TWI850002B - Individual encrypted signature system and signing method thereof - Google Patents

Abstract

The present invention is a personal encrypted signature system and a signature method thereof, which are implemented through a signature management program in a mobile device. The signature management program stores a first identification information and a first ciphertext information of a primary identification element, and can read a second identification information and a second ciphertext information of a primary identification element; the signature management program can execute an asymmetric encryption algorithm and can encrypt the first identification information, the second identification information and an encryption information into an encrypted signature information according to a private key information in the primary identification element, and write the encrypted signature information into the secondary identification element. In an actual use scenario, an individual can set the secondary identification element on his peripheral product so that others can scan and confirm whether the peripheral product comes from the individual.

Description

Individual encrypted signature system and signing method thereof

The present invention relates to a digital visa, and in particular to a personal encrypted visa system and a personal encrypted visa signing method.

In the era of traditional paper document processing, when a signatory signs a contract, his/her identity is proved by his/her personal handwriting or seal, that is, the handwriting or seal is unique and difficult to be imitated by others; with the advent of the digital era, the identity of the signatory in a digital document can be verified by a digital signature, and the function of the digital signature is similar to the traditional handwriting or seal; the digital signature is usually used by a legal entity such as an enterprise or an organization. The legal entity must be verified by a digital certificate certification authority (CA) to obtain a digital certificate, which can be understood as the electronic ID card of the legal entity, used as the basis for proving its identity.

If an individual (such as a merchant) wants others (such as its customers) to verify whether the peripheral product is produced by the individual when using it, this can be achieved through the concept of the digital signature mentioned above. However, the digital signature can only be obtained through the aforementioned method and through a cumbersome process (just like applying for a natural person certificate), and after the digital signature is obtained, there is still a lack of an electronic carrier for the digital signature to be stored. That is, in this digital age, for an individual, there is a lack of an easy-to-set and credible way to prove that a product or work is produced by the individual.

Existing digital signatures require a cumbersome process to obtain, making it difficult to prove that an item comes from an individual (i.e., prove the originality of the item). In view of this, the present invention provides a personal encryption signature system and its signing method to overcome the aforementioned problem.

The personal encryption visa system of the present invention comprises: a main identification element having a first identification information, a first ciphertext information and a private key information; a primary identification element having a second identification information and a second ciphertext information; a mobile device having data of a visa management program, the visa management program is used to read the first identification information, the first ciphertext information, the second identification information and the second ciphertext information; a cloud server, which is connected to the mobile device for communication to receive the first identification information, the first ciphertext information, the second identification information and the second ciphertext information, and transmits the first identification information and the second ciphertext information to the cloud server. The first ciphertext information verifies the primary identification element, and the secondary identification element is verified through the second identification information and the second ciphertext information to respectively confirm whether the primary identification element and the secondary identification element are respectively a legitimate identification element; when the primary identification element and the secondary identification element are respectively a legitimate identification element, the mobile device reads the private key information, executes an asymmetric encryption algorithm through the certificate management program, and encrypts the first identification information, the second identification information and an encryption information into an encrypted certificate information according to the private key information, and writes the encrypted certificate information into the secondary identification element.

The present invention provides a method for signing a personal encrypted signature. The method is implemented by a signature management program of a mobile device. The signature management program stores a first identification information and a first ciphertext information of a primary identification element. The method comprises: (a) reading a second identification information of a primary identification element; (b) transmitting the second identification information to a cloud server so that the cloud server can determine whether the secondary identification element is a legitimate identification element according to the second identification information; (c) reading a second ciphertext information of the secondary identification element; (d) transmitting the second ciphertext information of the secondary identification element to a cloud server. (e) receiving the judgment results of steps (b) and (d), and when the judgment results of steps (b) and (d) are both yes, reading a private key information of the primary identification element; (f) performing an asymmetric encryption operation on the first identification information, the second identification information and an encrypted information according to the private key information to obtain an encrypted signature information, and writing the encrypted signature information into the secondary identification element.

