CN115496492A - UKey-based digital signature method - Google Patents
UKey-based digital signature method Download PDFInfo
- Publication number
- CN115496492A CN115496492A CN202211109770.0A CN202211109770A CN115496492A CN 115496492 A CN115496492 A CN 115496492A CN 202211109770 A CN202211109770 A CN 202211109770A CN 115496492 A CN115496492 A CN 115496492A
- Authority
- CN
- China
- Prior art keywords
- ukey
- user
- transaction
- digital signature
- cfca
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000012795 verification Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- RWSOTUBLDIXVET-UHFFFAOYSA-N Dihydrogen sulfide Chemical compound S RWSOTUBLDIXVET-UHFFFAOYSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Accounting & Taxation (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a digital signature method based on UKey. The method comprises the following steps: before a system carries out transaction operation, binding a user of the system and a UKey used by the user; when the user carries out transaction operation through a UKey, firstly checking whether the user and the UKey used by the user are in a binding relationship, if so, checking to pass and allowing the user to carry out transaction operation, and if not, checking to fail and not allowing the user to carry out transaction operation; and analyzing a digital certificate in the UKey used by the user through the CFCA control at the front end of the system, and carrying out digital signature on the transaction operation of the user according to the digital certificate. The technical scheme of the invention realizes that not only can the real intention of the transaction operation of the user be verified, but also the digital signature can be carried out according to the real intention of the transaction.
Description
Technical Field
The invention relates to the technical field of digital signatures, in particular to a UKey-based digital signature method.
Background
When the enterprise-level system performs transaction operation, the occurrence of transaction operation people who deny the transaction operation is often encountered, and the system does not leave evidence of the client transaction, so that legal disputes frequently occur. To ensure the security of enterprise-level system transactions, it is generally necessary to refer to a CA authentication tool to verify the true willingness of a customer to transact. The current enterprise-level CA authentication method comprises the following steps: the CA method can be only used as a certificate of a client's true intention, but cannot be used for digital signature, and has no evidence chain trace. Therefore, a technical scheme capable of ensuring the embodiment of the real desire of the transaction of the client and generating a transaction digital signature is urgently needed.
Disclosure of Invention
The invention provides a UKey-based digital signature method, which can verify the real intention of user transaction operation and carry out digital signature aiming at the real intention of the transaction.
An embodiment of the present invention provides a digital signature method based on a UKey, including the following steps:
before a system carries out transaction operation, binding a user of the system and a UKey used by the user;
when the user carries out transaction operation through a UKey, firstly checking whether the user and the UKey used by the user are in a binding relationship, if so, checking to pass and allowing the user to carry out transaction operation, and if not, checking to fail and not allowing the user to carry out transaction operation;
and analyzing a digital certificate in the UKey used by the user through the CFCA control at the front end of the system, and carrying out digital signature on the transaction operation of the user according to the digital certificate.
Further, the binding of the user of the system and the UKey used by the user specifically includes:
and implanting the digital certificate into the UKey of the user through the CFCA control, and storing the binding relationship between the user and the UKey into a CFCA database.
Further, the binding relationship includes a name of the enterprise of the user, an enterprise social credit code, a serial number of the UKey, and a CN code of the UKey.
Further, whether the user and the UKey used by the user are in a binding relationship or not is verified through a real name authentication interface of the CFCA control.
Further, the checking whether the user and the UKey used by the user are in a binding relationship includes the following steps:
acquiring the name and the social credit code of the enterprise of the user, and the serial number and the CN code of the UKey used by the user;
and inquiring the CFCA database according to the acquired enterprise social credit code, the serial number of the UKey and the CN code of the UKey, if a corresponding inquiry result exists, the verification is passed, and if a corresponding inquiry result does not exist, the verification is not passed.
Further, the step of digitally signing the current transaction operation of the user includes the following steps:
splicing the transaction data of the user at this time into plaintext information in a message mode, and digitally signing the plaintext information according to the digital certificate to generate an electronic signature string;
and binding the electronic signature string and the transaction data and then storing the bound electronic signature string and the transaction data into a transaction authentication table of the CFCA database.
Further, the transaction data includes a party involved in the transaction, a transaction time, a transaction scenario, and an authentication method.
Further, after the electronic signature string is generated, the transaction evidence chain information is stored in the CFCA database.
Further, the digital certificate digitally signs the plaintext information by using a sha256 algorithm and generates an electronic signature string.
The embodiment of the invention has the following beneficial effects:
the invention provides a digital signature method based on UKey, which uses UKey as CA tool, before transaction of user, binds UKey for user, and stores the binding relation between user and UKey into CFCA database (i.e. storing a binding record between user and UKey in CFCA database). When a user carries out transaction, a network real-name authentication interface of CFCA is utilized to verify whether the UKey is bound with the user, namely, in a transaction scene, only the UKey inserted in the transaction needs to be judged, whether the UKey is bound with a login user successfully or not, the UKey which is not bound successfully is directly subjected to transaction authentication interception, and the transaction message is digitally signed through a front-end CFCA control aiming at the real intention of the user during transaction. Therefore, the invention realizes that the real intention of the transaction operation of the user can be verified by checking the binding relationship between the user and the UKey during the transaction by establishing the binding relationship between the user and the UKey in advance, and then the digital certificate in the UKey used by the user is analyzed by the CFCA control to realize the digital signature aiming at the real intention of the transaction. The invention can verify the real willingness of the user to trade and can also digitally sign, thereby ensuring the safety of the trade, being traceable from the perspective of legal events and avoiding legal disputes and right maintenance cost. Meanwhile, the UKey tool is convenient for enterprise users to obtain, and the application cost of the technical scheme is reduced.
Drawings
Fig. 1 is a schematic flow chart of a digital signature method based on a UKey according to an embodiment of the present invention.
Detailed Description
The technical solutions in the present invention will be described clearly and completely with reference to the drawings in the present invention, and it should be apparent that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
As shown in fig. 1, a digital signature method based on a UKey according to an embodiment of the present invention includes the following steps:
step S101: before a system carries out transaction operation, the users of the system and UKey used by the users are bound.
As one embodiment, the binding the user of the system and the UKey used by the user specifically includes:
and implanting the digital certificate into the UKey of the user through the CFCA control, and storing the binding relationship between the user and the UKey into a CFCA database.
The binding relationship comprises the name of the user's enterprise, an enterprise social credit code, a UKey serial number, and a UKey CN code.
Step S102: when the user carries out transaction operation through the UKey, whether the user and the UKey used by the user are in a binding relationship is checked, if yes, the user is passed through the checking and allowed to carry out transaction operation, and if not, the user is not passed through the checking and not allowed to carry out transaction operation.
As one embodiment, whether the user and the UKey used by the user are in a binding relationship is checked through a real name authentication interface of the CFCA control.
The checking whether the user and the UKey used by the user are in a binding relationship comprises the following steps:
acquiring the name and the social credit code of the enterprise of the user, and the serial number of the UKey and the CN code of the UKey used by the user;
and inquiring the CFCA database according to the acquired enterprise social credit code, the serial number of the UKey and the CN code of the UKey, if a corresponding inquiry result exists, the verification is passed, and if a corresponding inquiry result does not exist, the verification is not passed.
Step S103: and analyzing a digital certificate in the UKey used by the user through the CFCA control at the front end of the system, and carrying out digital signature on the transaction operation of the user according to the digital certificate.
As an embodiment, the digitally signing the transaction operation of the user at this time includes the following steps:
splicing the current transaction data of the user into plaintext information in a message mode, and digitally signing the plaintext information according to the digital certificate to generate an electronic signature string; the digital certificate digitally signs the plaintext information by adopting a sha256 algorithm and generates an electronic signature string.
And binding the electronic signature string and the transaction data and then storing the bound electronic signature string and the transaction data into a transaction authentication table of the CFCA database. The transaction data comprises the participants of the transaction, the transaction time, the transaction scene and the authentication mode.
As an embodiment, after the electronic signature string is generated, the transaction evidence chain information is stored in the CFCA database. The evidence chain information of the transaction refers to plaintext information of transaction operation, and specifically includes enterprise, user, time, specific product, service scene, used authentication mode and authentication result corresponding to the transaction operation.
In order to provide a CA method which can verify the real intention of a client transaction operation and digitally sign the intention of the client transaction, a novel reference UKey is created by my company to solve the problem.
The UKey is used as a CA tool, before a user conducts transaction, the UKey is bound for the user, and the binding relation between the user and the UKey is stored in a CFCA database (namely, a binding record of the user and the UKey is stored in the CFCA database). When a user carries out transaction, a network real-name authentication interface of CFCA is utilized to verify whether the UKey is bound with the user, namely, in a transaction scene, only the UKey inserted in the transaction needs to be judged, whether the UKey is bound with a login user successfully or not, the UKey which is not bound successfully is directly subjected to transaction authentication interception, and the transaction message is digitally signed through a front-end CFCA control aiming at the real intention of the user during transaction. Therefore, the invention realizes that the real intention of the transaction operation of the user can be verified by checking the binding relationship between the user and the UKey during the transaction by establishing the binding relationship between the user and the UKey in advance, and then the digital certificate in the UKey used by the user is analyzed by the CFCA control to realize the digital signature aiming at the real intention of the transaction. The invention can verify the real willingness of the user to trade and can also digitally sign, thereby ensuring the safety of the trade, being traceable from the perspective of legal events and avoiding legal disputes and right maintenance cost. Meanwhile, the UKey tool is convenient for enterprise users to obtain, and the application cost of the technical scheme is reduced.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.
It will be understood by those skilled in the art that all or part of the processes of the above embodiments may be implemented by hardware related to instructions of a computer program, and the computer program may be stored in a computer readable storage medium, and when executed, may include the processes of the above embodiments. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
Claims (9)
1. A UKey-based digital signature method is characterized by comprising the following steps:
before a system carries out transaction operation, binding a user of the system and a UKey used by the user;
when the user carries out transaction operation through a UKey, firstly checking whether the user and the UKey used by the user are in a binding relationship, if so, checking to pass and allowing the user to carry out transaction operation, and if not, checking to fail and not allowing the user to carry out transaction operation;
and analyzing a digital certificate in the UKey used by the user through the CFCA control at the front end of the system, and carrying out digital signature on the transaction operation of the user according to the digital certificate.
2. The UKey-based digital signature method according to claim 1, wherein the binding of the user of the system and the UKey used by the user is specifically:
and implanting the digital certificate into the UKey of the user through the CFCA control, and storing the binding relationship between the user and the UKey into a CFCA database.
3. The UKey-based digital signature method of claim 2, wherein the binding relationship comprises the name of the user's business, a business social credit code, a UKey serial number, and a UKey CN code.
4. The UKey-based digital signature method according to claim 3, wherein the real-name authentication interface of the CFCA control is used to verify whether the user and the UKey used by the user are in a binding relationship.
5. The UKey-based digital signature method according to claim 4, wherein the checking whether the user and the UKey used by the user are in a binding relationship comprises the following steps:
acquiring the name and the social credit code of the enterprise of the user, and the serial number of the UKey and the CN code of the UKey used by the user;
and inquiring the CFCA database according to the acquired enterprise social credit code, the serial number of UKey and the CN code of UKey, if corresponding inquiry results exist, the verification is passed, and if corresponding inquiry results do not exist, the verification is not passed.
6. A UKey-based digital signature method as defined in claim 5 in which the digital signature of the transaction operation of the user includes the following steps:
splicing the current transaction data of the user into plaintext information in a message mode, and digitally signing the plaintext information according to the digital certificate to generate an electronic signature string;
and binding the electronic signature string and the transaction data and then storing the bound electronic signature string and the transaction data into a transaction authentication table of the CFCA database.
7. The UKey-based digital signature method of claim 6, wherein the transaction data includes parties to a transaction, transaction time, transaction scenario and authentication method.
