CN100391144C - Generation and verification for digital certificate - Google Patents
Generation and verification for digital certificate Download PDFInfo
- Publication number
- CN100391144C CN100391144C CNB2004100962900A CN200410096290A CN100391144C CN 100391144 C CN100391144 C CN 100391144C CN B2004100962900 A CNB2004100962900 A CN B2004100962900A CN 200410096290 A CN200410096290 A CN 200410096290A CN 100391144 C CN100391144 C CN 100391144C
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- information
- digital
- signature
- holding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention relates to a generation and a verification methods for a digital certificate. The generation method comprises that A, After the information of a a digital certificate holding person is received, digital signatures can be carried out; B, the information of the digital certificate holding person which is digitally signed and a digital signature are transmitted to a storage medium which is provided by the digital certificate; C, the storage medium of the digital certificate stores the digitally signed information of the digital certificate holding person and the digital signature. The verification method comprises that A1, the authenticity of the digital signature which is read by the digital certificate is judged; in case the digital signature is true, a step B1 is executed; otherwise, the method ends; B1, the information of the digital certificate holding person is read by the digital certificate; whether the information is matched with the information of the digital certificate holding person is judged; in case the information is matched with the information of the digital certificate holding person, the digital certificate is judged to pass through verification; otherwise, the digital certificate is judged not to pass through verification. The generation method can generate the digital certificate having high safety, small memory space, low power consumption and effective duplication. The verification method is accurate, reliable and simple, and has high verification speed.
Description
Technical field
The present invention relates to be used for the certificate manufacturing and the operation technique of authentication, particularly a kind of generation method of digital certificate.
Background technology
In live and work, usually need to use the various certificates that are used for authentication, as in departments such as bank, restaurant, station and customs, need produce one's papers when personnel enter and carry out authentication.At present, the certificate that is used for authentication is general, and what use is the papery identity information, authentication relies on people's judgement fully and finishes, therefore, there is following shortcoming in this certificate: verify length consuming time, easily forge, security performance is low and the user can't oneself duplicate, must make up to licence issuing authority after promptly losing, wasted user's time.
At the problems referred to above, various digital certificates begin to occur, as the digital certificate and the digital certificate that comprises customer digital certificate based on the radio-frequency card technology.Below these two kinds of certificates are carried out simple explanation.
Digital certificate based on the radio-frequency card technology has two kinds, and a kind of is electronic tag card (RFID, RadioFrequency ID), and another kind is a radio-frequency (RF) digital certificate card.
Wherein, the memory space of RFID is less, is generally 32 bytes (Byte), and RFID stores a numeric string, and as the identification code of this card, this numeric string is not encrypted, so should easily forge by card.
Radio-frequency (RF) digital certificate card is a kind of fail safe radio frequency certificate card based on symmetric encipherment algorithm, and it is stored after user profile and photo are encrypted with symmetry algorithm, has central processing unit (CPU) in the card and finishes computing function.In use, card reader and this radio-frequency (RF) digital certificate card authenticate mutually with PKI, and user profile and photo are read in the success back in blocking.This radio-frequency (RF) digital certificate card safety than higher, anti-counterfeit capability is more intense, but has following shortcoming: 1, owing to adopted the symmetry algorithm encryption, technical know-how, the card reader that needs to make after the technical licensing just can be used for reading the card internal information; 2, owing to have CPU in the card, cost is higher; CPU in the card requires calculation, and power consumption is big; If the workflow among someone the malicious modification CPU, make its bypassing authentication process then the fail safe of this card destroyed.
The digital certificate that comprises customer digital certificate can be Contact Type Ic Card, and it has following function: public and private key comprises CPU and finishes above function generation, authentication, digital signature, certificate storage and data encryption etc. in the card.But also there is shortcoming in the digital certificate that this class comprises customer digital certificate: 1, owing to have CPU in the card, cost is higher; CPU in the card requires calculation, and power consumption is big; 2, because function realizes depending on complete X.509 digital certificate, need store complete X.509 digital certificate and rivest, shamir, adelman in card, the memory space that needs is big; 3, thereby the authentication process need calculates deciphering through complex mathematical, can not fast and effeciently authenticate.
