SIGNING METHOD, APPARATUS, AND SYSTEM
First Claim
1. A signing method, wherein after an identifier and a separator of information for review have been shared between a client host and a server, the method comprises the steps of:
- operations by the client host;
creating a connection between the client host and a key device;
receiving transaction information entered by a user via an input unit which comprises at least one of input means of the client host and input means of the key device;
generating a transaction message based on the transaction information;
determining key information according to the transaction message;
transferring a data packet for signing with the key information and the separator to the key device; and
waiting for receiving a feedback from the key device by the client host,operations by the key device;
receiving the data packet for signing from the client host;
obtaining the key information from the data packet for signing by the separator;
outputting the identifier of information for review corresponding to the key information and the key information and waiting for confirmation of the user;
completing digital signing of the data packet for signing if the confirmation is received by the key device from the user within a predetermined time period, in which the predetermined time period is a pre-defined value of time for waiting for the confirmation of the user;
transmitting a signature generated by the digital signing to the client host as a feedback; and
returning a cancellation message to the client host as a feedback if a cancellation signal is received by the key device within the predetermined time period, andoperations by the server;
receiving the transaction message and the signature from the client host;
obtaining key information from the transaction message according to the identifier of information for review;
generating a data packet for signing according to the key information and the separator; and
verifying the signature from the client host with the data packet for signing.
1 Assignment
0 Petitions
Accused Products
Abstract
A signing method, apparatus, and system, which relate to the information security field. The present invention overcomes the problem of signature counterfeit in prior art. The client host generates a transaction message and determines the key information of the message after receiving transaction information entered by a user, forms a data packet for signing, and transmits the data packet to the USB key, which will then extract the key information and output it for confirmation by the user, and if a confirmation is received, the USB key signs the data packet and transmits a signature to the client host; after receiving the signature and the transaction message from the client host, the server extracts the key information from the transaction message to form a data packet for signing and verifies the signature against the data packet. The embodiments of the present invention are mainly applicable to the field of information security.
13 Citations
20 Claims
-
1. A signing method, wherein after an identifier and a separator of information for review have been shared between a client host and a server, the method comprises the steps of:
-
operations by the client host; creating a connection between the client host and a key device; receiving transaction information entered by a user via an input unit which comprises at least one of input means of the client host and input means of the key device; generating a transaction message based on the transaction information; determining key information according to the transaction message; transferring a data packet for signing with the key information and the separator to the key device; and waiting for receiving a feedback from the key device by the client host, operations by the key device; receiving the data packet for signing from the client host; obtaining the key information from the data packet for signing by the separator; outputting the identifier of information for review corresponding to the key information and the key information and waiting for confirmation of the user; completing digital signing of the data packet for signing if the confirmation is received by the key device from the user within a predetermined time period, in which the predetermined time period is a pre-defined value of time for waiting for the confirmation of the user; transmitting a signature generated by the digital signing to the client host as a feedback; and returning a cancellation message to the client host as a feedback if a cancellation signal is received by the key device within the predetermined time period, and operations by the server; receiving the transaction message and the signature from the client host; obtaining key information from the transaction message according to the identifier of information for review; generating a data packet for signing according to the key information and the separator; and verifying the signature from the client host with the data packet for signing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A key device, wherein an identifier and a separator of information for review have been shared between a client host and a server and the key device has been connected to the client host, said device comprises:
-
a receipt module, adapted to receive a data packet for signing from the client host; an obtaining module, adapted to obtain key information from the data packet for signing by the separator; an output module, adapted to output the identifier of information for review corresponding to the key information and the key information and wait for information from a user; a signing module, adapted to sign the data packet for signing if a confirmation is received from the user within a predetermined time period;
the predetermined time period is a value of time for which the output module waits for user input; anda transmission module, adapted to transmit a signature generated by the signing module to the client host as a feedback, and transmit a cancellation message to the client host as a feedback if a cancellation signal is received from the user within the predetermined time period. - View Dependent Claims (10, 11, 12)
-
-
13. A signing system, comprising a client host, a key device, and a server, wherein an identifier and a separator of information for review have been shared between the client host and the server, and the key device has been connected to the client host;
-
the client host is adapted to connect with the key device, receive transaction information entered by a user via an input unit which comprises at least one of input means of the client host and input means of the key device, generate a transaction message based on the transaction information, determine key information according to the transaction message, transmit a data packet for signing with the key information and the separator to the key device, and wait for a feedback from the key device; the key device is adapted to receive the data packet for signing from the client host, obtain the key information from the data packet for signing according to the separator, output the identifier of information for review corresponding to the key information and the key information, and wait for user input, and if a confirmation is received from the user within a predetermined time period, complete signing of the data packet, in which the predetermined time period is a pre-defined value of time for waiting for user input, transmit a signature generated by the signing to the client host as a feedback, and if a cancellation message is received from the user within the predetermined time period, transmit a cancellation message to the client host as a feedback; and the server is adapted to receive the transaction message and the signature from the client host, obtain the key information from the transaction message according to the identifier of information for review, generate a data packet for signing according to the key information and the separator, and verify the signature from the client host against the data packet for signing. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification