CN105488423A - Data file auditing and checking system and method - Google Patents

Data file auditing and checking system and method Download PDF

Info

Publication number
CN105488423A
CN105488423A CN201510809970.0A CN201510809970A CN105488423A CN 105488423 A CN105488423 A CN 105488423A CN 201510809970 A CN201510809970 A CN 201510809970A CN 105488423 A CN105488423 A CN 105488423A
Authority
CN
China
Prior art keywords
data file
cryptographic hash
verification code
sequence number
dynamic verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510809970.0A
Other languages
Chinese (zh)
Other versions
CN105488423B (en
Inventor
李志鹏
王洪波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tols Tianxiang Net An Information Technology Co ltd
Original Assignee
BEIJING TOPWALK INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING TOPWALK INFORMATION TECHNOLOGY Co Ltd filed Critical BEIJING TOPWALK INFORMATION TECHNOLOGY Co Ltd
Priority to CN201510809970.0A priority Critical patent/CN105488423B/en
Publication of CN105488423A publication Critical patent/CN105488423A/en
Application granted granted Critical
Publication of CN105488423B publication Critical patent/CN105488423B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data file auditing and checking system. The system comprises a sending device and a receiving device, wherein the sending device is suitable for generating a hash value according to the content of a data file, generating a serial number uniquely associated with the data file, generating a dynamic verification code according to the hash value and the serial number, writing the hash value, the serial number and the dynamic verification code into the data file, and sending the data file to the receiving device; and the receiving device is suitable for receiving the data file comprising the hash value, the serial number and the dynamic verification code, verifying the hash value and the dynamic verification code, and if both the hash value and the dynamic verification code are verified successfully, confirming that the content of the data file is not tampered and deleting the hash value, the serial number and the dynamic verification code. The invention furthermore discloses a data file auditing and checking method.