In the applying date is on April 9th, 1996, the patent No. is 5,505,494, name is called the digital certificate that also discloses another kind of form in the United States Patent (USP) of " Systemfor producing a personal ID Card ", use the user profile of two-dimensional bar code store compressed in the card of this digital certificate, read behind user profile and the decompress(ion) and relatively carry out authentication with card reader in the user profile of database storage, especially, the compression user profile of this card stored can be encrypted, and key is to block outer or the electronics mode sends the verifier to.This digital certificate also exists shortcoming: this digital certificate has just adopted cryptographic algorithm that user profile is encrypted, and needs key when deciphering, if key leaks, then fail safe does not guarantee.
As can be seen from the above analysis, also do not have at present a kind of digital certificate both can satisfy safe, memory space is little and the requirement of arbitrarily duplicating, can satisfy short requirement of proving time again, therefore, how to generate a kind of both satisfied safe, memory space is little and the requirement of arbitrarily duplicating, the digital certificate that satisfies short requirement of proving time again becomes problem demanding prompt solution.
Summary of the invention
In view of this, main purpose of the present invention is to provide on the one hand a kind of generation method of digital certificate, this method can generate a kind of safe, memory space is little and the digital certificate that can arbitrarily duplicate.
According to above-mentioned purpose, technical scheme of the present invention is achieved in that
A kind of generation method of digital certificate, described digital certificate has storage medium, and this method comprises:
A, the information of holding the digital certificate people that receives is carried out digital signature, and the described data format of holding digital certificate people's information comprises: the version field that is used to store digital certificate version number, the certificate number territory that is used for reference numbers certificate certificate number, be used to identify the signature algorithm identifier symbol territory of the algorithm identifier of using, be used to identify the issuer field who sends out digital certificate office, be used to identify the term of validity territory of service time, be used to identify the owner territory of holding digital certificate people identity, be used to store the certificate of holding digital certificate people information and describe the territory, be used to store the photograph field of holding digital certificate people photo, be used to identify the signature algorithm parameter field that uses algorithm parameter, with the signature codomain that is used to store digital signature; The described data format of holding digital certificate people's information does not comprise the PKI of digital certificate X.509 and the extension field of digital certificate X.509; Describedly be used to store the photograph field of holding digital certificate people photo and adopt the JPEG compress technique to store described photo with the numeric string form;
B, will send in the storage medium that digital certificate has through the information of holding the digital certificate people of digital signature and digital signature;
The storage medium stores that C, digital certificate have is through the information of holding the digital certificate people and the digital signature of digital signature.
This method also comprises: the information of holding the digital certificate people is carried out DER coding and Hash HASH computing.
The described data format of holding digital certificate people's information of steps A also comprises: the biological information extension field that is used to store fingerprint, iris and/or the handwritten signature of holding the digital certificate people.
After step C, this method further comprises:
D, on the card face of digital certificate, print the information hold the digital certificate people.
The described information of holding the digital certificate people of step D comprises: name, sex, nationality, birthday, address, issuing unit, digital certificate number, photo and handwritten signature.
The physical entity of described digital certificate for being verified by card reader.
From such scheme as can be seen, generation digital certificate method provided by the invention can generate and a stringly comprises that to hold the digital certificate people information, that do not encrypt and the numeric string of digital signature is arranged and be stored in the storage medium of digital certificate.Because this numeric string can can't be forged by the digital signature authentication true and false and digital signature, so the digital certificate that generates is safe; Because numeric string need not encrypted, so it is little to take memory space; Because the true and false of digital certificate is to be determined by the digital signature of storage, and because the existence of digital signature, digital certificate can't be forged, and can arbitrarily duplicate numeric string in the digital certificate so hold the digital certificate people.Therefore, generation digital certificate method provided by the invention can generate a kind of safe, memory space is little and the digital certificate that can arbitrarily duplicate.Because the numeric string of storing in the digital certificate is not encrypted and do not had PKI, card reader need not be verified with digital certificate and decipher mutually, and the method for verifying digital certificate is simple and reliable, verifying speed is fast thereby make.In a nearlyer step, the present invention can print the information of holding the digital certificate people in digital certificate, thereby can compare with the information of holding the digital certificate people that card reader is read, and has accelerated the speed of checking more.
