CN101790166A - Digital signing method based on mobile phone intelligent card - Google Patents
Digital signing method based on mobile phone intelligent card Download PDFInfo
- Publication number
- CN101790166A CN101790166A CN200910312596A CN200910312596A CN101790166A CN 101790166 A CN101790166 A CN 101790166A CN 200910312596 A CN200910312596 A CN 200910312596A CN 200910312596 A CN200910312596 A CN 200910312596A CN 101790166 A CN101790166 A CN 101790166A
- Authority
- CN
- China
- Prior art keywords
- authentication
- signature
- platform
- mobile
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a digital signing method based on a mobile phone intelligent card, which belongs to the technical field of mobile phone intelligent cards. The method comprises the following steps of: sending service information to a mobile authentication platform by a bank platform through a special network interface; sending data to be signed to an authentication terminal by the mobile authentication platform in a data short message mode; confirming the signature by hands or refusing to confirm the signature by a user through the authentication terminal, wherein when the signature is confirmed by hands, the intelligent card carries out encryption on the data to be signed, and sends a signing result to the mobile authentication platform, or else, the authentication process fails; after the mobile authentication platform receives the signing result, then forwarding to a digital certification authentication center to carry out signature verification processing; directly sending a signature verification result to the mobile authentication platform by the digital certification authentication center, and forwarding the signature verification result to the bank platform through the mobile authentication platform, and processing the services and authentication process results by the bank platform according to the signing result. The invention can use mobile phone short messages to realize safe and reliable digital signing authentication; and the method is simple and convenient and has high security.
Description
Technical field
What the present invention relates to is a kind of method of mobile phone intelligent card technical field, specifically is a kind of digital signature method based on mobile phone intelligent card.
Background technology
Along with computer network javascript:; Technology javascript:; Develop rapidly and the wideling popularize of informatization, increasing tupe begins move towards electronic and networked, thereby has greatly improved efficient, saved cost.Compare with traditional aspectant manual process mode, based on network electronic transaction processing system must solve following problem: true identity how to discern the user on network; How to guarantee that the business datum that transmits on the network is not distorted; How to guarantee the confidentiality of the business datum that transmits on the network; How to make the user behavior on the network undeniable.Nowadays, increasing user has adopted surfing Internet with cell phone, receive and handle related service, also a lot of business all relate to sensitive information and critical data, and these sensitive informations are general all relevant with user's personal information, and these critical datas data that often to be the user need in the wireless telecommunications transaction confirms and sign.So, these users' of better protection true identity how? how to guarantee that the business datum that transmits on the network is not distorted? these problems all are to need in the network trading to guarantee and solve.
Find through retrieval prior art, Chinese patent literature CN201181942, put down in writing a kind of " the digital signature identification system that is used for the remote service business ", this technology comprises service request terminal, remote service center, customer mobile terminal, Business Processing mechanism.The user submits required business in the service request terminal to remote service center; The service request that remote service center is submitted the user to generates the portable terminal checking that business information sends the user to, and by behind the customer mobile terminal Signature Confirmation service message, returns to remote service center; Remote service center should the business acknowledge message be passed to Business Processing mechanism and is finished business operation after to the digital signature authentication in the confirmation, and service processing result carried out digital signature, form object information sends the user to by remote service center portable terminal; The user verifies the object information of receiving and preserves.
Though above-mentioned prior art has realized the digital signature identification of remote service business, but in its process, the user needs to submit required business in the service request terminal to remote service center, do not disclose the user and can support and receive passive type digital signature and the authentication that initiate in the strange land at any old place, simultaneously, the technology that phone number is forged and cloned has appearred in the mobile phone account number binding at present, so there is the hidden danger on the safety in the Business Processing mode of this once signed authentication.
Summary of the invention
The present invention is directed to the prior art above shortcomings, a kind of digital signature method based on mobile phone intelligent card is provided, can realize safe and reliable digital signature identification by SMS.
