CN105488423B - A kind of the audit check system and method for data file - Google Patents

A kind of the audit check system and method for data file Download PDF

Info

Publication number
CN105488423B
CN105488423B CN201510809970.0A CN201510809970A CN105488423B CN 105488423 B CN105488423 B CN 105488423B CN 201510809970 A CN201510809970 A CN 201510809970A CN 105488423 B CN105488423 B CN 105488423B
Authority
CN
China
Prior art keywords
data file
data
file
cryptographic hash
verification code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510809970.0A
Other languages
Chinese (zh)
Other versions
CN105488423A (en
Inventor
李志鹏
王洪波
令狐永兴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tols Tianxiang Net An Information Technology Co ltd
Original Assignee
BEIJING TOPWALK INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING TOPWALK INFORMATION TECHNOLOGY Co Ltd filed Critical BEIJING TOPWALK INFORMATION TECHNOLOGY Co Ltd
Priority to CN201510809970.0A priority Critical patent/CN105488423B/en
Publication of CN105488423A publication Critical patent/CN105488423A/en
Application granted granted Critical
Publication of CN105488423B publication Critical patent/CN105488423B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of audit check systems of data file, the system includes sending device and receiving device, wherein sending device is suitable for generating cryptographic Hash according to content data file, it is further adapted for generating the sequence number with data file unique association, it is further adapted for generating dynamic verification code according to cryptographic Hash and sequence number, and by after cryptographic Hash, sequence number and dynamic verification code write-in data file, data file is sent to receiving device;It includes cryptographic Hash, the data file of sequence number and dynamic verification code that receiving device, which is suitable for receiving, separately verifies cryptographic Hash and dynamic verification code, if being proved to be successful, confirms that content data file is not tampered with, and deletes cryptographic Hash, sequence number and dynamic verification code.The invention also discloses a kind of audit methods of calibration of data file.

