SIGNING METHOD, APPARATUS, AND SYSTEM

US 20110047386A1
Filed: 04/20/2010
Published: 02/24/2011
Est. Priority Date: 04/30/2009
Status: Active Grant

First Claim

Patent Images

1. A signing method, wherein after an identifier and a separator of information for review have been shared between a client host and a server, the method comprises the steps of:

operations by the client host;

creating a connection between the client host and a key device;

receiving transaction information entered by a user via an input unit which comprises at least one of input means of the client host and input means of the key device;

generating a transaction message based on the transaction information;

determining key information according to the transaction message;

transferring a data packet for signing with the key information and the separator to the key device; and

waiting for receiving a feedback from the key device by the client host,operations by the key device;

receiving the data packet for signing from the client host;

obtaining the key information from the data packet for signing by the separator;

outputting the identifier of information for review corresponding to the key information and the key information and waiting for confirmation of the user;

completing digital signing of the data packet for signing if the confirmation is received by the key device from the user within a predetermined time period, in which the predetermined time period is a pre-defined value of time for waiting for the confirmation of the user;

transmitting a signature generated by the digital signing to the client host as a feedback; and

returning a cancellation message to the client host as a feedback if a cancellation signal is received by the key device within the predetermined time period, andoperations by the server;

receiving the transaction message and the signature from the client host;

obtaining key information from the transaction message according to the identifier of information for review;

generating a data packet for signing according to the key information and the separator; and

verifying the signature from the client host with the data packet for signing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A signing method, apparatus, and system, which relate to the information security field. The present invention overcomes the problem of signature counterfeit in prior art. The client host generates a transaction message and determines the key information of the message after receiving transaction information entered by a user, forms a data packet for signing, and transmits the data packet to the USB key, which will then extract the key information and output it for confirmation by the user, and if a confirmation is received, the USB key signs the data packet and transmits a signature to the client host; after receiving the signature and the transaction message from the client host, the server extracts the key information from the transaction message to form a data packet for signing and verifies the signature against the data packet. The embodiments of the present invention are mainly applicable to the field of information security.

13 Citations

View as Search Results

20 Claims

1. A signing method, wherein after an identifier and a separator of information for review have been shared between a client host and a server, the method comprises the steps of:
- operations by the client host;
  
  creating a connection between the client host and a key device;
  
  receiving transaction information entered by a user via an input unit which comprises at least one of input means of the client host and input means of the key device;
  
  generating a transaction message based on the transaction information;
  
  determining key information according to the transaction message;
  
  transferring a data packet for signing with the key information and the separator to the key device; and
  
  waiting for receiving a feedback from the key device by the client host,operations by the key device;
  
  receiving the data packet for signing from the client host;
  
  obtaining the key information from the data packet for signing by the separator;
  
  outputting the identifier of information for review corresponding to the key information and the key information and waiting for confirmation of the user;
  
  completing digital signing of the data packet for signing if the confirmation is received by the key device from the user within a predetermined time period, in which the predetermined time period is a pre-defined value of time for waiting for the confirmation of the user;
  
  transmitting a signature generated by the digital signing to the client host as a feedback; and
  
  returning a cancellation message to the client host as a feedback if a cancellation signal is received by the key device within the predetermined time period, andoperations by the server;
  
  receiving the transaction message and the signature from the client host;
  
  obtaining key information from the transaction message according to the identifier of information for review;
  
  generating a data packet for signing according to the key information and the separator; and
  
  verifying the signature from the client host with the data packet for signing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein a local interface is pre-installed on the client host;
    - and the receiving transaction information entered by a user via an input unit comprises such a step that the local interface of the client host receives the transaction information entered by the user via the input unit.
  - 3. The method of claim 1, wherein a local interface and embedded code are pre-installed on the client host;
    - and if the client host receives the transaction information entered by the user via both the input means of the client host itself and the input means of the key device, or the client host receives the transaction information entered by the user via the input means of the key device only, the method comprises the following step before receiving the transaction information;
      