The present invention is achieved by the following technical solutions, the present invention includes following steps:
Step 1: bank's platform is sent to the mobile authentication platform by private NNI with business information;
Described business information is meant the data of private banking, and paying the fees as: government utility, data, the data of transferring accounts, account query data, remittance data, remaining sum change are reminded, the silver card is professional.
Step 2: the mobile authentication platform is sent to the authentication terminal with data to be signed by the data SMS form;
Described data to be signed are meant the data that need the user to do Signature Confirmation in the practical business generating process, as trade confirmation, sequence information or the like.
Described authentication terminal is meant user mobile phone and the smart card thereof of holding certificate of certification, and wherein: certificate of certification is meant the certificate request person certificate of certification of being signed and issued by the digital certificate authentication center, and certificate request person and certificate have unique corresponding relation; Smart card is meant the smart card that has the rsa encryption module and have the storage computation communication function.
Described data SMS is meant the safe packet short message that comprises 3DES encryption and MAC verification scheme.
Step 3: the user confirms signature by manual affirmation signature of authentication terminal or refusal, and when confirming signature by hand, smart card carries out encryption method to described data to be signed, and the result that will sign is sent to the mobile authentication platform; Otherwise verification process failure;
Described encryption method is meant: smart card is encrypted described data to be signed by cryptographic algorithm, obtains the ciphering signature data of 128 bytes.
Step 4: the mobile authentication platform receives that signature is forwarded to the digital certificate authentication center behind the result and tests to sign and handle;
Described test sign to handle be meant that the digital certificate authentication center is decrypted calculating by the algorithm identical with smart card to the ciphering signature data, the signed data after obtaining deciphering.
Step 5: the digital certificate authentication center will be tested and sign the result and directly be sent to the mobile authentication platform, and will be tested by the mobile authentication platform and to sign the result and be forwarded to bank's platform, and bank's platform is according to signature result treatment business, verification process result.
Compared with prior art, this patent is invented and is disclosedly a kind ofly carried out the method for digital signature by mobile phone intelligent card, and following advantage is arranged: at first, and by introducing smart card, and carry out safe calculating by smart card, the digital signature encryption technology among the present invention provides powerful safety guarantee; Secondly, the user is when confirming digital signature, and employing advances flow process, safety guarantee height step by step to data to be signed; Moreover the STK interface is simple to operation, is highly suitable for simple business; Simultaneously, compatibility is the strongest, and most mobile phones are all supported the STK menu.And then embodied this method and had great practical value.
Description of drawings
Fig. 1 is a schematic flow sheet of the present invention.
Fig. 2 is the schematic flow sheet of embodiment 1.
Fig. 3 is the schematic flow sheet of embodiment 2.
Fig. 4 is an embodiment mobile phone end note schematic diagram.
Embodiment
Below embodiments of the invention are elaborated, present embodiment is being to implement under the prerequisite with the technical solution of the present invention, provided detailed execution mode and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
Embodiment 1
Specifically describe the user does not initiatively initiate banking under the situation of each agency of Unionpay flow process below in conjunction with Fig. 2.As shown in Figure 1 and Figure 4, this embodiment specifically may further comprise the steps:
Step 1: various banks platform sends data to be signed to bank pre-machine;
Step 2: bank pre-machine is forwarded to the mobile authentication platform with data to be signed;
Step 3: the mobile authentication platform is organized data to be signed, and the data to be signed after will organizing are to comprise 3DES and encrypt and the form of the safe packet data SMS of MAC verification scheme is forwarded to user mobile phone;
Step 4: have the rsa encryption module and the STK menu that has in the smart card of storage computation communication function demonstrates word content, remind the user to confirm concrete data in the banking of its submission, select " cancellation " as the user, then the banking of user's submission will not be carried out, select " affirmation " as the user, then enter step 5;