Description

A kind of the audit check system and method for data file
Technical field
The present invention relates to information security field, the audit check system and method for especially a kind of data file.
Background technique
With booming, the especially continuous development of network electronic government affairs of the industrial application of information technology, e-commerce etc., greatly Most enterprise institutions, government agencies at all levels establish the network and application system of inter-process affairs, and each other into The demand of row data interaction is also increasingly urgent to and frequently.However the following network intrusions and network attack also increasingly frequency Numerous, the information data between net in interaction cannot be ensured effectively safely.Wherein, how to ensure the transmission peace in data interaction It entirely, is even more to cause extensive concern especially for the encryption of data and its audit verification.
Therefore, it is necessary to provide a kind of safer audit checkschema, it is ensured that data are not tampered in the transmission.
Summary of the invention
For this purpose, the present invention provides a kind of audit checkschema of data file, to try hard to solve or at least alleviate above At least one existing problem.
According to an aspect of the invention, there is provided a kind of audit check system of data file, which includes sending Equipment and receiving device, wherein sending device is suitable for generating cryptographic Hash according to content data file, is further adapted for generating and the data The sequence number of file unique association is further adapted for generating dynamic verification code according to cryptographic Hash and sequence number, and by cryptographic Hash, sequence number After data file is written with dynamic verification code, which is sent to receiving device;Receiving device is suitable for receiving this The data file of cryptographic Hash, sequence number and dynamic verification code, separately verifies cryptographic Hash and dynamic verification code, if being proved to be successful, Then confirm that content data file is not tampered with, deletes cryptographic Hash, sequence number and dynamic verification code.
Optionally, in a system in accordance with the invention, sequence number includes MAC Address, User ID and the flowing water of sending device Number, serial number includes date and digital number.
Optionally, in a system in accordance with the invention, sending device is stored with key, and is suitable for according to key, cryptographic Hash Dynamic verification code is generated by pre-defined algorithm with sequence number.
Optionally, in a system in accordance with the invention, wherein pre-defined algorithm is HOTP algorithm, and the dynamic verification code is short Integer.
Optionally, in a system in accordance with the invention, receiving device is suitable for being generated according to its received content data file Cryptographic Hash is verified, verification cryptographic Hash is compared with cryptographic Hash in data file, if comparing unanimously, is verified.
Optionally, in a system in accordance with the invention, receiving device be stored with key identical in sending device, and fit According to key, verification cryptographic Hash and data file in sequence number generate verification dynamic verification code, will verification dynamic verification code with Dynamic verification code is compared in data file, if comparing unanimously, is verified.
Optionally, in a system in accordance with the invention, data file further includes the file information, and the file information includes at least text Part format, file size and transmission time, receiving device are suitable for whether audit document information meets transmission specification.
Optionally, in a system in accordance with the invention, receiving device is further adapted for obtaining its transmission frequency, its received data The keyword of number of data and content data file in file, and audit whether the transmission frequency, number of data and keyword accord with Close transmission specification.
Optionally, in a system in accordance with the invention, transmission specification includes at least:Whether file format is predetermined format; Whether file size exceeds size limitation;Whether transmission time, which is located at, allows the period;Whether transmission frequency exceeds the unit time Interior data transmission frequencies limitation;Whether number of data exceeds the export item number limitation of the data in the unit time;And keyword It whether is illegal keyword.
Optionally, in a system in accordance with the invention, receiving device is also stored with data format specifications, data format specifications The format of content data file is defined, receiving device is suitable for auditing whether its received content data file meets data format rule Model, if meeting, audit passes through.
Optionally, in a system in accordance with the invention, when the file format of data file is XML format, data format Specification is XSD format.
Optionally, in a system in accordance with the invention, when content data file includes resident identification card number, reception is set It is standby be further adapted for auditing the resident identification card number it is whether effective.
According to another aspect of the present invention, a kind of audit method of calibration of data file is provided, is suitable for including sending It is executed in the audit check system of equipment and the data file of receiving device, including:Sending device is raw according to content data file At cryptographic Hash;Generate the sequence number with data file unique association;Dynamic verification code is generated according to cryptographic Hash and sequence number, and will After cryptographic Hash, sequence number and dynamic verification code write-in data file, data file is sent to receiving device;Receiving device receives Data file including cryptographic Hash, sequence number and dynamic verification code, separately verifies cryptographic Hash and dynamic verification code, if verifying at Function then confirms that content data file is not tampered with, and deletes cryptographic Hash, sequence number and dynamic verification code.
Optionally, in the method according to the invention, sequence number includes MAC Address, User ID and the flowing water of sending device Number, serial number includes date and digital number.
Optionally, in the method according to the invention, sending device is stored with key, and sending device is according to cryptographic Hash and sequence Row number generate dynamic verification code the step of include:Dynamic authentication is generated by pre-defined algorithm according to key, cryptographic Hash and sequence number Code.
