CN104618120B - A kind of mobile terminal key escrow digital signature method - Google Patents

A kind of mobile terminal key escrow digital signature method Download PDF

Info

Publication number
CN104618120B
CN104618120B CN201510096370.4A CN201510096370A CN104618120B CN 104618120 B CN104618120 B CN 104618120B CN 201510096370 A CN201510096370 A CN 201510096370A CN 104618120 B CN104618120 B CN 104618120B
Authority
CN
China
Prior art keywords
user
signature
server
kmc
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510096370.4A
Other languages
Chinese (zh)
Other versions
CN104618120A (en
Inventor
张卫海
赵军
李传松
孙文浩
赵长江
刘培顺
戴洪尚
任传祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
QINGDAO WEIZHIHUI INFORMATION Co Ltd
Original Assignee
QINGDAO WEIZHIHUI INFORMATION Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by QINGDAO WEIZHIHUI INFORMATION Co Ltd filed Critical QINGDAO WEIZHIHUI INFORMATION Co Ltd
Priority to CN201510096370.4A priority Critical patent/CN104618120B/en
Publication of CN104618120A publication Critical patent/CN104618120A/en
Application granted granted Critical
Publication of CN104618120B publication Critical patent/CN104618120B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

A kind of mobile terminal key escrow digital signature method.Mobile terminal, which carries out E-Government application, to be needed to provide digital signature service, but current mobile terminal lacks the safety condition for providing storage digital signature private key, private key is stored in mobile terminal and is possible to be stolen by hacker, so digital signature directly can not be realized using mobile terminal.The present invention provides a kind of digital signature technology of mobile terminal, and the composition of the technology includes mobile terminal, signature server and KMC server password machines.Signature server is responsible for the signature private key of user, is stored in after all key encryptions of system in cipher machine, user encryption private key is grasped by user oneself, and cipher machine can only be communicated with signature server.When user's downloadable authentication, terminal applies are packaged together hash value during digital signature and subscriber identity information and form digital signature request message, pass through short message sending to signature server, rear calling cipher machine is passed through to user's requests verification, private key for user returns result to user after being digitally signed, complete digital signature procedure.