Description of drawings
Fig. 1 is the schematic diagram of the data format of numeric string in the digital certificate.
Fig. 2 is that digital certificate provided by the invention generates method flow diagram.
The method flow diagram that Fig. 3 verifies digital certificate for the present invention.
Fig. 4 is a digital certificate schematic appearance provided by the invention.
Embodiment
In order to make the purpose, technical solutions and advantages of the present invention clearer, by the following examples and with reference to accompanying drawing, the present invention is further elaborated.
The invention provides a kind of digital certificate, it has storage medium, and does not have any calculating device, as CPU.Stored the string number string in this digital certificate, this numeric string has comprised the essential information of holding the digital certificate people: passport NO., name, sex, nationality, date of birth, address, photo, handwritten signature, fingerprint and iris etc.Wherein, also passport NO., name, sex, nationality, date of birth, address, photo and handwritten signature can be printed on the digital certificate, as the visual information of holding the digital certificate people.The numeric string of storing in the digital certificate can be a digital certificate, can adopt the X.509 basic format of digital certificate as this digital certificate, but different with the definition and the value of the X.509 digital certificate ground field of standard: (1) does not comprise the X.509 extension field of digital certificate, but is provided with a biological information extension field; (2) do not comprise the X.509 PKI of digital certificate, promptly card reader does not need to authenticate mutually with PKI and digital certificate and just can read digital certificate institute canned data.
Complete X.509 digital certificate can be realized the fail safe of certificate, but X.509 certificate the inside comprises public key information, and public key information is used for encrypting data and the digital signature in the digital certificate X.509.In digital certificate of the present invention, all information are disclosed, need not encrypt, and digital certificate also need not the authentication person, so do not comprise public key information in the digital certificate of the present invention, has saved memory space.Owing to digital additional clause data have been used digital signature, so also do not reduce fail safe.
The X.509 digital certificate of band photo adopts unified resource location (URL) mode to deposit photo in the prior art, and the verifier must be linked to the address of appointment and remove to check photo, and can not obtain photo immediately, and more consuming time, the proving time is long.And digital certificate of the present invention is directly stored photo with the form of numeric string, makes the verifier directly can read photo from digital certificate.
In the digital certificate data format of numeric string as shown in Figure 1, its data comprise version, certificate number, signature algorithm identifier symbol, issuer, the term of validity, the owner, certificate description, photo, biological information expansion, signature algorithm parameter and signature value.Below respectively each numeric field data is narrated.
Version, the 8bit integer has been described the version number of the data format that this digital certificate uses.
Certificate number, the 64bit integer, the positive integer of being provided with for every digital certificate, the certificate number of every digital certificate is unique.
The signature algorithm identifier symbol comprises the employed cryptographic algorithm identifier of digital certificate, and the data structure definition of its ASN.1 (Abstract Syntax Notation One) is as follows:
AlgorithmIdentifier ::=SEQUENCE{
algorithm OBJECT?IDENTIFIER,
parameters ANY?DEFINED?BY?algorithm?OPTIONAL }
Issuer, this numeric field data have identified the signature of digital certificate and have issued entity, and this territory is a name (Name) X.509, and the structure of its ASN.1 is as follows:
Name::=CHOICE{RDNSequence}
RDNSequence::=SEQUENCE?OF?RelativeDistinguishedName
RelativeDistinguishedName::=SET?OF?AttributeTypeAndValue
AttributeTypeAndValue::=SEQUENCE{
type AttributeType,
value AttributeValue?}
AttributeType::=OBJECT?IDENTIFIER
AttributeValue::=ANY?DEFINED?BY?AttributeType
The term of validity, this numeric field data have identified a time period, and in this time period, this certificate is all effective.This numeric field data is expressed as sequence (SEQUENCE) categorical data with two time values: the termination time (notAfter) of the zero-time of the certificate term of validity (notBefore) and the certificate term of validity.These two time encodings of notBefore and notAfter are the GeneralizedTime type.
The owner, this numeric field data has been described the identity of holding the digital certificate people.The structure of its ASN.1 is as follows:
Name::=CHOICE{RDNSequence}
RDNSequence::=SEQUENCE?OF?RelativeDistinguishedName
RelativeDistinguishedName::=SET?OF?AttributeTypeAndValue
AttributeTypeAndValue::=SEQUENCE{
type AttributeType,
value AttributeValue}
AttributeType::=OBJECT?IDENTIFIER
AttributeValue::=ANY?DEFINED?BY?AttributeType
Certificate is described, and the OID in this territory (Object Identifier) is 1.3.6.1.4.1.21315.5.1.This numeric field data has comprised all information of holding the digital certificate people, comprising: type of credential, and as driving license, English certificate, diploma and diploma, sex, nationality, date of birth and address etc.
The data structure of its ASN.1 is as follows:
id-ce-CertDescript?OBJECTIDENTIFIER::={id-ce?1.3.6.1.4.1.21315.5.1}
SubjectExtInfo::=CHOICE{RDNSequence}
RDNSequence::=SEQUENCE?OF?RelativeDistinguishedName
RelativeDistinguishedName::=SET?OF?AttributeTypeAndValue
AttributeTypeAndValue::=SEQUENCE{
type AttributeType,
value AttributeValue}
AttributeType::=OBJECT?IDENTIFIER
AttributeValue::=ANY?DEFINED?BY?AttributeType
--Naming?attributes?of?type?certtype
id-at-certtype AttributeType::={id-at?1.3.6.1.4.1.21315.5.1.1}
certtype::=BITString
--Naming?attributes?of?type?nationality
id-at-nationality AttributeType::={id-at?1.3.6.1.4.1.21315.5.1.2}
nationality::=BITString
--Naming?attributes?of?type?sex
id-at-sex AttributeType::={id-at?1.3.6.1.4.1.21315.5.1.3}
sex::=BITString
-Naming?attributes?of?type?birthday
id-at-birthday AttributeType::={id-at?1.3.6.1.4.1.21315.5.1.4}
birthday::=BITString
--Naming?attributes?of?type?postalcode
id-at-postalcode AttributeType::={id-at?1.3.6.1.4.1.21315.5.1.5}
postalcode::=BITString
Photo, the OID in this territory are 1.3.6.1.4.1.21315.5.2, and this numeric field data has comprised colour or the black-and-white photograph of holding the digital certificate people, and the photo specification can preestablish, and are 358 pixels (wide) * 441 pixels (height) as size, and resolution is 350dpi.Picture format is JPG, adopts the JPEG compress technique, compressed article prime factor 70.The data structure of its ASN.1 is as follows:
id-ce-Image?OBJECTIDENTIFIER::={id-ce?1.3.6.1.4.1.21315.5.5.2}
Image::=CHOICE?{
bmpstring?BITString(SIZE(1..MAX)),
jpgstring BITString}
The biological information expansion, the biological information extension field is optional digital certificate extension field data, the OID in this territory is 1.3.6.1.4.1.21315.5.3.The data structure of its ASN.1 is as follows:
id-ce-biologicInfo?OBJECTIDENTIFIER::={id-ce?1.3.6.1.4.1.21315.5.3}
biologicInfo?Extension::=SET?OF?AttributeTypeAndValue
AttributeTypeAndValue::=S?EQUENCE{
type AttributeType,
value AttributeValue}
AttributeType::=OBJECT?IDENTIFIER
AttributeValue::=ANY?DEFINED?BY?AttributeType
--Naming?attributes?of?type?fingerprint
id-at-fingeprint AttributeType::={id-at?1.3.6.1.4.1.21315.5.3.1}
fingerprint::=BITString
--Naming?attributes?of?type?retina
id-at-retina AttributeType::={id-at?1.3.6.1.4.1.21315.5.3.2}
retina::=BITString
--Naming?attributes?of?type?signature
id-at-signature AttributeType::={id-at?1.3.6.1.4.1.21315.5.3.3}
signature::=BITString
Can include the finger print information of holding the digital certificate people in these extension field data, hold digital certificate people's retinal information and/or hold digital certificate people's handwritten signature.