When the present invention is applied in actual usage scenarios, an individual (such as a merchant) can set the secondary identification element on its peripheral products so that others (such as its customers) can scan and confirm whether the peripheral products are from the individual. For the merchant, it only needs to sense the primary identification element and the secondary identification element through the visa management program and fill in some information to complete the setting of the primary identification element and the secondary identification element, which is more reliable for the information. For example, the primary identification element and the secondary identification element are respectively a legal identification element verified by the system of the present invention, and the first identification information and the second identification information are respectively the unique identification codes of the primary identification element and the secondary identification element, and the encrypted signature information includes the first identification information and the second identification information, so the encrypted signature information has its credibility and can prove that part of the information of the secondary identification element is derived from the information of the primary identification element.

10: Main identification element

11: First Memory

12: First system data block

13: The first plaintext data block

14: First category data block

15: First ciphertext data block

16: First visa data block

20: Secondary identification element

21: Second memory

22: Second system data block

23: Second plaintext data block

24: Second category data block

25: Second ciphertext data block

26: Second visa data block

30,30’: Mobile devices

40: Cloud Server

41: Identification information database

42: Main webpage management platform

43: Main page

50: Scan now button

500:Confirm button

501:Cancel button

502:Cancel scan button

51: Owner Profile

52: Edit data button

520: Field

53: Works management button

530: Create Work Button

531: First Work

532: Works edit button

533: Works view button

534: Introduction of the work

535: Owner link button

536:Verification button

54: Change password button

C1: First identification information

C2: Second identification information

S1: First category information

S2: First ciphertext information

S3: Main page edit link information

S4: Main page connection information

S5: Second category information

S6: Second ciphertext information

S7: Private key information

S8: Public key information

S9: Encrypted visa information

S10: Read instruction

V1: Identification information verification

V2: Ciphertext information verification

Figure 1: Circuit block diagram of the personal encryption signature system of the present invention.

Figure 2A: Schematic diagram of the initial interface of the visa management program in the present invention.

Figure 2B: Schematic diagram of the password input interface of the visa management program in the present invention.

Figure 2C: Schematic diagram of the scanning prompt interface of the visa management program in the present invention.

Figure 3: Block diagram of the circuit for executing identification information verification and ciphertext information verification in the personal encryption signature system of the present invention.

Figure 4: A circuit block diagram of the personal encrypted authentication system of the present invention, wherein the mobile device reads the main web page editing link information to link to the main web page management platform.

Figure 5A: Schematic diagram of the main web page interface of the visa management program in the present invention.

Figure 5B: Schematic diagram of the main editing interface of the visa management program in the present invention.

Figure 6: A circuit block diagram of the personal encryption authentication system of the present invention, wherein another mobile device reads the main web page link information to link to the main web page.

Figure 7: Schematic diagram of the work management interface of the license management program in the present invention.

Figure 8: Circuit block diagram of the encrypted signature signing process of the personal encrypted signature system of the present invention.

Figure 9A: A schematic diagram of the work management interface of the license management program in the present invention, wherein a first work is displayed.

Figure 9B: Schematic diagram of the work editing interface of the licensing management program in the present invention.

Figure 9C: Schematic diagram of the second web page of the visa management program in the present invention.

Figure 10: Block diagram of the circuit for the personal encrypted signature system of the present invention to perform encrypted signature verification.

Figure 11: Flowchart of the individual encrypted signature signing method of the present invention.

In order to understand the technical features and practical effects of the present invention in detail and to implement it according to the content of the invention, the following is a detailed description of the embodiments shown in the figure:

The present invention is a personal encryption signature system and its signing method. Please refer to Figure 1. The personal encryption signature system includes a master identification element 10, at least one primary identification element 20, a mobile device 30 and a cloud server 40, wherein the mobile device 30 is connected to the cloud server 40 for communication.