Description

A kind of examination & verification check system of data file and method
Technical field
The present invention relates to information security field, especially a kind of examination & verification check system of data file and method.
Background technology
Flourish along with the industrial application of information technology, ecommerce etc., the particularly development of network electronic government affairs, most enterprises mechanism, government agencies at all levels all establish network and the application system of inter-process affairs, and the demand of carrying out data interaction is each other also day by day urgent and frequent.But thing followed network intrusions and network attack are also more and more frequent, the information data in mutual between net can not get safely effectively ensureing.Wherein, how to guarantee the transmission security in data interaction, particularly the encryption of data and examination & verification verification thereof are caused especially and paid close attention to widely.
Therefore, be necessary to provide a kind of safer examination & verification checkschema, guarantee that data are not tampered in the transmission.
Summary of the invention
For this reason, the invention provides a kind of examination & verification checkschema of data file, to try hard to solve or at least alleviate at least one problem existed above.
According to an aspect of the present invention, provide a kind of examination & verification check system of data file, this system comprises transmitting apparatus and receiving equipment, wherein transmitting apparatus is suitable for generating cryptographic hash according to content data file, also be suitable for generating the sequence number with this data file unique association, also be suitable for generating dynamic verification code according to cryptographic hash and sequence number, and by after cryptographic hash, sequence number and dynamic verification code write data file, this data file be sent to receiving equipment; Receiving equipment is suitable for receiving this data file comprising cryptographic hash, sequence number and dynamic verification code, verifies cryptographic hash and dynamic verification code respectively, if be all proved to be successful, then confirms that content data file is not tampered, and deletes cryptographic hash, sequence number and dynamic verification code.
Alternatively, in a system in accordance with the invention, sequence number comprises the MAC Address of transmitting apparatus, user ID and serial number, and serial number comprises date and numeral number.
Alternatively, in a system in accordance with the invention, transmitting apparatus stores key, and is suitable for generating dynamic verification code according to key, cryptographic hash and sequence number by pre-defined algorithm.
Alternatively, in a system in accordance with the invention, wherein pre-defined algorithm is HOTP algorithm, and described dynamic verification code is short integer.
Alternatively, in a system in accordance with the invention, the content data file that receiving equipment is suitable for receiving according to it generates verification cryptographic hash, cryptographic hash in verification cryptographic hash and data file is compared, if comparison is consistent, is then verified.
Alternatively, in a system in accordance with the invention, receiving equipment stores the key identical with transmitting apparatus, and be suitable for generating verification dynamic verification code according to sequence number in key, verification cryptographic hash and data file, dynamic verification code in verification dynamic verification code and data file is compared, if comparison is consistent, be then verified.
Alternatively, in a system in accordance with the invention, data file also comprises fileinfo, and fileinfo at least comprises file layout, file size and transmission time, and receiving equipment is suitable for audit document information and whether meets transmission specification.
Alternatively, in a system in accordance with the invention, receiving equipment is also suitable for obtaining the key word of data number and content data file in its transmission frequency, its data file received, and audits this transmission frequency, data number and key word and whether meet transmission specification.
Alternatively, in a system in accordance with the invention, transmission specification at least comprises: whether file layout is predetermined format; Whether file size exceeds size restriction; Whether the transmission time is positioned at allows the time period; Whether transmission frequency exceeds the data transmission frequencies restriction in the unit interval; Whether data number exceeds the statistical conversion number restriction in the unit interval; And whether key word is illegal key word.
Alternatively, in a system in accordance with the invention, receiving equipment also stores data format specifications, the form of data format specifications definition content data file, receiving equipment is suitable for auditing its content data file received and whether meets data format specifications, if meet, then examination & verification is passed through.
Alternatively, in a system in accordance with the invention, when the file layout of data file is XML format, data format specifications is XSD form.
Alternatively, in a system in accordance with the invention, when content data file comprises resident identification card number, whether receiving equipment is also suitable for auditing described resident identification card number effective.
According to a further aspect in the invention, provide a kind of examination & verification method of calibration of data file, be suitable for performing in the examination & verification check system of the data file comprising transmitting apparatus and receiving equipment, comprise: transmitting apparatus generates cryptographic hash according to content data file; Generate the sequence number with data file unique association; Generate dynamic verification code according to cryptographic hash and sequence number, and by after cryptographic hash, sequence number and dynamic verification code write data file, data file is sent to receiving equipment; Receiving equipment receives the data file comprising cryptographic hash, sequence number and dynamic verification code, verifies cryptographic hash and dynamic verification code respectively, if be all proved to be successful, then confirms that content data file is not tampered, and deletes cryptographic hash, sequence number and dynamic verification code.
Alternatively, in the method according to the invention, sequence number comprises the MAC Address of transmitting apparatus, user ID and serial number, and serial number comprises date and numeral number.
Alternatively, in the method according to the invention, transmitting apparatus stores key, and the step that transmitting apparatus generates dynamic verification code according to cryptographic hash and sequence number comprises: generate dynamic verification code according to key, cryptographic hash and sequence number by pre-defined algorithm.
Alternatively, in the method according to the invention, wherein pre-defined algorithm is HOTP algorithm, and dynamic verification code is short integer.
Alternatively, in the method according to the invention, the step of receiving equipment checking cryptographic hash comprises: generate verification cryptographic hash according to its content data file received, cryptographic hash in verification cryptographic hash and data file compared, if comparison is consistent, be then verified.
Alternatively, in the method according to the invention, receiving equipment stores the key identical with transmitting apparatus, the step of receiving equipment checking dynamic verification code comprises: generate verification dynamic verification code according to sequence number in key, verification cryptographic hash and data file, dynamic verification code in verification dynamic verification code and data file is compared, if comparison is consistent, be then verified.
Alternatively, in the method according to the invention, data file also comprises fileinfo, fileinfo at least comprises file layout, file size and transmission time, this method also comprises: before verifying cryptographic hash and dynamic verification code respectively, and whether receiving equipment audit document information meets meets transmission specification.
Alternatively, in the method according to the invention, also comprise: before verifying cryptographic hash and dynamic verification code respectively, receiving equipment obtains the key word of data number and content data file in its transmission frequency, its data file received, and audits transmission frequency, data number and key word and whether meet transmission specification.
Alternatively, in the method according to the invention, transmission specification at least comprises: whether file layout is predetermined format; Whether file size exceeds size restriction; Whether the transmission time is positioned at allows the time period; Whether transmission frequency exceeds the data transmission frequencies restriction in the unit interval; Whether data number exceeds the statistical conversion number restriction in the unit interval; And whether key word is illegal key word.