Description

A kind of mobile terminal key escrow digital signature method
Technical field
The present invention relates to information-based mobile office technical field, the skill of digital content security more particularly on mobile terminal Art.Provide the method that digital signature is realized in the application on a kind of mobile terminal.
Background technology
Intelligent mobile terminal is a kind of multifunctional equipment, not only with communication function, and the energy after application program is installed Enough carry out the business such as ecommerce, mobile office.Intelligent mobile terminal equipment has " small volume and less weight " as a kind of mobile device And the characteristics of " convenient and fast communication ", user are more by touch control operation equipment.The characteristics of small volume and less weight, make it that mobile device is general Do not go to perform substantial amounts of complex calculation, equipment Peripheral Interface is simple, interacts generally by wireless mode and other equipment. As intelligent mobile terminal more and more participates in every network application, the security attack for Mobile solution is more and more, is permitted More malicious applications can steal the private data that user is stored in terminal, attack the communication of terminal and server.
In office automatic, how to ensure that authenticity, integrality, reliability and the non repudiation of electronic government documents are to be System urgent problem to be solved.In order to solve the above problems, public key cryptography (the Public Key based on digital certificate are traditionally used Infrastructure, abbreviation PKI) system ensures the content safety of electronic document by digital signature technology.Using number Word needs to use private key when signing, and in order to ensure the safety of private key, is typically used as client using USB cipher keys (USB key) End device stores private key for user, and electronic document is digitally signed.
In actual applications, main frame is needed to possess USB interface using USB cipher keys, which prevent USB cipher keys to exist Extensive use on mobile terminal device.Although occurring the USB cipher keys with blue tooth interface or COBBAIF at present, But the said equipment still suffers from following shortcoming:Due to the opening of Bluetooth protocol, bluetooth USB cipher keys equipment and master can not be ensured The security of machine communication;USB cipher key equipment with COBBAIF, can not solve COBBAIF between different mobile terminal Compatibility issue.
The content of the invention
The present invention provides the method that the application on a kind of mobile terminal is digitally signed to electronic government documents, it is characterised in that User's signature private key escrow is ensured the safety of user's signature private key, number signature by signature server in signature server When the HASH values of signature contents are sent to signature server, signature server completes that signature is returned to use after digital signature Family, so as to realize digital signature.
The present invention is achieved through the following technical solutions:The present invention provides the numeral label on a kind of intelligent mobile terminal Name technology, it is characterised in that:The composition of the system includes mobile terminal, signature server and KMC server password machines.User, Signature server and KMC server password machines possess certificate and private key that authoritative institution issues, and signature server is responsible for using The signature private key at family, all keys of system are stored in KMC server password machines, and cipher machine can only be led to signature server Letter.User downloadable authentication and inquiry certificate status, customer mobile terminal software can provide man-machine interface from network, receive and use The information of family input, when terminal applies need to be digitally signed, the hash value of information to be signed and the identity information of user It is packaged together and forms digital signature request message, signature server, server pair is sent to by short message or network service User's request is verified, KMC server password machines are called after being verified, are digitally signed using private key for user, then Signature result is returned to user, completes digital signature procedure.
Utilize above-mentioned digital signature method, it is characterised in that:
(1) signature private key of user is stored encrypted in KMC server password machines, and only user grasps the key of encryption, Ensure that only user could use the private key being stored in cipher machine, cipher machine may insure that private key can not be exported, Suo Youyun Calculation is completed in cipher machine, so as to ensure the safety of private key for user.
(2) when user needs digital signature, the HASH values of document to be signed and the authentication information one of user are risen Signature server is sent to, without sending original document.
(3) signature server checking user's signature request message, the identity information of HASH values and user are transmitted by rear To KMC server password machines, digital signature is completed using user's signature private key in cipher machine, then signature information is returned To user terminal.
(4) signature server often completes a digital signature, to be recorded, is easy to by short message or mail notification user's signature User confirms afterwards.
Advantage and effect:
The present invention provides a kind of method that intelligent mobile terminal realizes digital signature, short using cryptographic technique, digital certificate Letter, which is combined, realizes a kind of secure digital signature, and private key for user trustship may insure the safety of private key in signature server.
The characteristics of this technology:
(1) trustship is in KMC server password machines after private key for user encryption, and only user knows encryption key, numeral label Name computing is carried out in server password machine, and server password machine ensures that private key can not be exported, and ensure that the safety of private key.
(2) when user asks digital signature, it is only necessary to send the hash value of document to be signed and the authentication letter of user Can is ceased, few to mobile terminal performance requirement, solution adaptability is good.
(3) user asks digital signature to be carried out by registered terminal, the privately owned attribute based on mobile terminal, profit Phone number with cryptographic technique user, mobile terminal IMEI number, short message verification code, password are bound, realized to movement The authentication of terminal applies, user will not only provide correct entry password, while device therefor must be noted in system What volume was crossed, even if this binding may insure user login code or device losses, it is stolen simultaneously so long as not the two, can Ensure the safety of user terminal.
Brief description of the drawings
Fig. 1 system architecture diagrams.
Fig. 2 user applies for certificate flow chart.
Fig. 3 mobile terminal register flow path figures.
Fig. 4 mobile terminal digital signature flow charts.
Embodiment
The present invention is described in further detail below in conjunction with the accompanying drawings:
1st, mobile terminal digital signature system Organization Chart:Whole system is by mobile terminal, digital signature according to described by Fig. 1 Server and KMC server password machines three parts are formed.
(1) mobile terminal possesses the function of network service or short message, can install APP, and user passes through mobile terminal Electronic government documents are received, electronic government documents are digitally signed.
(2) digital signature server is the webserver, and signature server possesses oneself private key and certificate, mobile terminal It can be communicated by network or short message with it, digital signature server major function is to verify the request of user, it is ensured that only There is legal user to submit digital signature request by mobile terminal, user's signature request is submitted to KMC server password machines.
(3) KMC server passwords machine is deployed in Intranet, and external user can not be accessed directly, and server password machine possesses certainly Oneself private key and certificate, server password machine major function is stores the signature private key of user, according to user request call user Private key is digitally signed, and private key for user is stored in after need to encrypting inside server password machine, and the key of encryption only has user certainly Oneself knows.
2nd, according to described by Fig. 2, user needs to apply for digital certificate, the flow and general PKI before using digital signature System certificate request is similar, and user is communicated by HTTPS agreements with CA servers, and user and CA all message are carried out Encipherment protection, CA need the identity of real name verification user, private key and public key are produced by rear for user, then to be user generated Word signing certificate, the encryption key Kp that the private key of user is submitted using user are encrypted, the user after encrypting in the present system Private key, KMC server password machines are imported by CA servers by escape way, and private key safety is protected by KMC server passwords machine.
3. according to described by Fig. 3, user needs to register in signature server before using mobile terminal digital signature system The mobile terminal, it is ensured that only legal user could be digitally signed request using registered terminals, and register flow path is as follows:
Step S301:User installs application software in intelligent mobile terminal first, after application software initiated, checks whether there is The certificate of signature server, KMC server passwords machine and user, automatically from preset website downloadable authentication if without certificate;
Step S302:Registration request user inputs:User name UserId, private key encryption password Kp, subscriber phone number, choosing User certificate is selected, then asks mobile phone identifying code to signature server;
Step S303:After signature server receives the mobile phone identifying code request of user, according to the user name of user's input UserId, phone number compares with registered information, if user name is existing, illustrates that user is already registered for, at this moment mobile phone The phone number of the registered mistake of the user number is necessary for, if user name is not present, explanation is new registration user, and cell-phone number is necessary For new number;
Step S304:Signature server sends short message verification code to user mobile phone after confirming successfully, and preserves identifying code;
Step S305:User, which receives, to be inputted the short message verification code after short message verification code and makes to specified location, mobile terminal With the public key encryption user certificate sequence number of KMC server password machines, private key encryption key, current time T, represent as follows:
EncKMC=PubKmc(user certificate sequence number Uc, private key encryption key Kp, time T);
Step S306:System sends a request for registration to server, and content includes:User name, phone number, mobile terminal No. IMEI, short message verification code, EncKMC, above content using server certificate generation digital envelope protected:
Random generation key K, is encrypted to registration request using symmetric encipherment algorithm (such as AES) using K, represented such as Under:
EncK(user name UserId, cell-phone number, terminal IMEI number, HASH (user name UserId, cell-phone number, terminal IMEI Number, short message verification code, PubKmc(user certificate sequence number Uc, private key encryption key Kp, time T))).