Signature algorithm, this numeric field data are used for identifying a cryptographic algorithm, and OBJECTIDENTIFIER has wherein partly identified concrete signature algorithm, the algorithm that the content of optional parameters places one's entire reliance upon and identified.The algorithm parameter in this territory should conform to the signature algorithm identifier symbol that the signature algorithm identifier symbol data field of numeric string is stored.Its ASN.1 data structure definition is:
AlgorithmIdentifier::=SEQUENCE{
algorithm OBJECT?IDENTIFIER,
parameters ANY?DEFINED?BY?algorithmOPTIONAL }
The signature codomain has comprised the result who each numeric field data of front is carried out digital signature.Each numeric field data of process ASN.1DER coding and Hash (HASH) algorithm is as the input of Digital Signature Algorithm, and the result of signature is encoded into BIT STRING type according to ASN.1 and is kept in the signature codomain.
Fig. 2 is that digital certificate provided by the invention generates method flow diagram, and its concrete steps are:
The process of each numeric field data of stuffing digit certificate is: the information of holding the digital certificate people that computer will receive is filled into each territory of digital certificate successively;
Each numeric field data that step 203, computer use private key step 202 to be carried out behind the DER coding of HASH computing is carried out digital signature, and digital signature is put into the signature codomain;
Step 204, with all data importings described in the step 203 in the storage medium of digital certificate;
In Fig. 2, step 205 is used for initiatively verifying whether print certificate information on holder and the digital certificate card face conforms to.
The existence of codomain owing to bear the signature, i.e. the existence of digital signature, the disabled user can't revise the information in the digital certificate, if the words of revising, after must producing data again and carrying out digital signature, in the importing digital certificate, this process with the described generation digital certificate of Fig. 2 is identical again.Like this, just guaranteed that digital certificate can be by malicious modification.
Except signature algorithm identifier symbol territory, signature algorithm parameter field and signature codomain must be arranged in the digital certificate, other each territories that is used to store the information of holding the digital certificate people can increase and decrease, so that digital certificate is used for different occasions.
After the digital certificate generation, must verify digital certificate.Because digital certificate of the present invention do not need PKI that it is deciphered, thus the card reader that the present invention verifies do not need to authenticate mutually with digital certificate, thereby do not need to authorize yet, just adopt the general card reader that can carry out signature algorithm to get final product.As: when digital certificate is radio-frequency card, adopt the radio-frequency card card reader; When digital certificate is IC-card, adopt IC-card card reader etc.
The method flow diagram that Fig. 3 verifies digital certificate for the present invention, its concrete steps are:
The true and false of step 301, card reader or the identification equipment determination number word signature that is connected with card reader, if be true, then execution in step 302; Otherwise, execution in step 306;
The process of the determination number word signature true and false:
After obtaining the signature codomain data in the digital certificate, be decrypted, obtain first value with the private key of licence issuing authority digital signature to the signature codomain;
Each numeric field data that does not comprise the codomain of signing used carry out DER with described identical DER coding of Fig. 2 and HASH algorithm and encode and the HASH computing, obtain second value;
The identical digital signature that then proves with second value of first value is genuine; Otherwise signature is forged, and digital certificate is false;
Each numeric field data that step 304, the identification equipment that is connected with card reader are judged digital certificate whether all and the information of holding digital certificate match, if, execution in step 305; Otherwise, execution in step 306;
The checking of step 306, digital certificate is not passed through, and card reader is reported to the police, and does not allow to use this certificate according to the function of this digital certificate, closes etc. as still keeping the gate inhibition.
