[go: up one dir, main page]

WO2019100531A1 - Procédé de génération de signature numérique et dispositif associé, procédé de vérification et dispositif associé, et support d'informations - Google Patents

Procédé de génération de signature numérique et dispositif associé, procédé de vérification et dispositif associé, et support d'informations Download PDF

Info

Publication number
WO2019100531A1
WO2019100531A1 PCT/CN2017/120026 CN2017120026W WO2019100531A1 WO 2019100531 A1 WO2019100531 A1 WO 2019100531A1 CN 2017120026 W CN2017120026 W CN 2017120026W WO 2019100531 A1 WO2019100531 A1 WO 2019100531A1
Authority
WO
WIPO (PCT)
Prior art keywords
digital
digital certificate
path
digital signature
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/120026
Other languages
English (en)
Chinese (zh)
Inventor
苏志辉
欧阳涛
唐占国
王高华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wotrus Ca Ltd
Original Assignee
Wotrus Ca Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wotrus Ca Ltd filed Critical Wotrus Ca Ltd
Publication of WO2019100531A1 publication Critical patent/WO2019100531A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Definitions

  • the present invention relates to the field of digital signature technologies, and in particular, to a digital signature generation method and device thereof, a digital signature verification method and device thereof, and a computer readable storage medium.
  • Digital signatures use digital certificates to sign data or files and can be used to prove the integrity of data or files and to prove the identity of the data signer.
  • Verifying the digital signature requires verification of the signer's public key certificate.
  • the application of the digital signature standard is to embed the certificate chain of the signature certificate in the signature, which makes the signature data up to 6K bytes, which is not a problem for file signing in the PC era.
  • Digital signatures will be widely used in various applications of mobile Internet.
  • the traditional PC-based digital signature verification method not only wastes the traffic of mobile users, but also occupies the user's mobile phone CPU and storage space resources, and will also increase the power consumption of mobile phones. , reduce standby time.
  • the main object of the present invention is to provide a digital signature generation method, which aims to reduce the amount of data of a digital signature, thereby speeding up the verification and transmission of digital signatures, and reducing the space occupied and power consumption of the digital signature application.
  • the present invention provides a digital signature generating method, and the digital signature generating method includes the following steps:
  • the message digest is digitally signed by a private key corresponding to the public key in the digital certificate.
  • the step of generating a message digest according to the path of the first digest information and the digital certificate comprises:
  • the method before the step of acquiring the path of the first target data and the corresponding digital certificate, the method further includes:
  • the digital certificate is stored in the path of the digital certificate.
  • the step of generating the path of the digital certificate comprises:
  • the step of calculating the first summary information of the first target data comprises:
  • the step of generating a message digest according to the path of the first digest information and the digital certificate comprises:
  • the DER encoding result including the digital certificate path is calculated by a hash algorithm to obtain the message digest.
  • the present invention also provides a digital signature generating device including a memory, a processor, and a computer program stored on the memory and operable on the processor, The steps of the digital signature generation method of any of the above, when the computer program is executed by the processor.
  • the present invention further provides a computer readable storage medium having a digital signature generation program stored thereon, and the digital signature generation program is executed by a processor to implement any of the above The steps of the digital signature generation method described in the item.
  • the present invention further provides a digital signature verification method, based on the digital signature generated by the digital signature generation method according to any of the above, the digital signature verification method comprising the following steps:
  • the digital signature is verified using the digital certificate.
  • the step of parsing the path of the digital certificate in the digital signature comprises:
  • the method before the step of verifying the digital signature by using the digital certificate, the method further includes:
  • the step of obtaining the corresponding digital certificate according to the path of the digital certificate comprises:
  • the digital certificate is obtained from a remote server according to the path of the digital certificate.
  • the present invention also provides a digital signature verification device including a memory, a processor, and a computer program stored on the memory and operable on the processor, The steps of the digital signature verification method of any of the above, when the computer program is executed by the processor.
  • the present invention further provides a computer readable storage medium having a digital signature verification program stored thereon, and the digital signature generation program is executed by a processor to implement any of the above The steps of the digital signature verification method described in the item.