Then the public key Pub inside server certificate is utilizedServKey K is encrypted, represented as follows:
PubServ(K)。
Above cryptographic results are packaged using the digital envelope form for meeting PKCS grammers.
Step S307:Server receives registration request, decrypts digital envelope first with private key, checking short message verification code is It is no correct, if different explanation user profile is wrong, return to error result;
Step S308:After being verified, signature server is PubKmc(user certificate sequence number Uc, private key encryption key Kp, time T) it is submitted to KMC server password machines.
Step S309:The information that KMC server password machines the reception server is submitted, is decrypted using its private key, obtained User certificate serial number Uc, private key encryption key Kp, time T are obtained, first checks for checking current time and time T difference, such as Fruit exceeds allowed band, then refusal receives, and returns to mistake.Then user certificate is obtained according to user certificate sequence number and encryption is protected The private key for user deposited, using Kp decrypted user private keys, matching checking is carried out with user certificate, shows user if the match is successful Possess correct encryption key, it was demonstrated that the identity of user is real, is returned success message, and otherwise returns to failed message.
Step S310:The information returned according to KMC server passwords machine, returned success message if success, use is close Key K is encrypted:
ENCK(UserId, successful information, Hash (successful information, short message verification code))
Otherwise failed message is returned.The user name UserId of signature server storage simultaneously, cell-phone number, terminal IMEI, short message Identifying code, with checking later.
Step S311:The message that user's the reception server returns, using key K ciphertext datas, hash value is verified, judges to note Whether volume succeeds.If success, terminal calculates HA1=HASH (cell-phone number, short message verification code) and is saved in as terminal pass code Mobile terminal, without preserving cell-phone number, the sensitive information such as encryption key and short message verification code.
The terminal only registered just can connect to server and enter row data communication, and same user can register multiple ends End is, it is necessary to ensure that username and password is consistent.
2nd, machine code and shared secret are superimposed binding:Terminal system carries out Hash (terminal pass code HA1+ terminals IMEI number) computing, a login authentication code is generated, for authentication, this authentication code has bound subscriber phone number, moves Dynamic terminal device and user identity.
3rd, Fig. 4 describes terminal and is digitally signed the flow of application with server, and key step is as follows:
Step S41:When user needs digital signature, mobile terminal obtains first is stored in local HA1, obtains terminal IMEI numbers, electronic document M to be signed hash value is calculated, then prompt user to input private key encryption key Kp, utilized Public key inside KMC server password machine certificates makes digital envelope protection electronic document hash value, user key Kp, and works as Preceding time T.Represent as follows:
PEncKmc=(PubKmc(K),EncK(Hash (M), user certificate sequence number Uc, Kp, T))
Final digital signature solicitation message is:
SessionId, UserId, IMEI, PEncKmc, Hash (above-mentioned message, HA1), wherein SessionId are session User name when ID, UserId are registration.Signature solicitation message is sent to signature server.
Step S42:Signature server receives the request of user, obtains the packet of user according to UserId, IMEI first Include phone number, short message verification code etc., calculate HA11=HASH (cell-phone number, short message verification code), calculate Hash (SessionId, UserId, IMEI, PubKmc, HA11) compared with the data that user sends over, if unanimously proving that user terminal is Registered trusted terminal.
Step S43:Signature server forwards PEncKmc=(PubKmc(K),EncK(Hash (M), user certificate sequence number Uc, Kp, T)) arrive KMC server password machines.
Step S44:KMC server passwords machine obtains Hash (M), user certificate using its private key decryption digital envelope Sequence number Uc, Kp, time T.First check for checking current time and time T difference, if exceeding allowed band, refusal connects By return mistake.Then the private key for user of encrypting storing is obtained according to user certificate sequence number, using Kp decrypted user private keys, Using the private key encryption Hash (M) of user, the digital signature as M returns to user, otherwise returns to failed message.The message of return It is as follows:
SessionId, UserId, Sigpri(Hash(M))
Step S45:The message of user's the reception server, judge whether to ask successfully to utilize the card of user if success Whether book checking digital signature is correct, this digital signature application success is represented if correct, Sigpri(Hash (M)) is carried Application software is given, otherwise reports user's error message.
The present invention utilizes cryptographic technique, and digital certificate and short message are combined a kind of safe number realized on mobile terminal Word endorsement method, trustship is inside server password machine after the signature private key encryption of user, and only user could call the private key Computing is encrypted, need to only perform a small amount of computing on mobile terminals, suitable for all kinds of mobile terminals.It is based on mobile terminal simultaneously Privately owned attribute and the authentication protocol of safety provide a kind of authentication techniques of safe and convenient, allow user from remotely passing through shifting Dynamic terminal request digital signature, safe operation process are convenient.