The main identification element 10 is a tag supporting near field communication technology (NFC) and has a first identification information C1. The first identification information C1 includes a unique identification code (UID) and a signature (UID Signature) of the main identification element 10. Specifically, the main identification element 10 includes a radio frequency chip and a sensing antenna. The radio frequency chip is electrically connected to the sensing antenna. The radio frequency chip is used to store and process signals, and the sensing antenna is used to receive and transmit signals. The radio frequency chip includes a first memory 11. The first memory 11 stores the first identification information C1, and the first memory The body 11 includes a first system data block 12, a first plaintext data block 13, a first category data block 14, a first ciphertext data block 15 and a first certification data block 16, and the first identification information C1 is stored in the first system data block 12. The functions of the aforementioned first data blocks and the information stored therein will be further described later.

The hardware structure of the at least one primary identification element 20 is substantially the same as that of the primary identification element 10. Each of the secondary identification elements 20 also has a second memory 21. The difference is that the information stored in the second memory 21 is different from the information in the first memory 11. Each of the second memories 21 includes a second system data block 22, a second plaintext data block 23, a second category data block 24, a second ciphertext data block 25 and a second signature data block 26, and each of the sub-identification elements 20 has a second identification information C2, the second identification information C2 includes a unique identification code and a signature of each of the sub-identification elements 20, and is stored in the second system data block 22. The function of each second data block and the information stored therein will be further described later.

The main identification element 10 and each of the secondary identification elements 20 can be respectively set on any object, so the appearance structure of the main identification element 10 and the secondary identification element 20 is not limited. For example, the main identification element 10 and each of the secondary identification elements 20 can be respectively designed as a sticker and attached to an object.

The mobile device 30 is used to read the information in the first memory 11 and the second memory 21, or write information to the first memory 11 and the second memory 21. Specifically, the mobile device 30 has data of a visa management program (APP), and the mobile device 30 has a reader (Reader) that supports near field communication technology (NFC). When the mobile device 30 senses the primary identification element 10 or the secondary identification element 20, the mobile device 30 communicates with the primary identification element 10 or the secondary identification element 20, and can transmit information to each other; the mobile device 30 can be a mobile device such as a mobile phone, a tablet computer, etc.

The cloud server 40 serves as a core for data access and management, integrating and managing different databases, and has functions such as data access, data calculation, and data comparison. For example, the cloud server 40 can be an application server built on a public cloud (such as Amazon AWS, Microsoft Azure), and the mobile device 30 can communicate with the cloud server 40 through the visa management program. In order to understand the operation of the individual encrypted visa system of the present invention in detail, the following is an explanation with the operation diagram of the visa management program.

When the user operates the mobile device 30 to execute the visa management program, as shown in FIG. 2A , the mobile device 30 displays a start interface of the visa management program, and the start interface has an immediate scan button 50; when the immediate scan button 50 is touched, the mobile device 30 displays a password input interface as shown in FIG. 2B , and the password input interface is used for the user to input a default password of the main identification element 10, and the password input interface includes a A confirmation button 500 and a cancel button 501, wherein the confirmation button 500 is used for the user to confirm the input of the default password to jump to the next interface, and the cancel button 501 is used to return to the starting interface, wherein the default password is used to obtain the read and write (read and write) permissions of some data blocks in the memory 10, specifically, to obtain the read and write permissions of the first category data block 14, the first ciphertext data block 15 and the first signature data block 16.

When the confirmation button 500 is touched, the mobile device 30 displays a prompt scanning interface as shown in FIG. 2C , and the user can approach the main identification element 10 through the mobile device 30 to sense the main identification element 10 to verify the preset password. The prompt scanning interface has a cancel scanning button 502, and the cancel scanning button 502 is used to jump the screen back to the password input interface. Regarding how to verify the preset password, the mobile device 30 communicates with the main identification element 10 through its reader and the visa management program using near field communication technology. The information is transmitted and completed. How to read and write information using near field communication technology is common knowledge in the relevant field and will not be described in detail here. In short, the mobile device 30 modulates the password entered by the user into a request signal through the visa management program, and then the reader sends the request signal to the inductive antenna of the main identification unit 10. The inductive antenna will receive the request signal to the RF chip, and the RF chip will demodulate the request signal and compare the content (the password entered by the user) therein to verify whether it is the same as the preset password.