Alternatively, in the method according to the invention, receiving equipment also stores data format specifications, the form of data format specifications definition content data file, method also comprises: receiving equipment is audited its content data file received and whether met data format specifications, if meet, then examination & verification is passed through.
Alternatively, in the method according to the invention, when the file layout of data file is XML format, data format specifications is XSD form.
Alternatively, in the method according to the invention, when content data file comprises resident identification card number, method also comprises: whether receiving equipment examination & verification resident identification card number is effective.
According to the examination & verification checkschema of data file of the present invention, by effectively determining whether this data file is tampered to the multiple check of data file, in addition, by the multi-faceted examination & verification to data file information and content thereof, achieve the intelligently filters to not meeting the data file that user expects, bring great convenience to user, while ensure that the standardization of data file, be also convenient to management.
Accompanying drawing explanation
In order to realize above-mentioned and relevant object; combine description below and accompanying drawing herein to describe some illustrative aspect; these aspects indicate the various modes can putting into practice principle disclosed herein, and all aspects and equivalent aspect thereof are intended to fall in the scope of theme required for protection.Read detailed description below in conjunction with the drawings, above-mentioned and other object of the present disclosure, Characteristics and advantages will become more obvious.Throughout the disclosure, identical Reference numeral is often referred to for identical parts or element.
Fig. 1 shows the structured flowchart of the examination & verification check system 100 of the data file according to an exemplary embodiment of the present invention; And
Fig. 2 shows the process flow diagram of the examination & verification method of calibration 200 of data file according to one exemplary embodiment.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
Fig. 1 shows the structured flowchart of the examination & verification check system 100 of data file according to an illustrative embodiment of the invention.Whether as shown in Figure 1, the examination & verification check system 100 of data file can comprise transmitting apparatus 110 and receiving equipment 120, effectively can detect data file and transfer to through transmitting apparatus 110 in the process of receiving equipment 120 and be tampered.
After transmitting apparatus 110 received data file, first can generate cryptographic hash (HASH) according to this content data file.This data file can comprise at least one data, and file layout is generally XML format, the first data file for as follows:
Record wherein between a node <row> to its next node <row> is considered to data, therefore apparently, above-mentioned file comprises data " <ZJHM>D000714</Z JHM> ".
Transmitting apparatus 100 can according at least one data genaration cryptographic hash in data file, such as generate cryptographic hash according to the data " <ZJHM>D000714</Z JHM> " in above-mentioned first data file, this cryptographic hash is " <HASH>99D6F5CB140AAC2894FDA79 10978BD64</HASH> ".
Transmitting apparatus 110 can also be the sequence number (serial_number) of Generating Data File and this data file unique association, and sequence number, for identifying this data file, ensures the uniqueness of every derived data, do not repeat.According to an embodiment of the invention, sequence number can comprise the MAC Address of transmitting apparatus, user ID and serial number, and serial number comprises date and numeral number, and numeral number can be 1 ~ 999999 to circulate in order selection.Be such as the sequence number of the first Generating Data File be " <serial_number>002590E7F72CBJ BJ129</serial_number> ".
The present invention does not limit the rule generating this sequence number, and the rule that can generate the sequence number of unique identification data file all drops within protection scope of the present invention.
Then, transmitting apparatus 110 can generate dynamic verification code (identifying_code) according to above-mentioned cryptographic hash and sequence number, and according to an embodiment of the invention, transmitting apparatus 110 can be previously stored with key (Key), such as:
“-----BEGINRSAPRIVATEKEY-----
MIIBOwIBAAJBAOUoepPr2d1HImpbArjBUKSavyUHf+9e2xkuNtGjmCer+6ntxEko
SykFXHIV3Sn2BsLZqoZ7ATs+KUeiHws9a0kCAwEAAQJAUtMRkrsw8DhQqQ4h6rL8
ObIwmeqfA95N5Ej+yUCOsu9YHJtpsyyXMdMj0L8Fs3MXzNTbHzKQbjCHPL98m+Wz
XQIhAPP7g3JUWr6bagpU8tD48NrNMzKZ5CIwDbH9t0pJJC27AiEA8HIJzgg7XHn0
cbox5zwyj54O6eweAL6YoAqQ6GnA+MsCIQDjL2NRtWyeKhdOsZU8s2GLTCINTzEY
CIjoIWloGb0/ewIgHldloVgslXjWPduvHGzePH1HiIFBL/rdK6TpsEpYDY0CIQCq
Q7ZhgkH11ccgsmK8vAhaXfDSczdwk1921hSlIPf7sA==
-----ENDRSAPRIVATEKEY-----”。
Transmitting apparatus 110 generates dynamic verification code according to this key, above-mentioned cryptographic hash and sequence number by pre-defined algorithm, wherein pre-defined algorithm can be HOTP algorithm, the dynamic verification code generated can be short integer, and the dynamic verification code such as generated according to the cryptographic hash of key, the first data file and sequence number by HOTP algorithm is " <identifying_code>576744LEssT .LTssT.LT/identifying_code> ".
The cryptographic hash, sequence number and the dynamic verification code that generate can also be write in data file, usually can write the end of data file; After write, the data file that this is comprised cryptographic hash, sequence number and dynamic verification code by transmitting apparatus 110 is again sent to receiving equipment 120.Such as cryptographic hash, sequence number and dynamic verification code can be write the end that the first data file comprises data, specific as follows:
Receiving equipment 120 is connected with transmitting apparatus 110, is suitable for receiving the above-mentioned data file comprising cryptographic hash, sequence number and dynamic verification code, and verifies this cryptographic hash and dynamic verification code respectively.Particularly, the content data file that receiving equipment 120 can receive according to it generates verification cryptographic hash, the cryptographic hash in this verification cryptographic hash and data file is compared, if comparison is consistent, then this data file is not tampered, and is verified.Further, receiving equipment 120 stores the key identical with transmitting apparatus 110, verification dynamic verification code can be generated according to the sequence number in this key, verification cryptographic hash and data file, dynamic verification code in this verification dynamic verification code and data file is compared, if comparison is consistent, then confirm that this data file is not tampered, be verified.Effectively can detect transmission data through multiple verification so whether to be tampered, prevent erroneous judgement.
After being verified, receiving equipment 120 can delete cryptographic hash, sequence number and dynamic verification code in data file; This data file can also be allowed to continue transmission, this data file is sent to other equipment be connected with receiving equipment 120.
Wherein, according to an embodiment of the invention, data file also comprises fileinfo, and this fileinfo at least comprises file layout, file size and transmission time, before receiving equipment 120 verifies cryptographic hash and dynamic verification code, this fileinfo can also be audited and whether meet transmission specification.Wherein, transmission specification at least comprises: whether file layout is predetermined format, whether file size exceeds size restriction, and whether the transmission time is positioned at the permission time period, wherein predetermined format can comprise XML format, and size restriction can be 45 bits, for resident identification card information, identification card number length (the longest) is 18, is generally stored as 18 characters in computing machine, and quantity of information is 144 bits.By the semanteme of identification card number data, can define legal I.D. form and audit, information entropy is reduced to 40 to 50 bits, greatly reduces information redundance, the difficulty of carrying uncontrolled data secretly improves greatly.Such as 142701197409027313 are one legal 18 occupies people's identification card number, can be divided into seven sections:
First paragraph 14 is province numbering.The whole nation amounts to 32 provinces, quantity of information 5 bit;
Second segment 27 is districts and cities' numbering.Districts and cities' quantity in each province within 32, quantity of information 5 bit;
3rd section 01 is district numbering.The district quantity of each districts and cities within 32, quantity of information 5 bit;
4th section 1974 is year of birth.Reasonable value scope is between 1900 to 2027, and quantity of information is 7 bits;