When in step 303, comparing, if be printed with the information of holding the digital certificate people on the digital certificate, also can compare with the information of printing, then in step 304, judge be digital certificate each numeric field data whether all and the information that from the information that digital certificate is printed, is collected match, carry out subsequent step again.Similarly, be used to store the information of holding the digital certificate people if set in advance database, then can compare with the information of holding the digital certificate people accordingly of storing in the database, in step 304, judge be digital certificate each numeric field data whether all with database in the information of holding the digital certificate people accordingly of storing match, carry out subsequent step again.
Fig. 4 is a digital certificate schematic appearance provided by the invention, as shown in the figure, the card front of digital certificate comprises the information of holding digital certificate, as name, sex, nationality, date of birth, address, date of issue, the term of validity, certificate number, holder's signature and photo.The card backside of digital certificate comprises the licensor, if the storage information medium of digital certificate is the two-dimensional digital bar code, then also comprises the two-dimensional digital bar code.
This digital certificate of the present invention not only can and comprise the various material cards of two-dimensional bar code for radio-frequency card, IC-card, magnetic card, even can be floppy disk, CD and flash memory, therefore, as long as have storage medium and can be as digital certificate of the present invention by any carrier that card reader is verified.
Digital certificate provided by the invention has the following advantages.1, stop mantissa word certificate: because the numeric string of being stored comprises digital signature, and digital signature can't be forged, so even lose digital certificate, other people also can't act as fraudulent substitute for a person by the information in the change digital certificate card.2, digital certificate duplicates, duplicates effectively: the true and false of digital certificate is to be determined by the digital signature of card stored, and because the existence of digital signature, digital certificate can't be forged, only need the numeric string of being stored is duplicated or import to other storage mediums so hold the digital certificate people, need not to apply to get new certificate once more to licence issuing authority again.3, need not the use authority card reader: do not need to encrypt storage owing to read the data of digital certificate card stored, the algorithm component that any equipment that can read the digital certificate stored information increases a signature verification algorithm just can be used for verifying the legitimacy of digital certificate information, and this algorithm component of carrying out the signature verification algorithm is disclosed.4, low in energy consumption: the fail safe and the antifalsification of digital certificate embody in numeric string, and checking work is finished by card reader, need not digital certificate self and carry out any calculating, thereby digital certificate does not comprise CPU, low in energy consumption.5, cost is low: the numeric string of digital certificate stored adopts X.509 digital certificate basic format, but does not comprise PKI, so it is few to take storage resources, can adopt multiple storage medium as the numeric string carrier.6, checking fast and accurately: checking is finished by card reader, and the digital certificate surface is printed on the information of holding the digital certificate people, and for checking provides more intuitive and reliable information, proof procedure more fast, accurately is fit to big flow user's authentication place.
Digital certificate provided by the invention can be used as the card authentication of multiple function type, as driving license, English certificate, diploma, diploma, student's identity card and officer's identity card.
The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being made within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (6)
1. the generation method of a digital certificate, described digital certificate has storage medium, and this method comprises:
A, the information of holding the digital certificate people that receives is carried out digital signature, and the described data format of holding digital certificate people's information comprises: the version field that is used to store digital certificate version number, the certificate number territory that is used for reference numbers certificate certificate number, be used to identify the signature algorithm identifier symbol territory of the algorithm identifier of using, be used to identify the issuer field who sends out digital certificate office, be used to identify the term of validity territory of service time, be used to identify the owner territory of holding digital certificate people identity, be used to store the certificate of holding digital certificate people information and describe the territory, be used to store the photograph field of holding digital certificate people photo, be used to identify the signature algorithm parameter field that uses algorithm parameter, with the signature codomain that is used to store digital signature; The described data format of holding digital certificate people's information does not comprise the PKI of digital certificate X.509 and the extension field of digital certificate X.509; Describedly be used to store the photograph field of holding digital certificate people photo and adopt the JPEG compress technique to store described photo with the numeric string form;
B, will send in the storage medium that digital certificate has through the information of holding the digital certificate people of digital signature and digital signature;
The storage medium stores that C, digital certificate have is through the information of holding the digital certificate people and the digital signature of digital signature.