Step 5: smart card carries out encryption method to described data to be signed, and final confirmation is sent to the mobile authentication platform with the form of data SMS, and the mobile authentication platform is organized signed data and sent to the digital certificate authentication center and tests to sign and handle;
Described encryption method is meant: adopt RSAES-PKCS1-v1_5-Encrypt ((n, e), M) algorithm, the input data comprise: (n, e) recipient's RSA PKI, wherein: k is that what close digital-to-analogue n is the length of unit of measurement with eight hytes, and M is that length is the eight hyte strings message to be encrypted of mLen, mLen≤k-11, the result of this encryption method are that a length is the ciphertext of the eight hyte strings of k; This encryption method may further comprise the steps:
5.1) length check: as mLen>k-11, computing is ended in output " Message too long " back;
5.2) EME-PKCS1-v1_5 coding: the eight hyte string PS that generate a length and be k-mLen-3 and constitute by non-zero eight hytes of pseudorandom generation, connect PS, message M and form the coded message EM that length is k eight hytes, EM=0x00||0x02||PS||0x00||M;
5.3) rsa encryption: convert coded message EM to an integer message and represent m:m=OS2IP (EM); With the RSA PKI (n, e) and message represent m substitution RSAEP cryptographic primitives, thereby produce a ciphertext represent c:c=RSAEP ((n, e), m); Representing c to convert a length to ciphertext is that the ciphertext of k eight hytes is represented c, and C=I2OSP (c, k).
Described test sign to handle be meant: C is decrypted into EM=0x00||0x02||PS||0x00||M with ciphertext, isolates M wherein, calculate informative abstract M ' with this locality at digital certificate authentication center again and compare, if M=M ' assert that then signature is effective, otherwise:
When the hexadecimal value of first eight hyte of EM is not 0x00, perhaps
When the hexadecimal value of second eight hyte of EM is not 0x02, perhaps
When there not being hexadecimal value is that eight hytes of 0x00 can be isolated PS from M, perhaps
When the length of PS less than 8 eight hytes,
Then output " deciphering makes mistakes " and termination computing.
Step 6: the digital certificate authentication center will be tested and sign the result and directly be sent to the mobile authentication platform, and will be tested by the mobile authentication platform and to sign the result and be forwarded to bank's platform, and bank's platform is according to signature result treatment business, verification process result;
The described label result that tests comprises: initial data, signature result and user certificate
Step 4: output ciphertext C.
This embodiment has embodied the user who holds certificate of certification can not carry out the banking operation under the situation of bank's cabinet face, also be to verify step by step for userspersonal information, the related data of banking, has both embodied flexibility, does not lose fail safe again.
Specifically describe the user not under the situation of each agency of bank below in conjunction with Fig. 3, receive and carry out the banking processing requirements of receiving.As Fig. 2 and shown in Figure 4, this embodiment specifically comprises:
Step 1: user's smart card receives the data to be signed that various banks platform sends over;
Step 2: the user clicks and checks that data to be signed, data to be signed are the transaction key element (as target account number, the amount of money) of appointment
Step 3: the user confirms data to be signed, if the user does not confirm that then banking will not be carried out, otherwise enters step 4;
Step 4: smart card calculates data to be signed
Step 5: the user signs to data, and the result is sent to the mobile authentication platform, if the user refuses signature, then banking will not be carried out;
Step 6: the mobile authentication platform is organized signed data and is sent to the digital certificate authentication center and tests label;
Step 7: the digital certificate authentication center is returned and is tested the label data, signs failure if test, and then banking will not be carried out.
This embodiment has embodied the user who holds certificate of certification and can be not do not received banking operation from the strange land under the situation of bank's cabinet face, for example, in the actual life, the business leader is in the other places, the finance of this enterprise need to authorize, and like this, the related work personnel of business finance portion can submit to the mobile authentication platform by the business that will need to authorize, the business leader can carry out data signature by mobile phone STK menu, and then realizes the banking operation.In the present embodiment, equally also be to verify step by step, both embodied flexibility, do not lose fail safe again for userspersonal information, the related data of banking.