When the default password verification fails, the mobile device 30 jumps back to the password input interface (as shown in FIG. 2B ) for the user to input the default password again; when the default password verification succeeds, the mobile device 30 will read the information in the main identification element 10 and verify the following three pieces of information at the same time:

1. Verify whether the read identification element is a master identification element.

2. Confirm whether the read identification component is legitimate (not counterfeit) by verifying the identification information.

3. Confirm whether the read identification element is legal by verifying the ciphertext information.

1. Verify whether the read identification element is a primary identification element: As shown in FIG. 3 , the mobile device 30 reads the first category data block 14 to identify the identification element as a primary identification element or a primary identification element. Specifically, the first category data block 14 and the second category data block 24 both have category information. The category information is an information format defined by the system. The mobile device 30 reads the category information to identify the category of an identification element. For the sake of easy distinction and understanding in the following text, the The first category data block 14 contains a first category information, and the second category data block 24 contains a second category information. Here, the category information read by the mobile device 30 is the first category information S1, and the identification element can be determined to be the main identification element 10; if the mobile device 30 senses the main identification element 10, but the category information read is not the first category information, the mobile device 30 will display an error message of "Insufficient authority" and jump back to the starting interface as shown in Figure 2A.

2. Confirm whether the read identification element is legitimate (not counterfeit) by verifying an identification information: The mobile device 30 reads the first identification information C1 in the first system data block 12, and uploads the first identification information C1 to the cloud server 40 for an identification information verification V1. Specifically, the cloud server 40 can access an identification information database 41, in which a plurality of identification reference information is pre-stored. When the cloud server 40 receives the first identification information C1, the cloud server 40 compares the first identification information C1 with one of the plurality of identification reference information to confirm whether the main identification element 10 is legitimate (not counterfeit), and returns the comparison result to the mobile device 30 for the mobile device 30 to perform subsequent processes; when the comparison result is yes, it means that the main identification element 10 is a legitimate identification element. When the comparison result is negative, it indicates that the main identification element 10 may be an identification element illegally counterfeited by other manufacturers. The mobile device 30 will display an error message of "illegal element" and jump back to the starting interface as shown in Figure 2A; by verifying the first identification information C1, it is confirmed whether the main identification element 10 is a legal identification element to prevent the subsequent signature encryption of the identification element with the same identification code from being stolen or counterfeited.

3. Confirming whether the read identification element is legal by verifying a ciphertext information: The mobile device 30 reads a first ciphertext information S2 (Cipher) in the first ciphertext data block 15, and then uploads the first ciphertext information S2 to the cloud server 40 for a ciphertext information verification V2 to verify the content and format of the first ciphertext information S2. Specifically, the first ciphertext data block 15 can generate a ciphertext (Cipher) according to the information of other data blocks, and the first ciphertext information S2 is the first ciphertext data block 15 using a symmetric encryption algorithm to encrypt the first identification information C1 and a system message through a system key information, wherein the symmetric encryption algorithm is in accordance with the Advanced Encryption Standard (ADES). Encryption Standard, AES) and Cipher Block Chaining Mode (CBC), for example: AES-128 CBC algorithm, and the system message is a random code defined by the system.