  • a method for generating a digital signature by adding a path of a digital certificate to a digital signature, so that the digital signature can be verified by obtaining a digital certificate through the added path during verification, so that the digital signature can be directly added without being directly added.
  • Digital certificates thus reduce the amount of digital signature data, thereby speeding up the verification and transmission of digital signatures, and reducing the space and power consumption of digital signature applications.
  • FIG. 1 is a schematic structural diagram of a device in a hardware operating environment involved in a digital signature generating method according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a device in a hardware operating environment involved in a digital signature verification method according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a first flow of a method for generating a digital signature according to an embodiment of the present invention
  • FIG. 4 is a second schematic flowchart of a method for generating a digital signature according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a third process of a method for generating a digital signature according to an embodiment of the present invention.
  • FIG. 6 is a schematic diagram of a first flow of a digital signature verification method according to an embodiment of the present invention.
  • FIG. 7 is a second schematic flowchart of a digital signature verification method according to an embodiment of the present invention.
  • FIG. 8 is a third schematic flowchart of a digital signature verification method according to an embodiment of the present invention.
  • FIG. 9 is a schematic diagram of a fourth flow of a digital signature verification method according to an embodiment of the present invention.
  • the main solution of the embodiment of the present invention is: acquiring a path of the first target data and the corresponding digital certificate, and calculating first summary information of the first target data, according to the first summary information and the digital certificate
  • the path generates a message digest, and the message digest is digitally signed by a private key corresponding to the public key in the digital certificate.
  • the invention provides a solution, by adding a digital certificate path in the digital signature, so that the digital signature can be verified by obtaining the digital certificate through the added path during verification, so that the digital signature can be implemented without directly adding a digital certificate.
  • the reduction in the amount of signature data speeds up the speed of digital signature verification and transmission, reducing the space and power consumption of digital signature applications.
  • FIG. 1 is a schematic diagram of a device structure of a hardware operation environment involved in a digital signature generation method according to an embodiment of the present invention
  • FIG. 2 is a device of a hardware operation environment involved in a digital signature verification method according to an embodiment of the present invention. Schematic.
  • the digital signature generation method and the digital signature verification method in the embodiments of the present invention are applicable to all digital signature service scenarios, and support PC applications, mobile applications, and Internet of Things applications, such as RFC3161 timestamp service, code signature application, document signature application, Device communication signature application, etc.
  • the apparatus for operating the digital signature generation method or the digital signature verification method of the embodiment of the present invention may include a processor 1001, such as a CPU, a network interface 1002, a memory 1003, and a communication bus 1004.
  • the communication bus 1004 is used to implement connection communication between these components.
  • the network interface 1002 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface).
  • the memory 1003 may be a high speed RAM memory or a stable memory (non-volatile) Memory), such as disk storage.
  • the memory 1003 may be a built-in storage device of the device, and may also be a storage device that is independent of the device and connected to the device.
  • the network interface 1002 is mainly used to connect to a network and perform data communication with other servers through the network.
  • FIGS. 1 and 2 does not constitute a limitation on the device, and may include more or less components than those illustrated, or combine some components, or different component arrangements. .
  • the operating system, the network communication module, and the digital signature generation program may be included in the memory 1003 as a computer storage medium.
  • the processor 1001 can be used to call a digital signature generation program stored in the memory 1003 and perform the operations of the steps of the digital signature generation method in the following embodiments.
  • the computer readable storage medium may be a mobile storage device such as a USB flash drive or a mobile storage hard disk, or may be a memory built in each digital signature generating device.
  • the operating system, the network communication module, and the digital signature verification program may be included in the memory 1003 as a computer storage medium.
  • the processor 1001 can be used to call a digital signature verification program stored in the memory 1003 and perform the operations of the steps of the digital signature verification method in the following embodiments.