Claims (7)
1. the digital signature method based on mobile phone intelligent card is characterized in that, may further comprise the steps:
Step 1: bank's platform is sent to the mobile authentication platform by private NNI with business information;
Step 2: the mobile authentication platform is sent to the authentication terminal with data to be signed by the data SMS form;
Step 3: the user confirms signature by manual affirmation signature of authentication terminal or refusal, and when confirming signature by hand, smart card carries out encryption method to described data to be signed, and the result that will sign is sent to the mobile authentication platform; Otherwise verification process failure;
Step 4: the mobile authentication platform receives that signature is forwarded to the digital certificate authentication center behind the result and tests to sign and handle;
Step 5: the digital certificate authentication center will be tested and sign the result and directly be sent to the mobile authentication platform, and will be tested by the mobile authentication platform and to sign the result and be forwarded to bank's platform, and bank's platform is according to signature result treatment business, verification process result.
2. the digital signature method based on mobile phone intelligent card according to claim 1, it is characterized in that, described authentication terminal is meant user mobile phone and the smart card thereof of holding certificate of certification, wherein: certificate of certification is meant the certificate request person certificate of certification of being signed and issued by the digital certificate authentication center, and certificate request person and certificate have unique corresponding relation; Smart card is meant the smart card that has the rsa encryption module and have the storage computation communication function.
3. the digital signature method based on mobile phone intelligent card according to claim 1 is characterized in that, described data SMS is meant the safe packet short message that comprises 3DES encryption and MAC verification scheme.
4. the digital signature method based on mobile phone intelligent card according to claim 1 is characterized in that, described encryption method is meant: smart card is encrypted described data to be signed by cryptographic algorithm, obtains the ciphering signature data of 128 bytes.
5. the digital signature method based on mobile phone intelligent card according to claim 1, it is characterized in that, described test sign to handle be meant that the digital certificate authentication center is decrypted calculating by the algorithm identical with smart card to the ciphering signature data, the signed data after obtaining deciphering.
6. according to claim 1 or 4 described digital signature methods based on mobile phone intelligent card, it is characterized in that, described encryption method is meant: employing RSAES-PKCS1-v1_5-Encrypt ((n, e), M) algorithm, the input data comprise: (n, e) recipient's RSA PKI, wherein: k is that what close digital-to-analogue n is the length of unit of measurement with eight hytes, and M is that length is the eight hyte strings message to be encrypted of mLen, mLen≤k-11, the result of this encryption method are that a length is the ciphertext of the eight hyte strings of k; This encryption method may further comprise the steps:
5.1) length check: as mLen>k-11, computing is ended in output " Message too long " back;
5.2) EME-PKCS1-v1_5 coding: the eight hyte string PS that generate a length and be k-mLen-3 and constitute by non-zero eight hytes of pseudorandom generation, connect PS, message M and form the coded message EM that length is k eight hytes, EM=0x000x02||PS||0x00||M;
5.3) rsa encryption: convert coded message EM to an integer message and represent m:m=OS2IP (EM); With the RSA PKI (n, e) and message represent m substitution RSAEP cryptographic primitives, thereby produce a ciphertext represent c:c=RSAEP ((n, e), m); Representing c to convert a length to ciphertext is that the ciphertext of k eight hytes is represented c, and C=I2OSP (c, k).