The cloud server 40 has pre-stored information about the system key and can perform the symmetric encryption algorithm. When the mobile device 30 reads the first ciphertext information S2, the mobile device 30 uploads the first ciphertext information S2 to the cloud server 40. The cloud server 40 calculates a first verification ciphertext information through the system key and the first identification information C1, and compares the first verification ciphertext information to see whether it matches the first ciphertext information S2. The cloud server 40 returns the comparison result to the mobile device 30 so that the mobile device 30 can verify the identity of the main identification element 10. Read or write the subsequent information; when the comparison result is yes, it means that the ciphertext information in the main identification element 10 is identifiable by the cloud server 40, and the main identification element 10 is a legal identification element; when the comparison result is no, it means that the main identification element 10 may be an identification element illegally counterfeited by other manufacturers, and the mobile device 30 will display an error message of "illegal element" and jump back to the starting interface as shown in Figure 2A; by verifying the first ciphertext information S2, check again whether the main identification element 10 is an identification element that can be subsequently signed and encrypted by this system.

When the main identification element 10 completes the identification information verification V1 and the ciphertext information verification V2, please refer to FIG. 4 , the mobile device 30 reads a main web page editing link information S3 in the first plaintext data block 13 and connects to a main web page management platform 42 in the cloud server 40; specifically, the first plaintext data block 13 stores a plurality of plaintext information (Plaintext), and the plurality of plaintext information is in accordance with the NFC Date Exchange format (NFC Date Exchange Format, NDEF), and one of the plurality of plain text information is the main web page edit link information S3, whose content reflects a web page edit link, and the main web page management platform 42 is a management background of a main web page, and the user can edit the display content of the main web page through the main web page management platform 42, wherein the main web page corresponds to the first identification information C1, and the URL of the main web page includes the unique identification code of the main identification element 10.

When the mobile device 30 is connected to the main webpage management platform 42, the mobile device 30 will jump to a main webpage interface as shown in FIG. 5A. The main webpage interface includes an owner profile 51, an edit data button 52, a work management button 53, and a change password button 54. The owner profile 51 is the relevant information of the owner of the main identification element 10, for example, it may include: an owner name, an owner avatar, an owner brief description, etc. When using When the user (owner) touches the edit data button 52, the mobile device 30 will display a main editing interface as shown in FIG. 5B. The main editing interface includes a plurality of fields 520 for the user to edit the display content of the owner profile 51. The plurality of fields 520 include a first identification information field. The content of the first identification information field cannot be changed or modified. The content of the first identification information C1 (the unique identification code of the main identification element) is displayed.

Please refer to FIG6 . When a user without editing authority scans the main identification element 10 through a mobile device 30′ supporting near field communication technology, the mobile device 30′ reads a main webpage link information S4 in the first plaintext data block 13 and links to the main webpage 43 in the cloud server 40. The user without editing authority means that the main identification element 10 has not been entered through the certification management program. The default password does not have the read and write permissions of the first memory 11, so it is impossible to read the main page edit link information S3 as mentioned above to edit the main page 43; when the mobile device 30' is linked to the main page 43, the content of the main page 43 is displayed on the mobile device 30'. Unlike the aforementioned main page interface, the main page 43 only displays the content of the owner profile 51.

Please refer to Figure 5A again. When the user (with editing privileges) touches the work management button 53, the mobile device 30 will display a work management interface as shown in Figure 7. The work management interface includes a create work button 530. When the create work button 530 is touched, the mobile device 30 will display the prompt scanning interface as shown in Figure 2C. The user can approach one of the sub-identification elements 20 through the mobile device 30 to read or write data to the sub-identification element 20. The main purpose is to write an encrypted signature information for the sub-identification element 20.

Please refer to FIG. 8 for details. Before writing the encrypted signature information, as mentioned above, the signature management program must first confirm the type of the sensed identification element and whether it is a legal identification element of the system. Therefore, the mobile device 30 first reads the type information in the second type data block 24 to identify what type of identification element this identification element is. Since the type information in the second type data block 24 is a second type information S5, and can determine that the identification element is the secondary identification element 20; at the same time, the mobile device 30 reads the second identification information C2 in the second data block 12, and uploads the second identification information C2 to the cloud server for the identification information verification V1, comparing whether the second identification information C2 is the same as one of the multiple identification information to confirm whether the secondary identification element 20 is a legal identification element.

The mobile device 30 reads a second ciphertext information S6 in the second ciphertext data block 25, and then uploads the second ciphertext information S6 to the cloud server 40 for the ciphertext information verification V2, wherein the second ciphertext information S6 is obtained by encrypting the second identification information C2 and the system message through the information of the system key using the symmetric encryption algorithm in the second ciphertext data block 25; how the second identification information C2 and the second ciphertext information S6 respectively perform the identification information verification V1 and the ciphertext information verification V2 is similar to the aforementioned verification method of the first identification information C1 and the first ciphertext information S2, and will not be further described here.

When the mobile device 30 confirms that the sub-identity element 20 is a legitimate identification element of the system, the mobile device 30 will write an encrypted signature information S9 to the sub-identity element 20, that is, perform a signing process (Signing). First, the mobile device 30 reads a private key information S7 in the first signature data block 16 to obtain a public key information S8, and uploads the public key information S8 to the cloud server 40 for the cloud server 40 to store the public key information S8. Specifically, the mobile device 30 executes an asymmetric cryptography algorithm through the signature management system to calculate the public key information S8 through the private key information S7.

Next, the visa management system uses the private key information to asymmetrically encrypt the first identification information C1, the second identification information C2 and an encryption information into the encrypted visa information S9, wherein the encryption information has a similar function to the aforementioned system information, and both are random codes defined by the system. The difference between the two is that their respective contents or bit lengths may be different; furthermore, the mobile device 30 writes the encrypted visa information S9 into the second visa data block 26, and sets the second visa data block 26 to read-only form, thereby completing the signing process for the secondary identification element 20.

When the sub-identification element 20 completes the signing process, that is, completes the creation of a work, the work management interface will display a first work 531 as shown in FIG. 9A, wherein the display name of the first work 531 is preset to the unique identification code of the sub-identification element 20 (that is, the content of the second identification information C2). Subsequent users can touch a work editing button 532 in the work management interface to jump to a work as shown in FIG. 9B. The editing interface is used for editing. Specifically, when the work editing button 532 is touched, the mobile device 30 reads the primary webpage editing link information in the second plaintext data block 23 and connects to the primary webpage management platform in the cloud server 40. Since the operation of this part is the same as the aforementioned mobile device 30 reading the main webpage editing link information S3 in the first plaintext data block 13, it will not be described in detail.

When the work introduction of the first work 531 is edited, the user can touch a work view button 533 in the work management interface to jump to the primary webpage shown in FIG. 9C to view the work introduction of the first work 531. Specifically, when the work view button 533 is touched, the mobile device 30 reads the primary webpage link information in the second plaintext data block 23 and links to the secondary webpage in the cloud server 40. When a user directly senses the secondary identification element 20 through his own mobile device without using the visa management program, his own mobile device also displays the content of the secondary webpage.

Please refer to FIG. 9C . The displayed content of the secondary webpage includes a work introduction 534, an owner link button 535 and a verification button 536. The work introduction 534 displays the relevant information of the first work 531, and the owner link button 535 is used to link to the main webpage 43. The verification button 536 is used to verify the encrypted signature information S9 of the secondary identification element 20. Specifically, the verification of the encrypted signature information S9 needs to be performed through a mobile device with the signature management program. Therefore, the following uses the mobile device 30 to explain how to verify the encrypted signature information S9.

When the verification button 536 is touched, please refer to FIG. 10 , the cloud server 40 sends a read instruction S10 to the mobile device 30, and the mobile device 30 will display the prompt scanning interface shown in FIG. 2C , prompting the user to sense the secondary identification element 20 to read the encrypted signature information S9 in the second signature data block 26; then, the mobile device 30 will send the encrypted signature information S9 to the cloud server 40, and the cloud server 40 will use the asymmetric encryption algorithm and store the encrypted signature information S9 according to the stored The public key information S8, the first identification information C1 and the second identification information C2 are used to calculate a verification certificate information and compare the verification certificate information with the encrypted certificate information S9. When the comparison result is yes, it means that the secondary identification element 20 is encrypted and signed by this system. When the comparison result is no, it means that the secondary identification element 20 may not be from the owner of the primary identification element 10. After the cloud server 40 completes the comparison, it will return the verification result of the encrypted certificate information S9 to the mobile device 30.

The personal encryption signature signing method of the present invention is implemented through the signature management program in the above-mentioned personal encryption signature system, wherein the signature management program stores the first identification information C1 and the first ciphertext information, and the main identification element 10 stores the private key information S7, please refer to Figure 11, the method includes:

P10: Read the second identification information C2 of the secondary identification element 20.

P20: The second identification information C2 is transmitted to a cloud server 40, so that the cloud server 40 can judge whether the secondary identification element 20 is a legal identification element according to the second identification information C2; specifically, the identification information verification V1 is performed. The method of the identification information verification V1 is as described above and will not be repeated. When the judgment result is negative, the certification management program will display an error message of "illegal element" and jump back to the starting interface as shown in FIG2A.

P30: Read the second ciphertext information S6 of the secondary identification element 20.

P40: The second ciphertext information S6 is transmitted to the cloud server 40, so that the cloud server 40 can judge whether the secondary identification element 20 is a legal identification element according to the second ciphertext information S6; specifically, the ciphertext information verification V2 is performed. The method of the ciphertext information verification V2 is as described above and will not be repeated. When the judgment result is negative, the certification management program will display an error message of "illegal element" and jump back to the starting interface as shown in FIG2A.

P50: Receive the judgment results of steps P20 and P40. When the judgment results of steps P20 and P40 are both yes, read the private key information.

P60: According to the private key information, the first identification information C1, the second identification information C2 and an encryption information are subjected to an asymmetric encryption operation to obtain an encrypted signature information S9, and the encrypted signature information S9 is written into the secondary identification element 20.

The personal encrypted signature system and its signing method of the present invention have the common feature that the mobile device 30 has the signature management program, and the signature management program can execute an asymmetric encryption algorithm and can encrypt the first identification information C1, the second identification information C2 and an encryption information according to a private key information in the primary identification element 10 to obtain the encrypted signature information S9, and write the encrypted signature information into the secondary identification element 20. In actual use scenarios, an individual (such as a merchant) can set the secondary identification element 20 on its peripheral products so that others (such as its customers) can scan and confirm whether the peripheral products are from the individual. For the merchant, it is only necessary to complete the setting of the primary identification element 10 and the secondary identification element 20 through sensing and filling in some basic information. For the legitimacy and credibility of the information, the system of the present invention performs two information verifications on the primary identification element 10 and the secondary identification element 20 respectively ( An identification information verification and a ciphertext information verification) are performed to confirm that the primary identification element 10 and the secondary identification element 20 are respectively a legal identification element, and then the encrypted signature information S9 is written into the secondary identification element 20. The cloud server in this system also has the verification function of the encrypted signature information to prevent unscrupulous persons from copying the secondary identification element 20. Therefore, the encrypted signature information in the present invention is credible and can prove that part of the information of the secondary identification element 20 is derived from the information of the primary identification element 10.

In summary, the above only records the implementation methods or examples of the technical means adopted by the present invention to solve the problem, and is not used to limit the scope of implementation of the present invention. That is, all equivalent changes and modifications that are consistent with the scope of the patent application of the present invention or made according to the scope of the patent of the present invention are covered by the scope of the patent of the present invention.