  • the computer readable storage medium may be a mobile storage device such as a USB flash drive or a mobile storage hard disk, or may be a memory built in each digital signature generating device.
  • the user may store the digital signature generation program or the digital signature verification program on the computer storage medium of the device or the computer storage medium externally placed on the device and connected to the device according to actual needs, so that the device can execute the digital signature generation method. Or the steps of the digital signature verification method.
  • the computer storage medium of the same device can simultaneously store the digital signature generation and verification program, so that the device can simultaneously have the function of executing the steps of the digital signature generation method or the digital signature verification method.
  • the digital signature generating device or the digital signature verification device may be specifically a device that needs to perform digital signature generation or digital signature verification, such as a mobile phone, a computer, a tablet computer, a delivery terminal (such as a teller machine, etc.).
  • an embodiment of the present invention provides a digital signature generating method, where the digital signature generating method includes:
  • Step S10 acquiring a path of the first target data and its corresponding digital certificate
  • the path of the digital certificate may be created and stored, and one path corresponds to a unique digital certificate for digital signature, and the digital certificate includes a public key corresponding to the private key used for the first target data signature.
  • the corresponding digital certificate can be obtained from the network.
  • the path can be stored separately and stored as a property information of the digital certificate in the digital certificate.
  • the path may be based on a user's need to access the address based on different protocols, and may be preferably a URL address based on a hypertext transfer protocol, such as: http://aia.wotrus.com/ts/77167C0042400E66C9937539CC2CV806.cer, which facilitates all networked numbers.
  • Signature service applications can obtain digital certificates, making digital certificate acquisition widely applicable.
  • the digital signature When the digital signature is generated, the first target data that needs to be digitally signed and the path of the digital certificate corresponding to the first target data are acquired.
  • a device performs digital signature generation for data of a specific user, when a path of a unique digital certificate is pre-stored, the path of the digital certificate corresponding to the first target data can be directly obtained. Since the same device may perform data signature for multiple first target data, if different users use the same computer to sign their files, different first target data may require different digital certificates for signature, and the device may be pre-stored correspondingly.
  • a path with multiple digital certificates so when the path of the first target data and the digital certificate is not uniquely determined and cannot be directly obtained, after obtaining the first target data, the path of obtaining the corresponding digital certificate may be selected according to the first target data. It is convenient for the device to digitally sign different first target data.
  • the path of the digital certificate can be obtained by parsing the attribute information of the digital certificate by obtaining the digital certificate, and obtaining the path of the digital certificate. After the digital certificate is obtained according to the path, the path of the digital certificate is locally saved to the attribute information of the digital certificate, which facilitates the differentiation and subsequent application of the digital certificate.
  • Step S20 calculating first summary information of the first target data
  • the first summary information (such as a picture, a file, a message, and the like) that needs a digital signature is calculated by using a message digest algorithm, such as an MD5 or a SHA algorithm, and the obtained first summary information is specifically represented by a DER code.
  • the first summary information represents a main content of the first target data.
  • Step S30 Generate a message digest according to the first summary information and the path of the digital certificate.
  • the DER encoding result is generated based on the summary of the first target data and the path of the digital certificate. Specifically, in addition to the summary of the first target data and the path of the digital certificate, the DER encoding result may be generated by combining attribute information related to the first target data, such as a signature time.
  • the DER encoding result containing the digital certificate path is calculated by the hash algorithm to obtain a digitally signed message digest.
  • the message digest is a one-way hash function algorithm that calculates an output of a fixed bit by inputting an input message of an arbitrary length, and is used to check whether the first target data is correct and complete.
  • Step S40 digitally sign the message digest by a private key corresponding to the public key in the digital certificate.
  • the packet digest containing the digital certificate path is generated, the packet digest is signed with the private key corresponding to the public key of the digital certificate in the added path to ensure the credibility of the path.
  • the short key amount ECC or SM2 encryption algorithm is included in the packet digest containing the digital certificate path.