5th section 09 is birth month.Reasonable value scope is between 1 to 12, and quantity of information is 4 bits;
6th section 02 for going out the birthday.Reasonable value scope is between 1 to 31, and quantity of information is 5 bits;
7th section 7313 is serial number, sex and check bit, and quantity of information is 12 to 14 bits.
To sum up, the quantity of information of resident identification card number at least can be limited within 45 bits.
Further, receiving equipment 120 can also obtain its transmission frequency, and the data number in the data file received, and audit this transmission frequency and whether data number meets transmission specification, now, transmission specification can also comprise: whether transmission frequency exceeds the data transmission frequencies restriction in the unit interval; Whether data number exceeds the statistical conversion number restriction in the unit interval, for population storehouse, the Ministry of Public Security whole nation, need the data item exporting to countries population to have the item such as ID (identity number) card No., name, sex, nationality, date of birth, photo, birthplace, every bar size of data is about 30KB.The peak value of data maintenance amount is 10,000,000 data every day, and namely 10,000,000/24/60/60=116 bars are per second, are calculated as 30KBx10 by data volume, 000,000=300GB every day, and also namely 300GB/24/60/60=3.47MB is per second.To sum up, transmission frequency restriction can be 10,000,000 times, and the restriction of statistical conversion number can be 10,000,000.
More, receiving equipment 120 can also obtain the key word of the content data file that it receives, and audit this key word and whether meet transmission specification, now, transmission specification can also comprise: whether key word is illegal key word, for case information inquiry, for ensureing not conclude the confidentiality of case, illegal key word can be set to not conclude the case name, folder, suspect's title etc. of case.
It should be noted that above-mentioned transmission specification by user according to self-defined setting, can realize the self-defined filtration of user to transmission data, be convenient to the transmission of user management data.Meanwhile, understandably, control receiving equipment 120 and both can allow the transmitting data file meeting above-mentioned transmission specification, also can allow the transmitting data file not meeting above-mentioned transmission specification.
According to another implementation of the invention, receiving equipment 120 can also store data format specifications, this data format specifications defines the form of content data file, receiving equipment 120 can be audited its content data file received and whether meet this data format specifications, if meet, then examination & verification is passed through.Wherein, when the file layout of data file is XML format, the data format specifications of its correspondence is XSD form.
To write the first data file after cryptographic hash, sequence number and dynamic verification code, the data format specifications of its correspondence is as follows:
Wherein " <xs:elementname=" ZJHM " > " defines data name (name) corresponding in the first data file is passport NO.; The value type that " <xs:restrictionbase=" xs:string " > " defines this passport NO. is character type; The minimum length that " <xs:minLengthvalue=" 2 "/> " and " <xs:maxLengthvalue=" 18 "/> " defines this passport NO. is 2, and maximum length is 18.
According to the definition of data format specifications, whether receiving equipment 120 can carry out elemental scan one by one to content data file, audit each element and meet in data format specifications and define, and the data file meeting data format specifications completely is then audited and passed through, allow transmission, otherwise do not allow transmission.Wherein data format specifications can be generated by User Defined, and misdata (such as mess code) transfers out therefore can to prevent the data not meeting user's expectation from protecting simply and easily.
Further, when the content data file of data format specifications definition comprises resident identification card number, whether receiving equipment 120 can also audit this resident identification card number effective.Particularly, resident identification card number comprises 18 bit digital, be followed successively by address code, date of birth code, sequence code and check code, therefore receiving equipment 120 can audit whether wherein 1-6 position is effective address code (i.e. administrative division code), whether 7-10 position falls within 1860-2100 scope (year namely in date of birth code), whether 11-12 position falls within 1-12 scope (moon namely in date of birth code), whether 13-14 position falls within 1-31 scope (day in date of birth code), whether 15-17 position is that (male sex is odd number to numeral, women is even numbers), finally, calculate the remainder of (the 1st figure place * 7+ the 2nd figure place * 9+ the 3rd figure place * 10+ the 4th figure place * 5+ the 5th figure place * 8+ the 6th figure place * 4+ the 7th figure place * 2+ the 8th figure place * 1+ the 9th figure place * 6+ the 10th figure place * 3+ the 11st figure place * 7+ the 12nd figure place * 9+ the 13rd figure place * 10+ the 14th figure place * 5+ the 15th figure place * 8+ the 16th figure place * 4+ the 17th figure place * 2)/11, then the value of remainder is changed as follows: 0 → 1, 1 → 0, 2 → X, 3 → 9, 4 → 8, 5 → 7, 6 → 6, 7 → 5, 8 → 4, 9 → 3, 10 → 2.Numeral after conversion and 18 are compared, audits whether comparison is consistent.
Be that then this resident identification card number is effective if above auditing result is, allow transmission, otherwise this resident identification card number be invalid, the examination & verification of more refinement can be carried out more accurately like this to content data file, bring great advantage to the user.
Fig. 2 shows the process flow diagram of the examination & verification method of calibration 200 of data file according to one exemplary embodiment.The method is suitable for performing in the examination & verification check system 100 of the data file comprising transmitting apparatus 110 and receiving equipment 120, starts from step S210.
In step S210, transmitting apparatus 110 generates cryptographic hash according to content data file, generates the sequence number with data file unique association, and generates dynamic verification code according to this cryptographic hash and sequence number.
According to an embodiment of the invention, this sequence number can comprise the MAC Address of transmitting apparatus 110, user ID and serial number, and this serial number can comprise date and numeral number.
According to another implementation of the invention, transmitting apparatus 110 can store key, then the step that transmitting apparatus generates dynamic verification code according to cryptographic hash and sequence number can comprise: generate dynamic verification code according to this key, cryptographic hash and sequence number by pre-defined algorithm.Wherein pre-defined algorithm can be HOTP algorithm, and the dynamic verification code of generation can be short integer.
Then in step S220, this data file by cryptographic hash, sequence number and dynamic verification code write data file, and is sent to receiving equipment 120 by transmitting apparatus 110.
Receiving equipment 120, in step S230, receives the data file that this comprises cryptographic hash, sequence number and dynamic verification code, and verifies this cryptographic hash and dynamic verification code respectively.If be all proved to be successful, then confirm that this content data file is not tampered.
According to another implementation of the invention, receiving equipment 120 verifies that the step of cryptographic hash can comprise: generate verification cryptographic hash according to its content data file received, cryptographic hash in verification cryptographic hash and data file is compared, if comparison is consistent, is then verified.
According to another implementation of the invention, receiving equipment 120 stores the key identical with transmitting apparatus 110, then receiving equipment 120 verifies that the step of dynamic verification code can comprise: generate verification dynamic verification code according to sequence number in this key, verification cryptographic hash and data file, dynamic verification code in verification dynamic verification code and data file is compared, if comparison is consistent, be then verified.
Below be all verified, after confirming that this content data file is not tampered, in step S240, receiving equipment 120 deletes cryptographic hash, sequence number and dynamic verification code in data file.
An embodiment is also had according to of the present invention, data file also comprises fileinfo, fileinfo at least comprises file layout, file size and transmission time, method 200 can also comprise: before verifying cryptographic hash and dynamic verification code respectively, and whether receiving equipment 120 can be audited this fileinfo and meet and meet transmission specification.Further, method 200 can also comprise: before verifying cryptographic hash and dynamic verification code respectively, receiving equipment 120 can obtain the key word of data number and content data file in its transmission frequency, its data file received, and audits transmission frequency, data number and key word and whether meet transmission specification.