7. according to claim 1 or 5 based on the digital signature method of mobile phone intelligent card, it is characterized in that, described test sign to handle be meant: C is decrypted into EM=0x00||0x02||PS||0x00||M with ciphertext, isolate M wherein, calculating informative abstract M ' with this locality at digital certificate authentication center again compares, if M=M ' then assert signature effectively, otherwise:
When the hexadecimal value of first eight hyte of EM is not 0x00, perhaps
When the hexadecimal value of second eight hyte of EM is not 0x02, perhaps
When there not being hexadecimal value is that eight hytes of 0x00 can be isolated PS from M, perhaps
When the length of PS less than 8 eight hytes,
Then output " deciphering makes mistakes " and termination computing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910312596A CN101790166A (en) | 2009-12-30 | 2009-12-30 | Digital signing method based on mobile phone intelligent card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910312596A CN101790166A (en) | 2009-12-30 | 2009-12-30 | Digital signing method based on mobile phone intelligent card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101790166A true CN101790166A (en) | 2010-07-28 |
Family
ID=42533164
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910312596A Pending CN101790166A (en) | 2009-12-30 | 2009-12-30 | Digital signing method based on mobile phone intelligent card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101790166A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102013983A (en) * | 2010-11-26 | 2011-04-13 | 中国科学院软件研究所 | Digital signature method based on strong rivest-shamir-adleman (RSA) hypothesis |
| CN102118251A (en) * | 2011-01-24 | 2011-07-06 | 郑州信大捷安信息技术有限公司 | Security authentication method for internet banking remote payment based on multi-interface intelligent safety card |
| CN102264050A (en) * | 2011-07-19 | 2011-11-30 | 北京星网锐捷网络技术有限公司 | Network access method, system and authentication server |
| CN103200176A (en) * | 2013-02-27 | 2013-07-10 | 中国工商银行股份有限公司 | Identification method, identification device and identification system based on bank independent communication channel |
| CN106211032A (en) * | 2016-06-28 | 2016-12-07 | 公安部第三研究所 | The pairing of bluetooth SIM and the method for digital signature process is realized based on STK |
| CN107566413A (en) * | 2017-10-24 | 2018-01-09 | 东信和平科技股份有限公司 | A kind of intelligent card security authentication method and system based on data SMS technology |
| CN108011722A (en) * | 2017-12-12 | 2018-05-08 | 金邦达有限公司 | Data signature method, system, chip card and micro-control unit |
| CN108259176A (en) * | 2016-12-28 | 2018-07-06 | 中国电信股份有限公司 | Digital signature method, system and terminal based on mobile phone card |
| CN109560933A (en) * | 2018-10-12 | 2019-04-02 | 阿里巴巴集团控股有限公司 | Authentication method and system, storage medium based on digital certificate, electronic equipment |
| CN112543454A (en) * | 2020-11-30 | 2021-03-23 | 亚信科技(成都)有限公司 | Authentication method and equipment |
| CN113850588A (en) * | 2021-09-09 | 2021-12-28 | 中金金融认证中心有限公司 | Method for identity authentication based on chip bank card and related product thereof |
| CN114125844A (en) * | 2021-11-24 | 2022-03-01 | 中国银行股份有限公司 | Method and device for generating and downloading digital certificate |
-
2009
- 2009-12-30 CN CN200910312596A patent/CN101790166A/en active Pending
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102013983B (en) * | 2010-11-26 | 2012-08-22 | 中国科学院软件研究所 | Digital signature method based on strong rivest-shamir-adleman (RSA) hypothesis |
| CN102013983A (en) * | 2010-11-26 | 2011-04-13 | 中国科学院软件研究所 | Digital signature method based on strong rivest-shamir-adleman (RSA) hypothesis |
| CN102118251A (en) * | 2011-01-24 | 2011-07-06 | 郑州信大捷安信息技术有限公司 | Security authentication method for internet banking remote payment based on multi-interface intelligent safety card |
| CN102118251B (en) * | 2011-01-24 | 2013-01-02 | 郑州信大捷安信息技术股份有限公司 | Security authentication method for internet banking remote payment based on multi-interface intelligent safety card |
| CN102264050A (en) * | 2011-07-19 | 2011-11-30 | 北京星网锐捷网络技术有限公司 | Network access method, system and authentication server |
| CN103200176A (en) * | 2013-02-27 | 2013-07-10 | 中国工商银行股份有限公司 | Identification method, identification device and identification system based on bank independent communication channel |