  • a digital signature generating method is configured to generate a message digest according to the first digest information of the first target data and the path of the digital certificate, so that the digital signature can be parsed by the digital signature in the verification.
  • the path of the certificate is obtained by remotely obtaining the digital certificate, so that the digital signature can be reduced without the need to directly add the digital certificate, thereby speeding up the digital signature verification and transmission, and reducing the space and consumption of the digital signature application. Electricity.
  • the step of generating the message digest first summary information according to the first summary information and the path of the digital certificate includes:
  • Step S31 generating a summary attribute according to the first summary information, and generating a path attribute according to the path of the digital certificate;
  • Step S32 constructing a signature attribute set according to the summary attribute and the path attribute;
  • Step S33 generating the message digest according to the signature attribute set.
  • the digitally signed message digest can be directly calculated by the first digest information.
  • the digital signature attribute information such as the path of the digital certificate and the signature time is required to generate the digital signature
  • the signature attribute may be constructed first.
  • the set of the signature attribute is a set of attribute values of the digital signature, such as the path, time, type, content, and the like, which may be a preset parameter in the system, or may be a parameter set for the acquired user.
  • the calculated first summary information can be used as the summary attribute in the signature attribute set, and the path of the digital certificate to be added can be generated by the path extension attribute, and the digital signature can also be obtained according to the actual use requirement.
  • the other attribute information generates related attributes of the first target data, and all attributes of the summary attribute, the path extension attribute and the related attribute of the first target data are integrated into the signature attribute set in the form of DER encoding, and the message is generated according to the signature attribute set.
  • the digital signature of the message digest can be used to add the path of the digital certificate used to verify the digital signature to the digital signature.
  • the data structure of the signature attribute set includes key attribute values such as contentType and messageDigest, and other non-critical extended attributes that need to be added.
  • each attribute value has its own defined ASN data.
  • the messageDigest value is a generated extended field calculated according to a related data structure defined by the standard and the first target data
  • the contentType is an extended field (such as time) generated according to a related data structure defined by the standard and information related to the first target data type.
  • Pokes, Microsoft code, etc.; non-critical extended attributes can be added according to actual needs, specific path attributes as non-critical extended attributes can be preferred as AIA extended attributes.
  • AIA is extended to China's communications industry standards, a non-critical extension of the certificate extension, used to develop methods to obtain other CA information.
  • the step of generating a path extension attribute according to the path of the digital certificate may be specifically: a path of the digital certificate (eg, http://aia.wotrus.com/ts/77167C0042400E66C9937539CC2CV806.cer)
  • An AIA extension field containing a digital certificate path is generated in the ASN.1 structure added to the AIA extension defined by the communications industry standard, such as:
  • the AIA extension field After generating the AIA extension field containing the digital certificate path, the AIA extension field is added to the ASN data structure of the first summary information of the signature attribute set.
  • the method before the step of acquiring the path of the first target data and the corresponding digital certificate, the method further includes:
  • Step S01 acquiring the digital certificate and generating a path of the digital certificate
  • Step S02 storing the digital certificate into a path of the digital certificate.
  • the digital certificate for digital signature of the first target data may be acquired first and a path of the digital certificate is generated, and the digital certificate is saved in the corresponding path.
  • the digital certificate can be uploaded to the server, and the server generates a path for accessing the digital certificate, and saves the digital certificate to the generated path.
  • the path can be various according to the actual situation, just ensure that one path corresponds to one certificate.
  • the step of generating a path of the digital certificate includes
  • Step S001 extracting identification information of the digital certificate
  • Step S002 Generate a path of the digital certificate according to the identifier information.
  • the digital certificate After obtaining the digital certificate, the digital certificate can be parsed to obtain the identification information, and the identification information is characteristic information that distinguishes the digital certificate from other digital certificates, such as the number of the certificate.
  • the identification information is added to the path, which can be used as an identifier of the digital certificate. For example, "77167C0042400E66C9937539CC2CV806" in the path http://aia.wotrus.com/ts/77167C0042400E66C9937539CC2CV806.cer is the number of the digital certificate.