      the embedded code activates the input means of the key device through the local interface.
  - 4. The method of claim 1, wherein a local interface and embedded code are pre-installed on the client host;
    - and the determining key information according to the transaction message comprises the following steps;
      
      the client host obtains the key information from the transaction message according to the identifier of information for review, orthe embedded code activates the input means of the key device via the local interface;
      
      the client host receives digital key information entered by the user via the input means of the key device, extracts the key information from the transaction message according to the identifier of information for review, and verifies the digital key information against the key information extracted from the transaction message; and
      
      if they match, arrange the key information in a specific order.
  - 5. The method of claim 1, wherein a time limit is pre-determined on the client host;
    - and if the client host receives a feedback from the key device within the time limit and the feedback is a signature, the method further comprises the following step;
      
      the client host transmits the signature and the transaction message to the server.
  - 6. The method of claim 1, wherein a time limit is pre-determined on the client host;
    - and if the client host receives a feedback from the key device within the time limit and the feedback is a cancellation message, the method further comprises the following steps;
      
      the client host transmits an operation cancelling command to the key device; and
      
      the client host receives a message reporting that operation has been cancelled from the key device,before the time limit expires, during the client host is waiting for the feedback from the key device, the method further comprises the following steps;
      
      the client host transmits an operation cancelling command to the key device at any time; and
      
      the client host receives a message reporting that operation has been cancelled from the key device.
  - 7. The method of claim 1, wherein the obtaining key information from the data packet for signing by the separator comprises the following steps:
    - the key device detects number of separators in the data packet for signing; and
      
      the key device resolves the data packet for signing according to the number of separators to obtain the key information.
  - 8. The method of claim 1, wherein outputting the identifier of information for review corresponding to the key information and the key information comprises the following step:
    - the key device renders the identifier of information for review corresponding to the key information and the key information via a display;
      
      or the key device broadcasts the identifier of information for review corresponding to the key information and the key information via a voice speaker.

9. A key device, wherein an identifier and a separator of information for review have been shared between a client host and a server and the key device has been connected to the client host, said device comprises:
- a receipt module, adapted to receive a data packet for signing from the client host;
  
  an obtaining module, adapted to obtain key information from the data packet for signing by the separator;
  
  an output module, adapted to output the identifier of information for review corresponding to the key information and the key information and wait for information from a user;
  
  a signing module, adapted to sign the data packet for signing if a confirmation is received from the user within a predetermined time period;
  
  the predetermined time period is a value of time for which the output module waits for user input; and
  
  a transmission module, adapted to transmit a signature generated by the signing module to the client host as a feedback, and transmit a cancellation message to the client host as a feedback if a cancellation signal is received from the user within the predetermined time period.
- View Dependent Claims (10, 11, 12)
- - 10. The key device of claim 9, wherein the obtaining module comprises:
    - a detection unit, adapted to detect number of separators in the data packet for signing; and
      
      a resolving unit, adapted to resolve the data packet for signing by the number of separators to obtain the key information.
  - 11. The key device of claim 9, wherein the device further comprises:
    - a cancellation module, adapted to cancel operation and report to the client host that the operation has been cancelled if no confirmation or cancellation signal has been received from the user within the predetermined time period or if a cancellation message has been received from the client host within the predetermined time period; and
      
      a first receipt module, adapted to receive an operation cancelling command from the client host;
      
      the cancellation module is also adapted to cancel the operation and report to the client host that the operation has been cancelled when the operation cancelling command is received by the first receipt module.
  - 12. The key device of claim 9, wherein the output module comprises:
    - a display unit, adapted to render the identifier of information for review corresponding to the key information and the key information via a display;
      
      ora broadcasting unit, adapted to broadcast the identifier of information for review corresponding to the key information and the key information via a voice speaker.

13. A signing system, comprising a client host, a key device, and a server, wherein an identifier and a separator of information for review have been shared between the client host and the server, and the key device has been connected to the client host;
- the client host is adapted to connect with the key device, receive transaction information entered by a user via an input unit which comprises at least one of input means of the client host and input means of the key device, generate a transaction message based on the transaction information, determine key information according to the transaction message, transmit a data packet for signing with the key information and the separator to the key device, and wait for a feedback from the key device;
  
  the key device is adapted to receive the data packet for signing from the client host, obtain the key information from the data packet for signing according to the separator, output the identifier of information for review corresponding to the key information and the key information, and wait for user input, and if a confirmation is received from the user within a predetermined time period, complete signing of the data packet, in which the predetermined time period is a pre-defined value of time for waiting for user input, transmit a signature generated by the signing to the client host as a feedback, and if a cancellation message is received from the user within the predetermined time period, transmit a cancellation message to the client host as a feedback; and
  
  the server is adapted to receive the transaction message and the signature from the client host, obtain the key information from the transaction message according to the identifier of information for review, generate a data packet for signing according to the key information and the separator, and verify the signature from the client host against the data packet for signing.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The signing system of claim 13, wherein the client host comprises:
    - a connection module, adapted to connect with the key device;
      
      a local interface module, adapted to receive the transaction information entered by the user via the input unit which comprises at least one of input means of the client host and input means of the key device;
      
      a generation module, adapted to generate the transaction message based on the transaction information;
      
      an obtaining module, adapted to determine the key information of the transaction message;
      
      a first transmission module, adapted to transmit the data packet with the key information and the separator to the key device; and
      
      a receipt module, adapted to wait for and receive the feedback from the key device.
  - 15. The signing system of claim 14, wherein the client host further comprises:
    - an embedded code module, adapted to activate the input means of the key device via the local interface module.
  - 16. The signing system of claim 15, wherein the obtaining module obtains the key information from the transaction message according to the identifier of information for review;
    - or, the obtaining module obtains digital key information entered by the user via the input means of the key device, extracts the key information from the transaction message according to the identifier of information for review, and verifies the digital key information against the key information that has been extracted after the embedded code module activates the input means of the key device via the local interface module; and
      
      if the digital key information and the key information that has been extracted match, the obtaining module arranges the key information in a specific order.
  - 17. The signing system of claim 14, wherein a time limit is predetermined on the client host, and the client host further comprises:
    - a second transmission module, adapted to, if the local interface module has received a feedback from the key device within the time limit and the feedback is a signature, transmit the signature and the transaction message to the server.
  - 18. The signing system of claim 14, wherein a time limit is predetermined on the client host, and the client host further comprises:
    - a cancellation transmission module, adapted to, if the local interface module has received a feedback from the key device within the time limit and the feedback is a cancellation message, transmit an operation cancelling command to the key device; and
      
      a cancellation receipt module, adapted to receive a message reporting that operation has been cancelled from the key device.
  - 19. The signing system of claim 14, wherein a time limit is predetermined on the client host, and the cancellation transmission module is also adapted to transmit an operation cancelling command to the key device at any time during the client host is waiting for a feedback from the key device before the time limit expires.
  - 20. The signing system of claim 13, wherein the server comprises:
    - a receipt module, adapted to receive the transaction message and the signature from the client host;
      
      an obtaining module, adapted to obtain the key information of the transaction message according to the identifier of information for review;
      
      a generation module, adapted to generate the data packet for signing according to the key information and the separator; and
      
      a verification module, adapted to verify the signature from the client host against the data packet for signing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Feitian Technologies Company Limited
Original Assignee
Feitian Technologies Company Limited
Inventors
Lu, Zhou, Yu, Huazhang

Granted Patent

US 8,443,196 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/34   involving the use of extern...

G06Q 20/3823   combining multiple encrypti...

G06Q 30/06   Buying, selling or leasing ...

H04L 63/126   the source of the received ...

SIGNING METHOD, APPARATUS, AND SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SIGNING METHOD, APPARATUS, AND SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links