| CN106211032A (en) * | 2016-06-28 | 2016-12-07 | 公安部第三研究所 | The pairing of bluetooth SIM and the method for digital signature process is realized based on STK |
| CN108259176A (en) * | 2016-12-28 | 2018-07-06 | 中国电信股份有限公司 | Digital signature method, system and terminal based on mobile phone card |
| CN108259176B (en) * | 2016-12-28 | 2021-08-27 | 中国电信股份有限公司 | Digital signature method, system and terminal based on mobile phone card |
| CN107566413B (en) * | 2017-10-24 | 2020-09-18 | 东信和平科技股份有限公司 | Smart card security authentication method and system based on data short message technology |
| CN107566413A (en) * | 2017-10-24 | 2018-01-09 | 东信和平科技股份有限公司 | A kind of intelligent card security authentication method and system based on data SMS technology |
| CN108011722A (en) * | 2017-12-12 | 2018-05-08 | 金邦达有限公司 | Data signature method, system, chip card and micro-control unit |
| CN109560933A (en) * | 2018-10-12 | 2019-04-02 | 阿里巴巴集团控股有限公司 | Authentication method and system, storage medium based on digital certificate, electronic equipment |
| CN109560933B (en) * | 2018-10-12 | 2022-04-08 | 蚂蚁蓉信(成都)网络科技有限公司 | Authentication method and system based on digital certificate, storage medium and electronic equipment |
| CN112543454A (en) * | 2020-11-30 | 2021-03-23 | 亚信科技(成都)有限公司 | Authentication method and equipment |
| CN112543454B (en) * | 2020-11-30 | 2022-11-15 | 亚信科技(成都)有限公司 | Authentication method and equipment |
| CN113850588A (en) * | 2021-09-09 | 2021-12-28 | 中金金融认证中心有限公司 | Method for identity authentication based on chip bank card and related product thereof |
| CN114125844A (en) * | 2021-11-24 | 2022-03-01 | 中国银行股份有限公司 | Method and device for generating and downloading digital certificate |
| CN114125844B (en) * | 2021-11-24 | 2024-04-19 | 中国银行股份有限公司 | Method and device for generating and downloading digital certificate |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20240354756A1 (en) | Transaction messaging | |
| CN101790166A (en) | Digital signing method based on mobile phone intelligent card | |
| KR101451214B1 (en) | Payment method, server performing the same, storage media storing the same and system performing the same | |
| CN102202300B (en) | A kind of based on twin-channel dynamic cipher authentication system and method | |
| CN101414909B (en) | System, method and mobile communication terminal for verifying network application user identification | |
| CN102801710B (en) | A kind of network trading method and system | |
| US20110103586A1 (en) | System, Method and Device To Authenticate Relationships By Electronic Means | |
| CN105491077B (en) | A kind of system of authentication | |
| US20090172402A1 (en) | Multi-factor authentication and certification system for electronic transactions | |
| CN101860525B (en) | Realizing method of electronic authorization warrant, intelligent terminal, authorization system and verification terminal | |
| CN101576983A (en) | Electronic payment method and system based on mobile terminal | |
| Chen et al. | NFC mobile payment with Citizen Digital Certificate | |
| CN102103778A (en) | Mobile payment system, mobile terminal and method for realizing mobile payment service | |
| CN101692277A (en) | Biometric encrypted payment system and method for mobile communication equipment | |
| CN101770619A (en) | Multiple-factor authentication method for online payment and authentication system | |
| CN101916476A (en) | Mobile data transmission method based on combination of SD (Secure Digital) encrypted card and short-distance wireless communication technology | |
| CA2355928C (en) | Method and system for implementing a digital signature | |
| TW201135619A (en) | Electronic transaction method and system utilizing QR code | |
| CN102238193A (en) | Data authentication method and system using same | |
| CN103268436A (en) | Method and system for touch-screen based graphical password authentication in mobile payment | |
| EP2195769B1 (en) | Method based on a sim card performing services with high security features | |
| CN106033571A (en) | Trading method of electronic signature devices, electronic signature devices and trading system | |
| CN103401277B (en) | A kind of intelligent power and utilize this intelligent power to realize the method for mobile payment | |
| CN101184107B (en) | Network transaction system and method for executing network transaction using the system | |
| TW201317911A (en) | Cloud credit card transaction system and transaction method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20100728 |