Claims (1)

  1. A kind of 1. mobile terminal key escrow digital signature method, it is characterised in that:
    Methods described relies on mobile terminal, signature server and KMC server passwords machine and completed;
    User, signature server and KMC server password machines possess private key and certificate that authoritative institution issues, and signature server is born The signature private key of duty management user, after user's signature private key encryption trustship user is ensured by signature server in signature server The safety of signature private key;Be stored in after the encryption of all keys of system in KMC server password machines, the encryption key of private key for user by User oneself is grasped, and KMC server passwords machine can only be communicated with signature server;
    User downloadable authentication and inquiry certificate status, customer mobile terminal software can provide man-machine interface from network, receive The information of user's input, when terminal applies need to be digitally signed, the hash value of information to be signed and the identity of user are believed Breath, which is packaged together, forms digital signature request message, and signature server, signature clothes are sent to by short message or network service Business device is verified to user's request, and KMC server password machines are called after being verified, digital label are carried out using private key for user Name, signature result is then returned to user, complete digital signature procedure;Comprise the following steps that:
    (1) user and terminal registration step are as follows:
    Step S301:User installs application software in intelligent mobile terminal first, after application software initiated, checks whether there is signature The certificate of server, KMC server passwords machine and user, automatically from preset website downloadable authentication if without certificate;
    Step S302:Registration request user inputs:User name UserId, private key encryption password Kp, subscriber phone number, selection are used Family certificate, then ask mobile phone identifying code to signature server;
    Step S303:After signature server receives the mobile phone identifying code request of user, according to the user name of user's input UserId, phone number compares with registered information, if user name is existing, illustrates that user is already registered for, at this moment mobile phone The phone number of the registered mistake of the user number is necessary for, if user name is not present, explanation is new registration user, and cell-phone number is necessary For new number;
    Step S304:Signature server sends short message verification code to user mobile phone after confirming successfully, and preserves identifying code;
    Step S305:User, which receives, to be inputted the short message verification code after short message verification code and uses KMC to specified location, mobile terminal The public key encryption user certificate sequence number of server password machine, private key encryption key, current time T, represent as follows:
    EncKMC=PubKmc(user certificate sequence number Uc, private key encryption key Kp, time T);
    Step S306:System sends a request for registration to signature server, and content includes:User name, phone number, mobile terminal IMEI number, short message verification code, EncKMC, above content using server certificate generation digital envelope protected:
    Random generation key K, is encrypted to registration request using symmetric encipherment algorithm (such as AES) using K, represented as follows:
    EncK(user name UserId, cell-phone number, terminal IMEI number, (user name UserId, cell-phone number, terminal IMEI number are short by HASH Believe identifying code, PubKmc(user certificate sequence number Uc, private key encryption key Kp, time T)));
    Then the public key Pub inside signature server certificate is utilizedServKey K is encrypted, represented as follows:
    PubServ(K);
    Above cryptographic results are packaged using the digital envelope form for meeting PKCS grammers;
    Step S307:Signature server receives registration request, decrypts digital envelope first with private key, checking short message verification code is It is no correct, if different explanation user profile is wrong, return to error result;
    Step S308:After being verified, signature server is PubKmc(user certificate sequence number Uc, private key encryption key Kp, when Between T) be submitted to KMC server password machines;