8. The UKey-based digital signature method according to claim 7, wherein after the electronic signature string is generated, transaction evidence chain information is saved in the CFCA database.
9. The UKey-based digital signature method of any one of claims 1 to 8, wherein the digital certificate digitally signs the plaintext information using the sha256 algorithm and generates an electronic signature string.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211109770.0A CN115496492A (en) | 2022-09-13 | 2022-09-13 | UKey-based digital signature method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211109770.0A CN115496492A (en) | 2022-09-13 | 2022-09-13 | UKey-based digital signature method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115496492A true CN115496492A (en) | 2022-12-20 |
Family
ID=84468019
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211109770.0A Pending CN115496492A (en) | 2022-09-13 | 2022-09-13 | UKey-based digital signature method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115496492A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1556449A (en) * | 2004-01-08 | 2004-12-22 | 中国工商银行 | Device and method for proceeding encryption and identification of network bank data |
| US20090198618A1 (en) * | 2008-01-15 | 2009-08-06 | Yuen Wah Eva Chan | Device and method for loading managing and using smartcard authentication token and digital certificates in e-commerce |
| CN112905979A (en) * | 2021-02-16 | 2021-06-04 | 中企云链(北京)金融信息服务有限公司 | Electronic signature authorization method and device, storage medium and electronic device |
-
2022
- 2022-09-13 CN CN202211109770.0A patent/CN115496492A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1556449A (en) * | 2004-01-08 | 2004-12-22 | 中国工商银行 | Device and method for proceeding encryption and identification of network bank data |
| US20090198618A1 (en) * | 2008-01-15 | 2009-08-06 | Yuen Wah Eva Chan | Device and method for loading managing and using smartcard authentication token and digital certificates in e-commerce |
| CN112905979A (en) * | 2021-02-16 | 2021-06-04 | 中企云链(北京)金融信息服务有限公司 | Electronic signature authorization method and device, storage medium and electronic device |
Non-Patent Citations (1)
| Title |
|---|
| 薛光辉: "《区块链与人工智能的应用于发展路径研究》", 31 October 2020, 吉林科学技术出版社, pages: 121 - 4 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110633963B (en) | Electronic bill processing method, electronic bill processing device, computer readable storage medium and computer readable storage device | |
| US9864983B2 (en) | Payment method, payment server performing the same and payment system performing the same | |
| KR101952498B1 (en) | Loan service providing method using black chain and system performing the same | |
| CN109547206B (en) | Digital certificate processing method and related device | |
| US9697519B2 (en) | Multi-layer transaction tracking and encryption | |
| CN106850693B (en) | Real-name authentication method and real-name authentication system | |
| US20120172067A1 (en) | System and method for verifying a sender of an sms text message | |
| CN107256479B (en) | Transaction mode classification execution method and device | |
| CN113592625A (en) | Credit report generation method and device and electronic equipment | |
| US20080162355A1 (en) | System and method for helping and verifying a signer to sign electronic orders | |
| CN106934621A (en) | The examination & approval safety certifying method and system of payment funding | |
| CN110889146B (en) | Electronic signature method, device and storage medium | |
| CN110955906A (en) | Method and system for managing personal data authorization | |
| US20150206143A1 (en) | Line item processing in a multi-layer transaction tracking system | |
| CN113221090A (en) | Financial system digital certificate management method, device and system based on block chain | |
| US20060021011A1 (en) | Identity access management system | |
| CN115496492A (en) | UKey-based digital signature method | |
| US9607300B2 (en) | Multi-layer transaction tracking | |
| CN112270416B (en) | After-sales service information processing method and system | |
| CN109327445A (en) | Administrator's identity authentication method, device, server and storage medium | |
| JP2024008654A (en) | Program, information processing device, and information processing method | |
| CN114549011A (en) | Method and device for binding bank card | |
| CN107483210B (en) | Data verification method and system | |
| CN111445336A (en) | Data processing method and data processing system | |
| CN117395664B (en) | Method, system, device, electronic device and storage medium for establishing association relationship |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221220 |
|
| RJ01 | Rejection of invention patent application after publication |