2. the method for claim 1 is characterized in that, before steps A, this method also comprises: the information of holding the digital certificate people is carried out DER coding and Hash HASH computing.
3. the method for claim 1 is characterized in that, the described data format of holding digital certificate people's information of steps A also comprises: the biological information extension field that is used to store fingerprint, iris and/or the handwritten signature of holding the digital certificate people.
4. the method for claim 1 is characterized in that, after step C, this method further comprises:
D, on the card face of digital certificate, print the information hold the digital certificate people.
5. method as claimed in claim 4 is characterized in that, the described information of holding the digital certificate people of step D comprises: name, sex, nationality, birthday, address, issuing unit, digital certificate number, photo and handwritten signature.
6. the method for claim 1 is characterized in that, the physical entity of described digital certificate for being verified by card reader.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100962900A CN100391144C (en) | 2004-11-26 | 2004-11-26 | Generation and verification for digital certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100962900A CN100391144C (en) | 2004-11-26 | 2004-11-26 | Generation and verification for digital certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1779702A CN1779702A (en) | 2006-05-31 |
| CN100391144C true CN100391144C (en) | 2008-05-28 |
Family
ID=36770024
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100962900A Expired - Fee Related CN100391144C (en) | 2004-11-26 | 2004-11-26 | Generation and verification for digital certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100391144C (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102007026836A1 (en) * | 2007-06-06 | 2008-12-11 | Bundesdruckerei Gmbh | Method and system for checking the authenticity of a product and reader |
| US8745400B2 (en) * | 2008-01-07 | 2014-06-03 | Siemens Enterprise Communications Gmbh & Co. Kg | Method for authenticating key information between terminals of a communication link |
| CN103065244A (en) * | 2011-10-18 | 2013-04-24 | 杨筑平 | Two-dimensional barcode anti-counterfeiting, checking and service method |
| CN104298899A (en) * | 2014-08-29 | 2015-01-21 | 苏州蓝恩信息科技有限公司 | Method for manually signing electronic data based on file summary information |
| CN107438000B (en) * | 2016-05-26 | 2020-08-07 | 青岛博文广成信息安全技术有限公司 | CF L Huyi authentication method |
| CN109495276B (en) * | 2018-12-29 | 2021-07-09 | 金邦达有限公司 | Electronic driving license implementation method based on SE chip, computer device and computer readable storage medium |
| CN110119598A (en) * | 2019-05-17 | 2019-08-13 | 北京思源互联科技有限公司 | A kind of digital license signs and issues method, verification method and its system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4995081A (en) * | 1988-03-21 | 1991-02-19 | Leighton Frank T | Method and system for personal identification using proofs of legitimacy |
| US5505494A (en) * | 1993-09-17 | 1996-04-09 | Bell Data Software Corporation | System for producing a personal ID card |
| CN1264974A (en) * | 1999-12-01 | 2000-08-30 | 陈永川 | Digital signature method using elliptic curve encryption algorithm |
| CN1339894A (en) * | 2000-08-24 | 2002-03-13 | 杭州中正生物认证技术有限公司 | Identification certificate and its making method |
| US20020152389A1 (en) * | 2001-02-22 | 2002-10-17 | Eiichi Horita | Distributed digital signature generation method and digitally signed digital document generation method and apparatus |
| US20030196086A1 (en) * | 2002-04-12 | 2003-10-16 | Canon Kabushiki Kaisha | Information processing apparatus, information processing system, information processing method, storage medium and program |
| CN1523515A (en) * | 2003-02-17 | 2004-08-25 | 诚 苏 | False proof method using digital signature |
-
2004
- 2004-11-26 CN CNB2004100962900A patent/CN100391144C/en not_active Expired - Fee Related
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4995081A (en) * | 1988-03-21 | 1991-02-19 | Leighton Frank T | Method and system for personal identification using proofs of legitimacy |