    Step S309:KMC server passwords machine receives the information that signature server is submitted, and is decrypted, obtained using its private key User certificate serial number Uc, private key encryption key Kp, time T are obtained, first checks for checking current time and time T difference, such as Fruit exceeds allowed band, then refusal receives, and returns to mistake;Then user certificate is obtained according to user certificate sequence number and encryption is protected The private key for user deposited, using Kp decrypted user private keys, matching checking is carried out with user certificate, shows user if the match is successful Possess correct encryption key, it was demonstrated that the identity of user is real, is returned success message, and otherwise returns to failed message;
    Step S310:The information returned according to KMC server passwords machine, return success message if success, entered using key K Row encryption:
    ENCK(UserId, successful information, Hash (successful information, short message verification code))
    Otherwise failed message is returned;The user name UserId of signature server storage simultaneously, cell-phone number, terminal IMEI, short-message verification Code, with checking later;
    Step S311:User receives the message that signature server returns, and using key K ciphertext datas, verifies hash value, judges to note Whether volume succeeds;If success, terminal calculates HA1=HASH (cell-phone number, short message verification code) and is saved in as terminal pass code Mobile terminal, without preserving cell-phone number, the sensitive information such as encryption key and short message verification code;
    The terminal only registered just can connect to signature server and enter row data communication, and same user can register multiple ends End is, it is necessary to ensure that username and password is consistent;
    (2) the step of terminal request digital signature is as follows:
    Step S41:When user needs digital signature, mobile terminal obtains first is stored in local HA1, obtains the IMEI of terminal Number, electronic document M to be signed hash value is calculated, then prompt user to input private key encryption key Kp, serviced using KMC Public key inside device cipher machine certificate makes digital envelope protection electronic document hash value, user key Kp, and current time T; Represent as follows:
    PEncKmc=(PubKmc(K),EncK(Hash (M), user certificate sequence number Uc, Kp, T))
    Final digital signature solicitation message is:
    SessionId, UserId, IMEI, PEncKmc, Hash (above-mentioned message, HA1), wherein SessionId are session id, User name when UserId is registration;Signature solicitation message is sent to signature server;
    Step S42:Signature server receives the request of user, and first according to UserId, the information that IMEI obtains user includes hand Machine number, short message verification code etc., calculating HA11=HASH (cell-phone number, short message verification code), calculating Hash (SessionId, UserId, IMEI, PubKmc, HA11) compared with the data that user sends over, if unanimously proving that user terminal is Registered trusted terminal;
    Step S43:Signature server forwards PEncKmc=(PubKmc(K),EncK(Hash (M), user certificate sequence number Uc, Kp, T KMC server password machines)) are arrived;
    Step S44:KMC server passwords machine obtains Hash (M), user certificate sequence using its private key decryption digital envelope Number Uc, Kp, time T;The difference of current time and time T is first checked for, if exceeding allowed band, refusal receives, and returns Mistake;Then the private key for user of encrypting storing is obtained according to user certificate sequence number, using Kp decrypted user private keys, utilizes user Private key encryption Hash (M), as M digital signature return user, otherwise return to failed message;The message of return is as follows:
    SessionId, UserId, Sigpri(Hash(M))
    Step S45:User receives the message of signature server, judges whether to ask successfully to utilize the card of user if success Whether book checking digital signature is correct, this digital signature application success is represented if correct, Sigpri(Hash (M)) is carried Application software is given, otherwise reports user's error message.
CN201510096370.4A 2015-03-04 2015-03-04 A kind of mobile terminal key escrow digital signature method Active CN104618120B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510096370.4A CN104618120B (en) 2015-03-04 2015-03-04 A kind of mobile terminal key escrow digital signature method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510096370.4A CN104618120B (en) 2015-03-04 2015-03-04 A kind of mobile terminal key escrow digital signature method

Publications (2)

Publication Number Publication Date
CN104618120A CN104618120A (en) 2015-05-13
CN104618120B true CN104618120B (en) 2018-01-23

Family

ID=53152414

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510096370.4A Active CN104618120B (en) 2015-03-04 2015-03-04 A kind of mobile terminal key escrow digital signature method

Country Status (1)

Country Link
CN (1) CN104618120B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11621950B2 (en) 2018-08-27 2023-04-04 Boe Technology Group Co., Ltd. Data processing methods, servers, client devices and media for security authentication

Families Citing this family (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106326777A (en) * 2015-06-30 2017-01-11 青岛海信移动通信技术股份有限公司 System mirror image document signature method and system, client and server
US10574459B2 (en) * 2015-09-30 2020-02-25 Microsoft Technology Licensing, Llc Code signing service
CN107798255B (en) * 2015-10-19 2020-04-17 Oppo广东移动通信有限公司 Signature method and device for flash system mirror image
CN106888089B (en) * 2015-12-16 2019-12-13 卓望数码技术(深圳)有限公司 method and system for electronic signature and mobile communication terminal for electronic signature
CN106921496A (en) * 2015-12-25 2017-07-04 卓望数码技术(深圳)有限公司 A kind of digital signature method and system
CN106161037B (en) * 2016-08-19 2019-05-10 北京小米移动软件有限公司 Digital signature method and device
CN106789018B (en) * 2016-12-20 2019-10-08 百富计算机技术(深圳)有限公司 Secret key remote acquisition methods and device
CN107070663B (en) * 2017-03-28 2023-08-18 浙江神州量子网络科技有限公司 Mobile terminal-based field authentication method and field authentication system
CN107169316A (en) * 2017-04-13 2017-09-15 北京深思数盾科技股份有限公司 A kind of method and system of trustship hardware controls lock
CN107786332A (en) * 2017-10-23 2018-03-09 江西金格科技股份有限公司 The method being digitally signed on the mobile apparatus based on intelligent key disk
CN108242999B (en) * 2017-10-26 2021-04-16 招商银行股份有限公司 Key escrow method, device and computer-readable storage medium
CN108365961B (en) * 2018-01-02 2019-07-19 深圳壹账通智能科技有限公司 Interface invocation method and terminal device, interface invocation response method and server
CN108900309B (en) * 2018-05-17 2020-08-18 北京岸思信息科技有限公司 Authentication method and authentication system
CN108876368B (en) * 2018-05-30 2022-05-03 招商银行股份有限公司 Private key management method, device and computer-readable storage medium
CN109104282A (en) * 2018-06-21 2018-12-28 北京欧链科技有限公司 Transaction signature processing method, system, key server and electronic equipment
CN110719172B (en) * 2018-07-13 2021-08-10 北京京东尚科信息技术有限公司 Signature method, signature system and related equipment in block chain system
CN110490561B (en) * 2018-08-06 2020-09-15 北京白山耘科技有限公司 Distributed encryption management method, device and system for encryption currency wallet
CN109167759B (en) * 2018-08-09 2021-03-30 中国联合网络通信集团有限公司 A kind of mobile phone number acquisition method and device
CN109145540B (en) * 2018-08-24 2022-02-11 广州大学 Intelligent terminal identity authentication method and device based on block chain
CN109660346B (en) * 2019-01-16 2021-09-17 中钞信用卡产业发展有限公司杭州区块链技术研究院 Information hosting method, device, equipment and computer storage medium
CN110543773A (en) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 Method and device for signing blockchain private key of users of knowledge quiz platform
CN110543786A (en) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 method and device for signing block chain private key of shared economic platform user
CN110545177A (en) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 Method and device for signing blockchain private key of users of life service platform
US11658959B2 (en) * 2019-10-07 2023-05-23 Apple Inc. User authentication framework
CN110995416A (en) * 2019-10-12 2020-04-10 武汉信安珞珈科技有限公司 Method for associating mobile terminal with client
CN110943976B (en) * 2019-11-08 2022-01-18 中国电子科技网络信息安全有限公司 Password-based user signature private key management method
CN110932851B (en) * 2019-11-29 2022-09-23 四川省数字证书认证管理中心有限公司 A key protection method for multi-party cooperative operation based on PKI
CN111083164B (en) * 2019-12-30 2024-11-08 宁波和利时信息安全研究院有限公司 Security protection methods and related equipment for industrial control systems
CN111130777B (en) * 2019-12-31 2022-09-30 北京数字认证股份有限公司 Issuing management method and system for short-lived certificate
CN111212065B (en) * 2019-12-31 2021-08-27 海信集团有限公司 Household appliance communication encryption method, household appliance and server
CN113497712B (en) * 2020-04-04 2023-06-20 重庆傲雄在线信息技术有限公司 KGC data processing system
CN111245870B (en) * 2020-04-26 2020-08-14 国网电子商务有限公司 Mobile terminal-based identity authentication method and related device
CN112364308A (en) * 2020-11-13 2021-02-12 四川长虹电器股份有限公司 Online authorized android APK signature method and device
CN113612607B (en) * 2021-08-05 2024-04-09 北京数字认证股份有限公司 Method and device for sharing cryptographic capability of terminal, storage medium and electronic equipment
CN114301597B (en) * 2021-12-13 2024-02-09 零信技术(深圳)有限公司 Key verification method, device and readable storage medium
CN114329627A (en) * 2021-12-29 2022-04-12 深圳市名竹科技有限公司 Signature method, apparatus, computer equipment, storage medium
CN116155484B (en) * 2022-07-26 2025-09-23 上海加密原生科技有限公司 Blockchain collective signature method and signature machine
CN118862178A (en) * 2023-04-27 2024-10-29 腾讯科技(深圳)有限公司 Data processing method, device, equipment and medium based on trusted execution environment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369889A (en) * 2007-08-13 2009-02-18 深圳兆日技术有限公司 System and method for electronic endorsement of document
CN102710601A (en) * 2012-05-03 2012-10-03 苏州大学 Method for security encryption and signing based on identity file
CN102957534A (en) * 2011-08-19 2013-03-06 国民技术股份有限公司 Method and system for uniform identification of multiple terminals

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5917911A (en) * 1997-01-23 1999-06-29 Motorola, Inc. Method and system for hierarchical key access and recovery

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369889A (en) * 2007-08-13 2009-02-18 深圳兆日技术有限公司 System and method for electronic endorsement of document
CN102957534A (en) * 2011-08-19 2013-03-06 国民技术股份有限公司 Method and system for uniform identification of multiple terminals
CN102710601A (en) * 2012-05-03 2012-10-03 苏州大学 Method for security encryption and signing based on identity file

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11621950B2 (en) 2018-08-27 2023-04-04 Boe Technology Group Co., Ltd. Data processing methods, servers, client devices and media for security authentication

Also Published As

Publication number Publication date
CN104618120A (en) 2015-05-13

Similar Documents

Publication Publication Date Title
CN104618120B (en) A kind of mobile terminal key escrow digital signature method
CN104506534B (en) Secure communication key agreement interaction schemes
EP2950506B1 (en) Method and system for establishing a secure communication channel
CN104753917B (en) Key management system and method based on ID
US8868909B2 (en) Method for authenticating a communication channel between a client and a server
CN103297403B (en) A kind of method and system for realizing dynamic cipher verification
CN107040513B (en) Trusted access authentication processing method, user terminal and server
CN104038486B (en) System and method for realizing user login identification based on identification type codes
CN108650227A (en) Handshake method based on datagram secure transfer protocol and system
CN109495445A (en) Identity identifying method, device, terminal, server and medium based on Internet of Things
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN112766962A (en) Method for receiving and sending certificate, transaction system, storage medium and electronic device
CN102036242A (en) Access authentication method and system in mobile communication network
CN106453431B (en) The method authenticated between internet system is realized based on PKI
CN105577377A (en) Identity-based authentication method and identity-based authentication system with secret key negotiation
CN107404469A (en) A kind of secure session processing system, unit and method
CN114697040B (en) Electronic signature method and system based on symmetric key
CN101296083A (en) An encrypted data transmission method and system
US11483146B2 (en) Technique for protecting a cryptographic key by means of a user password
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN119766433A (en) Encryption communication method, device and system supporting post quantum algorithm
CN103986716A (en) Establishing method for SSL connection and communication method and device based on SSL connection
CN120811769B (en) Authentication methods, systems, electronic devices, storage media and software products
CN119766447B (en) IPSEC VPN remote access methods, systems, and computer devices supporting post-quantum algorithms
CN110532741B (en) Personal information authorization method, authentication center and service provider

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: Digital signature method for escrowing private key of mobile terminal

Effective date of registration: 20190325

Granted publication date: 20180123

Pledgee: Qingdao high technology financing Company limited by guarantee

Pledgor: QINGDAO WEIZHIHUI INFORMATION CO., LTD.

Registration number: 2019990000255

PE01 Entry into force of the registration of the contract for pledge of patent right
PC01 Cancellation of the registration of the contract for pledge of patent right
PC01 Cancellation of the registration of the contract for pledge of patent right

Date of cancellation: 20200924

Granted publication date: 20180123

Pledgee: Qingdao high technology financing Company limited by guarantee

Pledgor: QINGDAO WEIZHIHUI INFORMATION Co.,Ltd.

Registration number: 2019990000255

PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A key escrow digital signature method for mobile terminal

Effective date of registration: 20200924

Granted publication date: 20180123

Pledgee: Qingdao high technology financing Company limited by guarantee

Pledgor: QINGDAO WEIZHIHUI INFORMATION Co.,Ltd.

Registration number: Y2020990001164

PC01 Cancellation of the registration of the contract for pledge of patent right
PC01 Cancellation of the registration of the contract for pledge of patent right

Date of cancellation: 20220602

Granted publication date: 20180123

Pledgee: Qingdao high technology financing Company limited by guarantee

Pledgor: QINGDAO WEIZHIHUI INFORMATION Co.,Ltd.

Registration number: Y2020990001164