10: Main identification element

11: First Memory

12: First system data block

13: First plaintext data block

14: First category data block

15: First ciphertext data block

16: First visa data block

20: Secondary identification element

21: Second memory

22: Second system data block

23: Second plaintext data block

24: Second category data block

25: Second ciphertext data block

26: Second visa data block

30: Mobile devices

40: Cloud Server

C1: First identification information

C2: Second identification information

Claims (10)

A personal encryption visa system includes: a master identification element storing a first identification information, a first ciphertext information and a private key information; a primary identification element storing a second identification information and a second ciphertext information; a mobile device having data of a visa management program, the visa management program being used to read the first identification information, the first ciphertext information, the second identification information and the second ciphertext information; a cloud server communicating with the mobile device to receive the first identification information, the first ciphertext information, the second identification information and the second ciphertext information, and to communicate with the first identification information and the second ciphertext information to obtain the first identification information, the first ciphertext information, the second identification information and the second ciphertext information. The first ciphertext information verifies the primary identification element, and the secondary identification element is verified through the second identification information and the second ciphertext information to respectively confirm whether the primary identification element and the secondary identification element are respectively a legitimate identification element; when the primary identification element and the secondary identification element are respectively a legitimate identification element, the mobile device reads the private key information, executes an asymmetric encryption algorithm through the certificate management program, and encrypts the first identification information, the second identification information and an encryption information into an encrypted certificate information according to the private key information, and writes the encrypted certificate information into the secondary identification element. The personal encryption authentication system as described in claim 1, wherein the primary identification element and the secondary identification element are tags supporting near field communication technology, the first identification information includes a unique identification code of the primary identification element, and the second identification information includes a unique identification code of the secondary identification element. The individual encryption authentication system as described in claim 1, wherein the primary identification element and the secondary identification element respectively have a first plaintext data block and a second plaintext data block, wherein the first plaintext data block and the second plaintext data block store a plurality of plaintext information, and the plurality of plaintext information complies with the Near Field Communication Data Exchange Format (NFC Date Exchange Format, NDEF). As described in claim 1, the cloud server can access an identification information database, in which multiple identification reference information is pre-stored. When the cloud server receives the first identification information, it compares whether the first identification information is the same as one of the multiple identification reference information. If they are the same, it confirms whether the main identification element is a legitimate identification element. The individual encryption signature system as described in claim 1, wherein the primary identification element and the secondary identification element respectively have a first ciphertext data block and a second ciphertext data block, and the first ciphertext data block and the second ciphertext data block respectively record the first ciphertext information and the second ciphertext information. The individual encryption signature system as described in claim 1, wherein the first ciphertext information is obtained by symmetric encryption calculation of the first identification information and a system message through information of a system key; the second ciphertext information is obtained by symmetric encryption calculation of the second identification information and the system message through information of the system key. As described in claim 6, the cloud server stores the system key and can execute a symmetric encryption algorithm. The cloud server calculates a first verification ciphertext information through the system key and the first identification information, and then compares whether the first verification ciphertext information is the same as the first ciphertext information, and confirms whether the main identification element is a legal identification element based on the comparison result. The personal encryption signature system as described in claim 1, wherein the primary identification element and the secondary identification element respectively have a first signature data block and a second signature data block, the first signature data block stores the private key information, and the second signature data block stores the encrypted signature information. The individual encrypted signature system as described in claim 1, wherein the cloud server stores a public key information generated by the private key information, and the cloud server calculates a verification signature information based on the public key information, the first identification information and the second identification information through the asymmetric encryption algorithm to verify the encrypted signature information. A personal encryption signature signing method is implemented by a signature management program of a mobile device. The signature management program stores a first identification information and a first ciphertext information of a primary identification element. The method comprises: (a) reading a second identification information of a primary identification element; (b) transmitting the second identification information to a cloud server so that the cloud server can determine whether the secondary identification element is a legitimate identification element according to the second identification information; (c) reading a second ciphertext information of the secondary identification element; (d) transmitting the second ciphertext information of the secondary identification element to a cloud server; (e) receiving the judgment results of steps (b) and (d), and when the judgment results of steps (b) and (d) are both yes, reading a private key information of the primary identification element; (f) performing an asymmetric encryption operation on the first identification information, the second identification information and an encryption information according to the private key information to obtain an encrypted signature information, and writing the encrypted signature information into the secondary identification element.

Images