Wherein, this transmission specification at least can comprise: whether file layout is predetermined format; Whether file size exceeds size restriction; Whether the transmission time is positioned at allows the time period; Whether transmission frequency exceeds the data transmission frequencies restriction in the unit interval; Whether data number exceeds the statistical conversion number restriction in the unit interval; And whether key word is illegal key word.
An embodiment is also had according to of the present invention, receiving equipment 120 also stores data format specifications, the form of this data format specifications definition content data file, then method 200 can also comprise: receiving equipment 120 is audited its content data file received and whether met data format specifications, if meet, then examination & verification is passed through.Wherein when the file layout of data file is XML format, corresponding data format specifications is XSD form.
Also have an embodiment according to of the present invention, when content data file comprises resident identification card number, method 200 can also comprise: whether this resident identification card number audited by receiving equipment 120 effective.
Illustrate at composition graphs 1 above in the specific descriptions of the examination & verification check system 100 of data file and detailed explanation has been carried out to the respective handling in each step, no longer duplicate contents is repeated here.
Be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires than the feature more multiple features clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are to be understood that the module of the equipment in example disclosed herein or unit or assembly can be arranged in equipment as depicted in this embodiment, or alternatively can be positioned in one or more equipment different from the equipment in this example.Module in aforementioned exemplary can be combined as a module or can be divided into multiple submodule in addition.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
The present invention also comprises: A6, system as described in A5, described receiving equipment stores the key identical with transmitting apparatus, and be suitable for generating verification dynamic verification code according to sequence number in described key, described verification cryptographic hash and described data file, dynamic verification code in described verification dynamic verification code and described data file is compared, if comparison is consistent, be then verified.A7, system as described in A6, described data file also comprises fileinfo, and described fileinfo at least comprises file layout, file size and transmission time, and described receiving equipment is suitable for auditing described fileinfo and whether meets transmission specification.A8, system as described in A7, described receiving equipment is also suitable for the key word obtaining data number and content data file in its transmission frequency, its data file received, and audits described transmission frequency, data number and key word and whether meet transmission specification.A9, system as described in A7 or 8, described transmission specification at least comprises: whether described file layout is predetermined format; Whether described file size exceeds size restriction; Whether the described transmission time is positioned at allows the time period;
Whether described transmission frequency exceeds the data transmission frequencies restriction in the unit interval; Whether described data number exceeds the statistical conversion number restriction in the unit interval; And whether described key word is illegal key word.A10, system according to any one of A1-9, described receiving equipment also stores data format specifications, described data format specifications defines the form of described content data file, described receiving equipment is suitable for auditing its content data file received and whether meets described data format specifications, if meet, then examination & verification is passed through.A11, system as described in A10, when the file layout of described data file is XML format, described data format specifications is XSD form.A12, system as described in A10 or 11, when described content data file comprises resident identification card number, whether described receiving equipment is also suitable for auditing described resident identification card number effective.
B18, method as described in B17, described receiving equipment stores the key identical with transmitting apparatus, described receiving equipment verifies that the step of described dynamic verification code comprises: generate verification dynamic verification code according to sequence number in described key, described verification cryptographic hash and described data file, dynamic verification code in described verification dynamic verification code and described data file is compared, if comparison is consistent, be then verified.B19, method as described in B18, described data file also comprises fileinfo, described fileinfo at least comprises file layout, file size and transmission time, described method also comprises: before verifying cryptographic hash and dynamic verification code respectively, and whether described receiving equipment is audited described fileinfo and met and meet transmission specification.B20, method as described in B19, also comprise: before verifying cryptographic hash and dynamic verification code respectively, described receiving equipment obtains the key word of data number and content data file in its transmission frequency, its data file received, and audits described transmission frequency, data number and key word and whether meet transmission specification.B21, method as described in B19 or 20, described transmission specification at least comprises: whether described file layout is predetermined format; Whether described file size exceeds size restriction; Whether the described transmission time is positioned at allows the time period; Whether described transmission frequency exceeds the data transmission frequencies restriction in the unit interval; Whether described data number exceeds the statistical conversion number restriction in the unit interval; And whether described key word is illegal key word.B22, method according to any one of B18-21, described receiving equipment also stores data format specifications, described data format specifications defines the form of described content data file, described method also comprises: described receiving equipment is audited its content data file received and whether met described data format specifications, if meet, then examination & verification is passed through.B23, method as described in B22, when the file layout of described data file is XML format, described data format specifications is XSD form.B24, method as described in B22 or 23, when described content data file comprises resident identification card number, described method also comprises: whether described resident identification card number audited by described receiving equipment effective.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.
In addition, some in described embodiment are described as at this can by the processor of computer system or the method implemented by other device performing described function or the combination of method element.Therefore, there is the device of processor formation for implementing the method or method element of the necessary instruction for implementing described method or method element.In addition, the element described herein of device embodiment is the example as lower device: this device is for implementing the function performed by the element of the object in order to implement this invention.
As used in this, unless specifically stated so, use ordinal number " first ", " second ", " the 3rd " etc. to describe plain objects and only represent the different instances relating to similar object, and be not intended to imply the object be described like this must have the time upper, spatially, sequence aspect or in any other manner to definite sequence.
Although the embodiment according to limited quantity describes the present invention, benefit from description above, those skilled in the art understand, in the scope of the present invention described thus, it is contemplated that other embodiment.In addition, it should be noted that the language used in this instructions is mainly in order to object that is readable and instruction is selected, instead of select to explain or limiting theme of the present invention.Therefore, when not departing from the scope and spirit of appended claims, many modifications and changes are all apparent for those skilled in the art.For scope of the present invention, be illustrative to disclosing of doing of the present invention, and nonrestrictive, and scope of the present invention is defined by the appended claims.

Claims (10)

1. an examination & verification check system for data file, described system comprises transmitting apparatus and receiving equipment, wherein
Described transmitting apparatus is suitable for generating cryptographic hash according to described content data file, also be suitable for generating the sequence number with described data file unique association, also be suitable for generating dynamic verification code according to described cryptographic hash and sequence number, and by after described cryptographic hash, sequence number and dynamic verification code write data file, described data file is sent to receiving equipment;
Described receiving equipment is suitable for the data file comprising cryptographic hash, sequence number and dynamic verification code described in reception, verify described cryptographic hash and dynamic verification code respectively, if be all proved to be successful, then confirm that described content data file is not tampered, delete described cryptographic hash, sequence number and dynamic verification code.
2. the system as claimed in claim 1, described sequence number comprises the MAC Address of described transmitting apparatus, user ID and serial number, and described serial number comprises date and numeral number.
3. system as claimed in claim 1 or 2, described transmitting apparatus stores key, and is suitable for generating described dynamic verification code according to described key, cryptographic hash and sequence number by pre-defined algorithm.
4. system as claimed in claim 3, wherein said pre-defined algorithm is HOTP algorithm, and described dynamic verification code is short integer.
5. the system according to any one of claim 1-4, the content data file that described receiving equipment is suitable for receiving according to it generates verification cryptographic hash, cryptographic hash in described verification cryptographic hash and described data file is compared, if comparison is consistent, is then verified.
6. an examination & verification method of calibration for data file, is suitable for performing in the examination & verification check system of the data file comprising transmitting apparatus and receiving equipment, comprises:
Described transmitting apparatus generates cryptographic hash according to content data file; Generate the sequence number with described data file unique association; Generate dynamic verification code according to described cryptographic hash and sequence number, and by after described cryptographic hash, sequence number and dynamic verification code write data file, described data file is sent to receiving equipment;
The data file of cryptographic hash, sequence number and dynamic verification code is comprised described in described receiving equipment receives, verify described cryptographic hash and dynamic verification code respectively, if be all proved to be successful, then confirm that described content data file is not tampered, delete described cryptographic hash, sequence number and dynamic verification code.
7. method as claimed in claim 6, described sequence number comprises the MAC Address of described transmitting apparatus, user ID and serial number, and described serial number comprises date and numeral number.
8. method as claimed in claims 6 or 7, described transmitting apparatus stores key, and the step that described transmitting apparatus generates dynamic verification code according to cryptographic hash and sequence number comprises:
Described dynamic verification code is generated by pre-defined algorithm according to described key, cryptographic hash and sequence number.
9. method as claimed in claim 8, wherein said pre-defined algorithm is HOTP algorithm, and described dynamic verification code is short integer.
10. the method according to any one of claim 6-9, described receiving equipment verifies that the step of described cryptographic hash comprises:
Generate verification cryptographic hash according to its content data file received, cryptographic hash in described verification cryptographic hash and described data file is compared, if comparison is consistent, be then verified.
CN201510809970.0A 2015-11-20 2015-11-20 A kind of the audit check system and method for data file Active CN105488423B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510809970.0A CN105488423B (en) 2015-11-20 2015-11-20 A kind of the audit check system and method for data file

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510809970.0A CN105488423B (en) 2015-11-20 2015-11-20 A kind of the audit check system and method for data file

Publications (2)

Publication Number Publication Date
CN105488423A true CN105488423A (en) 2016-04-13
CN105488423B CN105488423B (en) 2018-11-23

Family

ID=55675396

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510809970.0A Active CN105488423B (en) 2015-11-20 2015-11-20 A kind of the audit check system and method for data file

Country Status (1)

Country Link
CN (1) CN105488423B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109117624A (en) * 2018-08-03 2019-01-01 上海掌门科技有限公司 Generate method, electronic equipment and the computer-readable medium of identifying code image
CN109257726A (en) * 2018-08-20 2019-01-22 深圳卡通新技术有限公司 A kind of identity identifying method based on Bluetooth communication, system and relevant apparatus
CN109787944A (en) * 2017-11-15 2019-05-21 阿里巴巴集团控股有限公司 Network interaction method, electronic equipment, client and server
CN109858266A (en) * 2019-01-25 2019-06-07 上海倍通医药科技咨询有限公司 Medicine flow data verification method
CN110276205A (en) * 2019-06-06 2019-09-24 深圳市杰科数码有限公司 Product ID document generating method, system, electronic device and storage medium
CN110489983A (en) * 2019-08-15 2019-11-22 Oppo广东移动通信有限公司 Chip access method, device, chip and terminal
CN111200479A (en) * 2018-11-19 2020-05-26 福建天泉教育科技有限公司 Transmission data verification method and storage medium
CN111984881A (en) * 2019-05-21 2020-11-24 北京沃东天骏信息技术有限公司 Prompting method, prompting device, terminal, server and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030093552A1 (en) * 2001-11-15 2003-05-15 Yamaha Corporation Data communication system, data communication method, and computer-readable recording medium for recording program applied to data communication system
CN101141627A (en) * 2007-10-23 2008-03-12 深圳市迅雷网络技术有限公司 Storage system and method of stream media file
CN104915591A (en) * 2014-03-10 2015-09-16 联想(北京)有限公司 Data processing method and electronic equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030093552A1 (en) * 2001-11-15 2003-05-15 Yamaha Corporation Data communication system, data communication method, and computer-readable recording medium for recording program applied to data communication system
CN101141627A (en) * 2007-10-23 2008-03-12 深圳市迅雷网络技术有限公司 Storage system and method of stream media file
CN104915591A (en) * 2014-03-10 2015-09-16 联想(北京)有限公司 Data processing method and electronic equipment

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787944A (en) * 2017-11-15 2019-05-21 阿里巴巴集团控股有限公司 Network interaction method, electronic equipment, client and server
CN109787944B (en) * 2017-11-15 2021-11-19 阿里巴巴集团控股有限公司 Network interaction method, electronic equipment, client and server
CN109117624A (en) * 2018-08-03 2019-01-01 上海掌门科技有限公司 Generate method, electronic equipment and the computer-readable medium of identifying code image
CN109257726A (en) * 2018-08-20 2019-01-22 深圳卡通新技术有限公司 A kind of identity identifying method based on Bluetooth communication, system and relevant apparatus
CN111200479A (en) * 2018-11-19 2020-05-26 福建天泉教育科技有限公司 Transmission data verification method and storage medium
CN111200479B (en) * 2018-11-19 2022-04-12 福建天泉教育科技有限公司 Transmission data verification method and storage medium
CN109858266A (en) * 2019-01-25 2019-06-07 上海倍通医药科技咨询有限公司 Medicine flow data verification method
CN109858266B (en) * 2019-01-25 2023-09-05 上海倍通医药科技咨询有限公司 Medicine circulation data verification method
CN111984881A (en) * 2019-05-21 2020-11-24 北京沃东天骏信息技术有限公司 Prompting method, prompting device, terminal, server and storage medium
CN110276205B (en) * 2019-06-06 2021-06-15 深圳市杰科数码有限公司 Method and system for generating product serial number file, electronic device and storage medium
CN110276205A (en) * 2019-06-06 2019-09-24 深圳市杰科数码有限公司 Product ID document generating method, system, electronic device and storage medium
CN110489983B (en) * 2019-08-15 2021-05-14 Oppo广东移动通信有限公司 Chip access method and device, chip and terminal
CN110489983A (en) * 2019-08-15 2019-11-22 Oppo广东移动通信有限公司 Chip access method, device, chip and terminal

Also Published As

Publication number Publication date
CN105488423B (en) 2018-11-23

Similar Documents

Publication Publication Date Title
CN105488423A (en) Data file auditing and checking system and method
US9237011B2 (en) Unique surrogate key generation using cryptographic hashing
US8938067B2 (en) Format preserving encryption methods for data strings with constraints
US7864952B2 (en) Data processing systems with format-preserving encryption and decryption engines
JPS63503413A (en) Method and apparatus for qualitatively accumulating digitized data
TW201812638A (en) Storage design method of blockchain encrypted radio frequency chip
CN1382332A (en) Method of data protection
CN110061843B (en) Block height creating method, device and equipment in chain type account book
WO2017095435A1 (en) Combining hashes of data blocks
CN111988149B (en) Data sharing method, device and system in industrial internet
CN109615372B (en) Block chain data shielding method and device based on intelligent contract
CN104601332A (en) Enhancement type dynamic two-dimensional code authentication system and authentication method thereof
CN105426348A (en) Extensible Markup Language (XML) file generating method, apparatus and system
CN103400083A (en) Method, device and system for protecting electronic evidence
Sengupta et al. Crypto-based dual-phase hardware steganography for securing IP cores
JP5518668B2 (en) Electronic signature key management apparatus, electronic signature key management method, electronic signature key management program
JP2002135247A (en) Digital information storing method
Vershinin et al. Associative steganography of text messages
CN116010984A (en) Multiple encryption storage method, device and equipment for relational database data
CN112668017B (en) Construction method, decryption method and device of self-explanatory encryption card
CN115344875A (en) File encryption method, file decryption method and device
US11669601B2 (en) Digital watermarking for textual data
TWI553630B (en) Apparatus and method for adding watermark data to audio signals
CN108961110B (en) Method and system for negotiating encryption management intellectual property based on block chain
CN109756646B (en) Block chain-based vector chapter management method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Li Zhipeng

Inventor after: Wang Hongbo

Inventor after: LingHu Yongxing

Inventor before: Li Zhipeng

Inventor before: Wang Hongbo

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100084 No. 2 Building 2A201, 202, No. 1 Yuan, Nongda South Road, Haidian District, Beijing

Patentee after: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 100084 No. 2 Building 2A201, 202, No. 1 Yuan, Nongda South Road, Haidian District, Beijing

Patentee before: BEIJING TOPWALK INFORMATION TECHNOLOGY Co.,Ltd.

CP01 Change in the name or title of a patent holder
CP02 Change in the address of a patent holder

Address after: 100096 101, 1st to 7th floors, Building 3, Yard 6, Jianfeng Road (South Extension), Haidian District, Beijing

Patentee after: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 100084 2a201, 202, building 2, yard 1, Nongda South Road, Haidian District, Beijing

Patentee before: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd.

CP02 Change in the address of a patent holder