  • the embodiment of the present invention further provides a digital signature verification method based on the digital signature generated by the digital signature generation method in the above embodiment.
  • the digital signature verification method includes the following steps:
  • Step S100 acquiring the digital signature
  • Step S200 parsing a path of the digital certificate in the digital signature
  • Step S300 obtaining a corresponding digital certificate according to the path of the digital certificate
  • Step S400 verifying the digital signature by using the digital certificate.
  • the file is digitally signed and extracted, the message digest in the digital signature is extracted, and the message digest is parsed to obtain various signature attributes in the signature attribute set, in the signature attribute set.
  • the path to the digital certificate is identified in the data structure, such as: http://aia.wotrus.com/ts/77167C0042400E66C9937539CC2CV806.cer.
  • the digital signature is verified by using the public key in the digital certificate. If the signature value in the digital certificate is consistent with the signature value in the signature attribute set data structure in the digital signature, the verification is passed, and if not, the verification is performed. Fail.
  • the step of parsing the path of the digital certificate in the digital signature includes:
  • Step S210 parsing a signature attribute set of the digital signature
  • Step S220 parsing a feature field of a path of the digital certificate in a data structure of the signature attribute set
  • Step S230 extracting a path of the digital certificate from the feature field.
  • the digital certificate path is obtained by parsing the digitally signed message digest to obtain the ASN data structure of the signature attribute set, and identifying the characteristic field of the path of the digital certificate according to the preset protocol from the data structure, and the preset protocol is the digital signature generator.
  • the communication protocol agreed with the digital signature verifier, when both parties follow the communication industry protocol, the feature field may preferably be an AIA extension field. Identify the feature field and extract the path to the digital certificate in it.
  • the digital signature verification method further includes:
  • Step S500 after the digital signature verification is passed, the digital certificate is saved at the local server.
  • the obtained digital certificate can be saved on the local server, and the file name of the digital certificate can be directly named by the path of the digital certificate;
  • the identification information of the digital certificate can also be named according to the path analysis; the attribute information of the obtained digital certificate can also be parsed, and the attribute information of the digital certificate different from other certificates is used as the saved file name, which is convenient for the same device memory. Used to distinguish when there are multiple digital certificates. Further, since the same device may use the same digital certificate multiple times, when saving the digital certificate, it may first determine whether the digital certificate already exists in the local server, and specifically, the identifier information of the certificate may be used to find the file name. If it exists, it does not need to save the current digital certificate. If it does not exist, save the current digital certificate.
  • a digital signature verification method is provided.
  • the corresponding digital certificate is obtained according to the path of the digital certificate parsed in the internship signature, and the obtained digital certificate is used to verify the number.
  • the digital signature of the digital signature obtained by the signature verification device is small, speeding up the verification of the digital signature, reducing the space occupied by the digital signature on the device and the power consumption during verification.
  • the digital signature and the first target data together constitute a security file.
  • the secure file is transferred, if the data in the security file is modified, the first target data when the security file is generated and the second target data at the time of verification are inconsistent. Therefore, in order to ensure the integrity of the data, when the security file is verified, the verification of the digital signature is associated with the verification of the second target data. Therefore, referring to FIG. 9, the corresponding number is obtained according to the path of the digital certificate. Before the steps of the certificate, it also includes:
  • Step S600 acquiring second target data associated with the digital signature
  • the second target data is extracted from the file using the digital signature, the second target data being data signed in the secure file using the digital signature described above, and the second target data being associated with the digital signature. It should be noted that, in actual implementation, there is no clear sequence of steps S600 and S100, which can be performed simultaneously.
  • Step S700 calculating second summary information of the second target data, parsing and extracting first summary information in the signature attribute set;
  • the second target data is calculated by using the same algorithm as the first summary information when the digital signature is generated, to obtain the second summary information, and after the signature attribute set in the digital signature is parsed, the signature attribute set is parsed and the number is extracted.
  • the first summary information obtained when the signature is generated. It should be noted that the parsing of the first digest and the parsing of the feature fields of the path of the digital certificate have no clear precedence.
  • Step S800 determining whether the second summary information and the first summary information are consistent; if yes, executing step S400, and if not, executing step S900;
  • step S900 the result of the verification failure is output.
  • the digital signature can be further verified by using the digital certificate obtained by the path of the digital certificate by using the method mentioned in the above embodiment.
  • the first summary information and the second summary information are inconsistent, the second target can be considered.
  • the data is inconsistent with the first target data for generating the digital signature, and the second target data is the falsified data, and the result of the verification failure may be directly outputted in the digital signature verification device, and the digital signature verification is not required.
  • the step of obtaining the corresponding digital certificate according to the path of the digital certificate is performed before or after the verification of the second summary information, and there is no clear prioritization.
  • the integrity of the target data acquired by the digital signature verification device when the target data is signed by the digital signature can be guaranteed.
  • the step of acquiring the corresponding digital certificate according to the path of the digital certificate includes:
  • Step S310 determining, according to the path of the digital certificate, whether the local server has the digital certificate
  • step S320 is performed, and if not, step S330 is performed.
  • Step S320 obtaining the digital certificate from the local server
  • Step S330 obtaining the digital certificate from a remote server according to the path of the digital certificate.
  • the digital certificate When obtaining the digital certificate, first determine whether there is a digital certificate corresponding to the path of the digital certificate in the local server, such as using the path of the digital certificate or the identification information in the path for searching, and when present, directly from the local server Obtain the certificate for the verification of the digital signature. If it does not exist, obtain the digital certificate from the remote server according to the path of the digital certificate.
  • the step of determining, according to the path of the digital certificate, whether the local server exists the digital certificate comprises:
  • Step S311 parsing identification information of the digital certificate in the path of the digital certificate
  • Step S312 Find, according to the identifier information, whether the digital certificate exists in the local server.
  • the path of the digital certificate After obtaining the path of the digital certificate, the path of the digital certificate is parsed, and the identification information of the digital certificate in the path is obtained. According to the identification information, it is found whether there is a file matching the identification information in the local server, and the matched file is obtained. Digital certificate.
  • the feature information for distinguishing the digital certificate and the feature information for determining whether the corresponding digital certificate exists in the local server after the path of obtaining the digital certificate are corresponding.
  • portions of the technical solution of the present invention that contribute substantially or to the prior art may be embodied in the form of a software product stored in a storage medium (such as a ROM/RAM as described above). , a disk, an optical disk, including a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
  • a terminal device which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention porte sur un procédé de génération de signature numérique ainsi que sur un dispositif associé, sur un procédé de vérification de signature numérique ainsi que sur un dispositif associé, et sur un support d'informations lisible par ordinateur. Le procédé de génération de signature numérique comprend les étapes consistant : à obtenir des premières données cibles et un trajet d'un certificat numérique correspondant aux premières données cibles (S10) ; à calculer des premières informations abstraites des premières données cibles (S20) ; à générer un paquet de données abstraites en fonction des premières informations abstraites et du trajet du certificat numérique (S30) ; et à signer une signature numérique sur le paquet de données abstraites au moyen d'une clé privée correspondant à une clé publique dans le certificat numérique (S40). Lorsqu'une signature numérique est vérifiée, la signature numérique peut être vérifiée après que le certificat numérique a été obtenu au moyen d'un trajet ajouté, il n'est pas nécessaire d'ajouter directement le certificat numérique dans la signature numérique, et la quantité de données de signature numérique est réduite ; et, par conséquent, la vitesse de vérification et la vitesse de transmission des signatures numériques sont accrues et l'espace occupé ainsi que la consommation d'énergie, lorsque la signature numérique est appliquée, sont réduits.
PCT/CN2017/120026 2017-11-21 2017-12-29 Procédé de génération de signature numérique et dispositif associé, procédé de vérification et dispositif associé, et support d'informations Ceased WO2019100531A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711178114.5A CN107911222B (zh) 2017-11-21 2017-11-21 数字签名生成、验证方法及其设备和存储介质
CN201711178114.5 2017-11-21

Publications (1)

Publication Number Publication Date
WO2019100531A1 true WO2019100531A1 (fr) 2019-05-31

Family

ID=61847180

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/120026 Ceased WO2019100531A1 (fr) 2017-11-21 2017-12-29 Procédé de génération de signature numérique et dispositif associé, procédé de vérification et dispositif associé, et support d'informations

Country Status (2)

Country Link
CN (1) CN107911222B (fr)
WO (1) WO2019100531A1 (fr)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108683507B (zh) * 2018-05-03 2021-06-29 湖南东方华龙信息科技有限公司 通过可追溯链表验证云端证书完整性的方法
CN108846650A (zh) * 2018-05-24 2018-11-20 北京比特大陆科技有限公司 一种实现交易信息验证的方法和装置
CN108764921A (zh) * 2018-05-24 2018-11-06 北京比特大陆科技有限公司 一种实现交易信息验证的方法和装置
CN108764867A (zh) * 2018-05-24 2018-11-06 北京比特大陆科技有限公司 一种实现交易信息验证的方法和装置
CN108764869A (zh) * 2018-05-28 2018-11-06 北京比特大陆科技有限公司 一种实现交易信息加密的方法和装置
CN110825918B (zh) * 2018-07-23 2023-01-13 中国移动通信有限公司研究院 一种数字证书的获取方法、存储方法及装置
CN109889325B (zh) * 2019-01-21 2023-06-02 Oppo广东移动通信有限公司 校验方法、装置、电子设备及介质
CN110009342B (zh) * 2019-02-22 2023-07-07 创新先进技术有限公司 数据发送、接收方法、装置及电子设备
CN110753257A (zh) * 2019-10-14 2020-02-04 深圳创维-Rgb电子有限公司 数据显示方法、显示终端、服务器、显示系统和存储介质
CN114282506A (zh) * 2021-12-14 2022-04-05 苏州众言网络科技股份有限公司 证书生成方法、系统、电子设备及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070277037A1 (en) * 2001-09-06 2007-11-29 Randy Langer Software component authentication via encrypted embedded self-signatures
CN104410635A (zh) * 2014-11-27 2015-03-11 中国科学院计算机网络信息中心 一种基于dane的ndn安全认证方法
CN106685641A (zh) * 2016-12-23 2017-05-17 光锐恒宇(北京)科技有限公司 安装包签名方法及装置
CN106789091A (zh) * 2017-02-24 2017-05-31 中金金融认证中心有限公司 一种Open XML文档数字签名和验签的实现方法及装置

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100755683B1 (ko) * 2003-05-07 2007-09-05 삼성전자주식회사 컨텐츠 제공자 인증 및 컨텐츠 무결성 보장 방법
JP4424422B2 (ja) * 2008-01-18 2010-03-03 富士ゼロックス株式会社 情報処理装置、情報処理システム、プログラム
CN104683306A (zh) * 2013-12-03 2015-06-03 中国人民公安大学 一种安全可控的互联网实名认证机制
CN104901931B (zh) * 2014-03-05 2018-10-12 财团法人工业技术研究院 证书管理方法与装置
CN106888094B (zh) * 2017-02-16 2019-06-14 中国移动通信集团公司 一种签名方法及服务器

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070277037A1 (en) * 2001-09-06 2007-11-29 Randy Langer Software component authentication via encrypted embedded self-signatures
CN104410635A (zh) * 2014-11-27 2015-03-11 中国科学院计算机网络信息中心 一种基于dane的ndn安全认证方法
CN106685641A (zh) * 2016-12-23 2017-05-17 光锐恒宇(北京)科技有限公司 安装包签名方法及装置
CN106789091A (zh) * 2017-02-24 2017-05-31 中金金融认证中心有限公司 一种Open XML文档数字签名和验签的实现方法及装置

Also Published As

Publication number Publication date
CN107911222A (zh) 2018-04-13
CN107911222B (zh) 2020-08-28

Similar Documents

Publication Publication Date Title
WO2019100531A1 (fr) Procédé de génération de signature numérique et dispositif associé, procédé de vérification et dispositif associé, et support d'informations
WO2018120429A1 (fr) Procédé de mise à jour de ressources, terminal, support de stockage lisible par ordinateur et dispositif de mise à jour de ressources
WO2019001110A1 (fr) Procédé, système et dispositif d'authentification d'autorité, et support d'informations lisible par ordinateur
WO2019196213A1 (fr) Procédé, appareil et dispositif de test d'interface, et support d'informations lisible par ordinateur
WO2019231252A1 (fr) Dispositif électronique utilisé pour authentifier un utilisateur, et procédé de commande associé
WO2019205280A1 (fr) Procédé, appareil, et dispositif d'essai de serveur, et support de stockage lisible par ordinateur
WO2015172684A1 (fr) Procédé de connexion à un ap, terminal et serveur
WO2016108468A1 (fr) Terminal utilisateur, appareil de fourniture de services, procédé de commande de terminal utilisateur, procédé de commande d'appareil de fourniture de services, et système de recherche à base d'indexation de chiffrement
WO2019019374A1 (fr) Procédé, appareil et système permettant de commander un appareil électroménager à l'aide d'un dispositif vocal intelligent
WO2015139594A1 (fr) Procédé, appareil et système de vérification de sécurité
WO2019192085A1 (fr) Procédé, appareil et dispositif pour une communication à connexion directe entre une banque et une entreprise, et support de stockage lisible par ordinateur
WO2017054592A1 (fr) Terminal et procédé d'affichage d'interface
WO2021177695A1 (fr) Dispositif électronique pour fournir des informations de transaction et procédé de fonctionnement associé
WO2018120457A1 (fr) Procédé de traitement de données, appareil, dispositif et support de stockage lisible par ordinateur
WO2019037396A1 (fr) Procédé, dispositif et équipement de suppression de compte et support d'informations
WO2018233367A1 (fr) Procédé et appareil d'enregistrement de cas, terminal et support de stockage lisible par ordinateur
WO2018082482A1 (fr) Procédé de partage de réseau et procédé et système d'accès à un réseau
WO2017054481A1 (fr) Procédé et appareil de vérification et de traitement d'informations, et système de traitement d'informations
WO2018058919A1 (fr) Procédé, appareil, dispositif de génération d'informations d'identification, et support de stockage lisible par ordinateur
WO2011079753A1 (fr) Procédé d'authentification, système commercial d'authentification et appareil d'authentification
WO2019104876A1 (fr) Procédé et système de poussée de produit d'assurance, terminal, terminal client et support d'informations
WO2019041851A1 (fr) Procédé de conseil après-vente d'appareil ménager, dispositif électronique et support de stockage lisible par ordinateur
WO2018227887A1 (fr) Procédé de distribution de publicité vidéo, procédé de génération de publicité vidéo, dispositif, serveur et support d'informations lisible
WO2019114262A1 (fr) Procédé de chargement d'interface utilisateur, téléviseur intelligent, et support de stockage lisible par ordinateur
WO2019024336A1 (fr) Procédé et dispositif d'interrogation de données, et support de stockage lisible par ordinateur

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17932593

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17932593

Country of ref document: EP

Kind code of ref document: A1