| US5505494A (en) * | 1993-09-17 | 1996-04-09 | Bell Data Software Corporation | System for producing a personal ID card |
| US5505494B1 (en) * | 1993-09-17 | 1998-09-29 | Bell Data Software Corp | System for producing a personal id card |
| CN1264974A (en) * | 1999-12-01 | 2000-08-30 | 陈永川 | Digital signature method using elliptic curve encryption algorithm |
| CN1339894A (en) * | 2000-08-24 | 2002-03-13 | 杭州中正生物认证技术有限公司 | Identification certificate and its making method |
| US20020152389A1 (en) * | 2001-02-22 | 2002-10-17 | Eiichi Horita | Distributed digital signature generation method and digitally signed digital document generation method and apparatus |
| US20030196086A1 (en) * | 2002-04-12 | 2003-10-16 | Canon Kabushiki Kaisha | Information processing apparatus, information processing system, information processing method, storage medium and program |
| CN1523515A (en) * | 2003-02-17 | 2004-08-25 | 诚 苏 | False proof method using digital signature |
Non-Patent Citations (4)
| Title |
|---|
| X.509证书的一种生成算法. 宁爱东,唐屹.广州大学学报(自然科学版),第2卷第5期. 2003 |
| X.509证书的一种生成算法. 宁爱东,唐屹.广州大学学报(自然科学版),第2卷第5期. 2003 * |
| 利用HASH函数改造的数字签名密码协议. 陈云志,周夏禹.电脑学习,第4期. 2004 |
| 利用HASH函数改造的数字签名密码协议. 陈云志,周夏禹.电脑学习,第4期. 2004 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1779702A (en) | 2006-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8607044B2 (en) | Privacy enhanced identity scheme using an un-linkable identifier | |
| CN109327457A (en) | A kind of internet of things equipment identity identifying method and system based on block chain | |
| CN107209821A (en) | For the method and authentication method being digitally signed to e-file | |
| US20090164796A1 (en) | Anonymous biometric tokens | |
| CN105354604A (en) | Effective novel anti-counterfeiting method based on physical unclonable function | |
| CN103679436A (en) | Electronic contract security system and method based on biological information identification | |
| US20120191977A1 (en) | Secure transaction facilitator | |
| CN109889495B (en) | Quantum computation resistant electronic seal method and system based on multiple asymmetric key pools | |
| US11303433B2 (en) | Method and device for generating HD wallet name card and method and device for generating HD wallet trusted address | |
| CN101596820B (en) | Method for making fingerprint encryption certificates and cards | |
| CN103310141A (en) | Method and system for monitoring of certificate information security | |
| CN100391144C (en) | Generation and verification for digital certificate | |
| Chen et al. | Enhancement of the RFID security method with ownership transfer | |
| Le et al. | Building an Application that reads Secure Information Stored on the Chip of the Citizen Identity Card in Vietnam | |
| CN108400874A (en) | The method that the digital signature function of terminal is authenticated printed text is verified using seal | |
| KR100406009B1 (en) | Method for protecting forgery and alteration of smart card using angular multiplexing hologram and system thereof | |
| CN112823350A (en) | Method and system for a monocular public key for a public ledger | |
| US20180253573A1 (en) | Systems and Methods for Utilizing Magnetic Fingerprints Obtained Using Magnetic Stripe Card Readers to Derive Transaction Tokens | |
| CN109120397B (en) | Document authentication method and system based on identification password | |
| CN115176260A (en) | Method, terminal, monitoring entity and payment system for managing electronic currency data sets | |
| Senkyire et al. | A Cryptographic Tamper Detection Approach for Storage and Preservation of Forensic Digital Data Based on SHA 384 Hash Function | |
| Hoffman et al. | Securing number plates based on digital signatures and RFID | |
| CN101882195A (en) | Method for manufacturing identity document and false-identifying device thereof | |
| JP7367270B1 (en) | Appraisal certification system and appraisal certification method | |
| JP2012226539A (en) | Holder authentication system, holder authentication terminal, base image generation device, and recording medium used for authentication as holder |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |