimension code image of mark URL;Two-dimension code image is sent, is held for the terminal scanning with signature algorithm Line identifier URL is to obtain corresponding data to be signed.
Can be that signature server directly will it should be noted that closing the transmission of two-dimension code image in this present embodiment Two-dimension code image is sent to terminal for terminal encrypted signature or indirectly, such as by service server be used as medium, general Two-dimension code image is sent to terminal, is not limited herein.Through this embodiment, planar bar code technology is applied in electronic signature, More improve the security reliability of electronic signature.
As embodiment illustrated in fig. 3 be used for signature server method a kind of preferred embodiment, the step 203 it is specific Execution comprises the steps of:
Determine and the signature corresponding timestamp information of result;
Timestamp information and signature result are added in data to be signed to generate signed data.
Through this embodiment, timestamp is together synthesized into signed data together with electronic signature result, ensures electronics label Name it is not reproducible so that the safety coefficient higher of signed data, at the same be also convenient for service server confirm user identity Reliability.
In some embodiments of the present embodiment method, the above-mentioned terminal with signature algorithm is with Arm The terminal of Trustzone modules, and contain signature algorithm in Arm Trustzone module memories.
In the present embodiment, secret key and crypto-operation are completed in Arm Trustzone modules to generate electronic signature knot Fruit, the security thus, it is possible to ensure signature algorithm program, improves the safety coefficient of electronic signature.It is another it should be noted that with The development of science and technology, based on the technical principle of the present invention, following other are used to be used to provide as Arm Trustzone modules The software and hardware of security context subsystem, it should also cover in protection scope of the present invention.
It is illustrated that further embodiment of this invention is used for the flow chart of the method for terminal referring to Fig. 4, this method is suitable for eventually End, this method include:
Step 301:Based on the interactive operation with user, service request is sent;
Step 302:Obtain data to be signed corresponding with service request;
Step 303:Signed electronically according to certain signature algorithm to acquired data to be signed, and generate signature As a result;
Step 304:Signature result is sent to verify with standby service server.
Through this embodiment, efficiently utilize the signature algorithm that terminal is stored and perform electronic signature computing, realize The generation of electronic signature result is completed in terminal.
It is used for a kind of preferred embodiment of the method for terminal as embodiment illustrated in fig. 4, the execution on step 302 can be with It is:Scan the two-dimension code image containing the mark URL corresponding to data to be signed;Two-dimension code image is parsed, to obtain the mark Data to be signed corresponding to URL.
In the preferred embodiment, terminal obtains data to be signed by scanning the two-dimensional code, by planar bar code technology application In digital signature, security reliability of the data to be signed during transmission of electronic signature is ensured.
It is used for a kind of preferred embodiment of the method for terminal as the embodiment shown in Fig. 4, this method is applied with label Name algorithm, which prestores, is stored in Arm Trustzone moulds mobile terminal in the block, and at least being performed in the Arm Trustzone modules should Encrypting step in method on data to be signed.
In the preferred embodiment, secret key and crypto-operation are completed in Arm Trustzone modules to generate electronics label Name improves the safety coefficient of electronic signature as a result, security thus, it is possible to ensure signature algorithm program.It is another to need what is illustrated It is that, with the development of science and technology, the technical principle based on the present invention, following other are used to be used as Arm Trustzone modules In the software and hardware for providing security context subsystem, it should also cover in protection scope of the present invention.
The structure diagram of one embodiment of the invention signature server is illustrated that referring to Fig. 5, including:
Data to be signed transmitting element 401, for sending data to be signed, so that the terminal signature with signature algorithm adds It is close and generate signature result;
Signed data generation unit 402, is treated for obtaining signature as a result, being at least added to acquired signature result To generate signed data in signed data;
Signed data transmitting element 403, execution is verified for sending signed data with standby service server.
As a kind of preferred embodiment of embodiment illustrated in fig. 5 signature server, which includes: Address generation module is identified, for generating the mark URL corresponding to data to be signed;Address sending module is identified, for sending URL is identified, so that the terminal with signature algorithm is performed to obtain data to be signed.
It is highly preferred that the mark address sending module includes:Quick Response Code formation component, for according to mark URL, generation bag The two-dimension code image of the URL containing mark;Quick Response Code sending assembly, for sending two-dimension code image, for the end with signature algorithm Scan and perform mark URL to obtain corresponding data to be signed in end.
As a kind of preferred embodiment of embodiment illustrated in fig. 5 signature server, signed data generation unit 402 is wrapped Contain:
Timestamp determining module, for the corresponding timestamp information of the result that determines and sign;
Timestamp add-on module, for timestamp information and signature result to be added in data to be signed and signed with generation Name data.
In some preferred embodiments of the present embodiment, the terminal with signature algorithm is with Arm Trustzone The terminal of module, and contain signature algorithm in Arm Trustzone module memories.
In some preferred embodiments of the present embodiment, data to be signed are the data to be signed for including cryptographic Hash.
The structure diagram of further embodiment of this invention terminal is illustrated that referring to Fig. 6, including:
Service transmitting unit 501, for based on the interactive operation with user, sending service request;
Data to be signed acquiring unit 502, for obtaining data to be signed corresponding with service request;
Encrypted signature unit 503, for carrying out electronics label to acquired data to be signed according to certain signature algorithm Name, and generate signature result;
Result of signing transmitting element 504, is sent signature result and is verified with standby service server.
As a kind of preferred embodiment of embodiment illustrated in fig. 6 terminal, data to be signed acquiring unit 502 includes:Two dimension Code scan module, for scanning the two-dimension code image containing the mark URL corresponding to data to be signed;Mark link performs mould Block, parses two-dimension code image, to obtain the data to be signed corresponding to mark URL.
As a kind of preferred embodiment of embodiment illustrated in fig. 6 terminal, which is stored in Arm to prestore with signature algorithm Trustzone moulds mobile terminal in the block.
It should be noted that term " comprising ", "comprising", not only including those key elements, but also including not arranging clearly The other element gone out, or further include as elements inherent to such a process, method, article, or device.Not more In the case of limitation, the key element that is limited by sentence " including ... ", it is not excluded that in the process including above-mentioned key element, method, thing Also there are other identical element in product or equipment.
Related function module and unit in the embodiment of the present invention can be realized by corresponding electronic component.
The preferred embodiment of the present invention is described in detail above in association with attached drawing, still, the present invention is not limited to above-mentioned reality The detail in mode is applied, in the range of the technology design of the present invention, a variety of letters can be carried out to technical scheme Monotropic type, these simple variants belong to protection scope of the present invention.
It is further to note that each particular technique feature described in above-mentioned embodiment, in not lance In the case of shield, it can be combined by any suitable means.In order to avoid unnecessary repetition, the present invention to it is various can The combination of energy no longer separately illustrates.
It will be appreciated by those skilled in the art that realize that all or part of step in above-described embodiment method is to pass through Program instructs relevant hardware to complete, and the program storage is in a storage medium, including some instructions are used so that one A (can be microcontroller, chip etc.) or processor (processor) perform the whole of each embodiment above method of the application Or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
In addition, various embodiments of the present invention can be combined randomly, as long as it is without prejudice to originally The thought of invention, it should equally be considered as content disclosed in this invention.

Claims (18)

  1. A kind of 1. method for the server that signs electronically, it is characterised in that this method includes:
    Data to be signed are sent, for the terminal encrypted signature with signature algorithm and generate signature result;
    The signature is obtained to have signed with generation as a result, at least acquired signature result is added in the data to be signed Data;
    Signed data verifies execution with standby service server described in sending.
  2. 2. according to the method described in claim 1, it is characterized in that, described send the data to be signed, for signature The terminal encrypted signature of algorithm and generate signature result include:
    Mark URL of the generation corresponding to the data to be signed;
    The mark URL is sent, so that the terminal with signature algorithm is performed to obtain the data to be signed.
  3. 3. according to the method described in claim 2, it is characterized in that, described send the mark URL, so that terminal is performed to obtain The data to be signed are taken to include:
    According to the mark URL, generation includes the two-dimension code image of the mark URL;
    The two-dimension code image is sent, it is corresponding to obtain that the mark URL is performed for the terminal scanning with signature algorithm Data to be signed.
  4. 4. according to the method described in claim 1, it is characterized in that, it is described at least by acquired signature result added to described Included in data to be signed with generating signed data:
    Determine and the signature corresponding timestamp information of result;
    The timestamp information and the signature result are added in the data to be signed to generate signed data.
  5. 5. according to claim 1-4 any one of them methods, it is characterised in that the terminal with signature algorithm be with The terminal of Arm Trustzone modules, and contain signature algorithm in the Arm Trustzone module memories.
  6. 6. according to claim 1-4 any one of them methods, it is characterised in that the data to be signed are to include cryptographic Hash Data to be signed.
  7. A kind of 7. method for terminal, it is characterised in that this method includes:
    Based on the interactive operation with user, service request is sent;
    Obtain data to be signed corresponding with the service request;
    Signed electronically according to certain signature algorithm to acquired data to be signed, and generate signature result;
    The signature result is sent to verify with standby service server.
  8. 8. the method according to the description of claim 7 is characterized in that described obtain number to be signed corresponding with the service request According to including:
    Scan the two-dimension code image containing the mark URL corresponding to data to be signed;
    The two-dimension code image is parsed, to obtain the data to be signed corresponding to mark URL.
  9. 9. the method according to claim 7 or 8, Arm is stored in when this method is applied to prestore with signature algorithm During Trustzone moulds mobile terminal in the block, it is characterised in that this method includes:
    The Arm Trustzone modules carry out electronics label according to pre-stored signature algorithm to acquired data to be signed Name, and generate signature result.
  10. 10. one kind electronic signature server, it is characterised in that including:
    Data to be signed transmitting element, for sending the data to be signed, for the terminal encrypted signature with signature algorithm And generate signature result;
    Signed data generation unit, for obtaining the signature as a result, at least by acquired signature result described in To generate signed data in data to be signed;
    Signed data transmitting element, execution is verified for sending the signed data with standby service server.
  11. 11. electronic signature server according to claim 10, it is characterised in that the data to be signed transmitting element bag Include:
    Address generation module is identified, for generating the mark URL corresponding to the data to be signed;
    Address sending module is identified, for sending the mark URL, so that the terminal execution with signature algorithm is described to obtain Data to be signed.
  12. 12. electronic signature server according to claim 11, it is characterised in that the mark address sending module bag Include:
    Quick Response Code formation component, for including the two-dimension code image of the mark URL according to the mark URL, generation;
    Quick Response Code sending assembly, for sending the two-dimension code image, institute is performed for the terminal scanning with signature algorithm Mark URL is stated to obtain corresponding data to be signed.
  13. 13. electronic signature server according to claim 10, it is characterised in that the generation unit bag of signed data Contain:
    Timestamp determining module, for determining and the signature corresponding timestamp information of result;
    Timestamp add-on module, for by the timestamp information and it is described signature result be added to the data to be signed in Generate signed data.
  14. 14. according to claim 10-13 any one of them electronic signature server, it is characterised in that described that there is signature to calculate The terminal of method is the terminal with Arm Trustzone modules, and contains signature in the Arm Trustzone module memories and calculate Method.
  15. 15. according to claim 10-13 any one of them electronic signature server, it is characterised in that the data to be signed To include the data to be signed of cryptographic Hash.
  16. A kind of 16. terminal, it is characterised in that including:
    Service transmitting unit, for based on the interactive operation with user, sending service request;
    Data to be signed acquiring unit, for obtaining data to be signed corresponding with the service request;
    Encrypted signature unit, for being signed electronically according to certain signature algorithm to acquired data to be signed, and it is raw Into signature result;
    Signature result transmitting element, is sent the signature result and is verified with standby service server.
  17. 17. terminal according to claim 16, it is characterised in that the data to be signed acquiring unit includes:
    Response Code scan module, for scanning the two-dimension code image containing the mark URL corresponding to data to be signed;
    Mark link execution module, parses the two-dimension code image, to obtain the data to be signed corresponding to mark URL.
  18. 18. the terminal according to claim 16 or 17, which is stored in Arm Trustzone to prestore with signature algorithm Mould mobile terminal in the block.
CN201610940759.7A 2016-10-25 2016-10-25 For signature server, the method for terminal and signature server, terminal Pending CN107979470A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610940759.7A CN107979470A (en) 2016-10-25 2016-10-25 For signature server, the method for terminal and signature server, terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610940759.7A CN107979470A (en) 2016-10-25 2016-10-25 For signature server, the method for terminal and signature server, terminal

Publications (1)

Publication Number Publication Date
CN107979470A true CN107979470A (en) 2018-05-01

Family

ID=62005036

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610940759.7A Pending CN107979470A (en) 2016-10-25 2016-10-25 For signature server, the method for terminal and signature server, terminal

Country Status (1)

Country Link
CN (1) CN107979470A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110619232A (en) * 2019-09-03 2019-12-27 中信银行股份有限公司 Electronic signature method and device, electronic equipment and computer readable storage medium
CN110889146A (en) * 2019-11-22 2020-03-17 山东鲁能软件技术有限公司 A kind of electronic signature method, device and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045715A (en) * 2009-10-12 2011-05-04 中国移动通信集团公司 Method, device and system for realizing mobile signature
US20120131341A1 (en) * 2010-11-22 2012-05-24 Network Appliance, Inc. Method and system for improving storage security in a cloud computing environment
CN102780561A (en) * 2011-11-30 2012-11-14 北京数字认证股份有限公司 Method and system for achieving user-informed digital signature by using mobile terminal
CN103581173A (en) * 2013-09-11 2014-02-12 北京东土科技股份有限公司 Safe data transmission method, system and device based on industrial Ethernet
CN104717641A (en) * 2013-12-13 2015-06-17 中国移动通信集团公司 Digital signature generating method based on SIM card and SIM card
CN104780204A (en) * 2015-03-24 2015-07-15 四川长虹电器股份有限公司 Method and system for rapidly sharing files between terminals

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045715A (en) * 2009-10-12 2011-05-04 中国移动通信集团公司 Method, device and system for realizing mobile signature
US20120131341A1 (en) * 2010-11-22 2012-05-24 Network Appliance, Inc. Method and system for improving storage security in a cloud computing environment
CN102780561A (en) * 2011-11-30 2012-11-14 北京数字认证股份有限公司 Method and system for achieving user-informed digital signature by using mobile terminal
CN103581173A (en) * 2013-09-11 2014-02-12 北京东土科技股份有限公司 Safe data transmission method, system and device based on industrial Ethernet
CN104717641A (en) * 2013-12-13 2015-06-17 中国移动通信集团公司 Digital signature generating method based on SIM card and SIM card
CN104780204A (en) * 2015-03-24 2015-07-15 四川长虹电器股份有限公司 Method and system for rapidly sharing files between terminals

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110619232A (en) * 2019-09-03 2019-12-27 中信银行股份有限公司 Electronic signature method and device, electronic equipment and computer readable storage medium
CN110889146A (en) * 2019-11-22 2020-03-17 山东鲁能软件技术有限公司 A kind of electronic signature method, device and storage medium

Similar Documents

Publication Publication Date Title
Liao et al. A novel user authentication scheme based on QR-code
CN103380592B (en) Method, server and system for personal authentication
JP6264674B2 (en) Authentication system and method using QR code
CN105515783B (en) Identity identifying method, server and certification terminal
CN105591744B (en) A kind of genuine cyber identification authentication method and system
EP1802155A1 (en) System and method for dynamic multifactor authentication
CN101897165A (en) Method of authentication of users in data processing systems
CN103297231A (en) Identity authentication method and system
CN102202300A (en) System and method for dynamic password authentication based on dual channels
CN101662458A (en) Authentication method
CN108667789A (en) Multidimensional bar code action identity authentication method, digital certificate device and authentication servo mechanism
CN102801724A (en) Identity authentication method combining graphic image with dynamic password
KR101879758B1 (en) Method for Generating User Digital Certificate for Individual User Terminal and for Authenticating Using the Same Digital Certificate
US20210166226A1 (en) Deep link authentication
CN105024813B (en) A kind of exchange method of server, user equipment and user equipment and server
CN104050431A (en) Self-signing method and self-signing device for RFID chips
JP2009272671A (en) Secret authentication system
CN104125064B (en) A kind of dynamic cipher authentication method, client and Verification System
Tandon et al. QR Code based secure OTP distribution scheme for Authentication in Net-Banking
US20080284565A1 (en) Apparatus, System and Methods for Supporting an Authentication Process
CN105741116A (en) Fast payment method, apparatus and system
CN104657860A (en) Mobile banking security authentication method
CN110071907A (en) The generation method and device of two dimensional code
CN102571341B (en) A kind of Verification System based on dynamic image and authentication method
CN110176989A (en) Quantum communications service station identity identifying method and system based on unsymmetrical key pond

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180501