Optionally, in the method according to the invention, wherein pre-defined algorithm is HOTP algorithm, and dynamic verification code is short whole Number.
Optionally, in the method according to the invention, the step of receiving device verifying cryptographic Hash includes:It is received according to its Content data file generates verification cryptographic Hash, and verification cryptographic Hash is compared with cryptographic Hash in data file, if comparing unanimously, Then it is verified.
Optionally, in the method according to the invention, receiving device is stored with and key identical in sending device, reception The step of device authentication dynamic verification code includes:It is dynamic that verification is generated according to sequence number in key, verification cryptographic Hash and data file Verification dynamic verification code is compared state identifying code with dynamic verification code in data file, if comparing unanimously, verifying is logical It crosses.
Optionally, in the method according to the invention, data file further includes the file information, and the file information includes at least text Part format, file size and transmission time, this method further include:Before separately verifying cryptographic Hash and dynamic verification code, receive Whether equipment audit document information, which meets, meets transmission specification.
Optionally, in the method according to the invention, further include:Before separately verifying cryptographic Hash and dynamic verification code, Receiving device obtain its transmission frequency, in its received data file number of data and content data file keyword, and examine Whether core transmission frequency, number of data and keyword meet transmission specification.
Optionally, in the method according to the invention, transmission specification includes at least:Whether file format is predetermined format; Whether file size exceeds size limitation;Whether transmission time, which is located at, allows the period;Whether transmission frequency exceeds the unit time Interior data transmission frequencies limitation;Whether number of data exceeds the export item number limitation of the data in the unit time;And keyword It whether is illegal keyword.
Optionally, in the method according to the invention, receiving device is also stored with data format specifications, data format specifications The format of content data file is defined, method further includes:Receiving device audits whether its received content data file meets number According to format specification, if meeting, audit passes through.
Optionally, in the method according to the invention, when the file format of data file is XML format, data format Specification is XSD format.
Optionally, in the method according to the invention, when content data file includes resident identification card number, method is also Including:Whether receiving device audits resident identification card number effective.
The audit checkschema of data file according to the present invention can be determined effectively by the multiple check to data file Whether the data file is tampered, in addition, by the multi-faceted audit to data file information and its content, realizes to not being inconsistent The intelligent filtering for sharing the desired data file in family brings great convenience to user, ensure that the normalization of data file It is also convenient for managing simultaneously.
Detailed description of the invention
To the accomplishment of the foregoing and related purposes, certain illustrative sides are described herein in conjunction with following description and drawings Face, these aspects indicate the various modes that can practice principles disclosed herein, and all aspects and its equivalent aspect It is intended to fall in the range of theme claimed.Read following detailed description in conjunction with the accompanying drawings, the disclosure it is above-mentioned And other purposes, feature and advantage will be apparent.Throughout the disclosure, identical appended drawing reference generally refers to identical Component or element.
Fig. 1 shows the audit check system 100 of the data file of an illustrative embodiments according to the present invention Structural block diagram;And
Fig. 2 shows the streams of the audit method of calibration 200 of data file according to one exemplary embodiment Cheng Tu.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.
Fig. 1 shows the structure of the audit check system 100 of data file according to an illustrative embodiment of the invention Block diagram.As shown in Figure 1, the audit check system 100 of data file may include sending device 110 and receiving device 120, can have Whether effect detection data file is tampered during being transmitted to receiving device 120 through sending device 110.
After sending device 110 receives data file, cryptographic Hash (HASH) can be generated according to the content data file first. The data file may include at least one data, and file format is usually XML format, with the first data file as follows For:
Wherein from a node<row>To its next node<row>Between record be considered as a data, therefore It is apparent that in above-mentioned file include a data "<ZJHM>D000714</ZJHM>".
Sending device 100 can generate cryptographic Hash according at least one data in data file, such as according to above-mentioned the In one data file data "<ZJHM>D000714</ZJHM>" generate cryptographic Hash, the cryptographic Hash be "<HASH> 99D6F5CB140AAC2894FDA7910978BD64</HASH>”。
Sending device 110 can also be the sequence number (serial_ of Generating Data File and the data file unique association Number), sequence number guarantees the uniqueness of each export data, does not repeat for identifying the data file.It is according to the present invention One embodiment, sequence number may include MAC Address, User ID and the serial number of sending device, serial number include the date and Digital number, digital number can be 1~999999 circulation selection in order.The for example, sequence number of the first Generating Data File For "<serial_number>002590E7F72CBJBJ129</serial_number>".
The present invention with no restrictions, produces the rule of the sequence number of unique identification data file to the rule for generating the sequence number Then it is within the scope of the present invention.
Then, sending device 110 can generate dynamic verification code (identifying_ according to above-mentioned cryptographic Hash and sequence number Code), according to embodiment of the present invention, sending device 110 can be previously stored with key (Key), such as:
“-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAOUoepPr2d1HImpbArjBUKSavyUHf+9e2xkuNtGjmCer+6ntxEko
SykFXHIV3Sn2BsLZqoZ7ATs+KUeiHws9a0kCAwEAAQJAUtMRkrsw8DhQqQ4h6rL8
ObIwmeqfA95N5Ej+yUCOsu9YHJtpsyyXMdMj0L8Fs3MXzNTbHzKQbjCHPL98m+Wz
XQIhAPP7g3JUWr6bagpU8tD48NrNMzKZ5CIwDbH9t0pJJC27AiEA8HIJzgg7XHn0
cbox5zwyj54O6eweAL6YoAqQ6GnA+MsCIQDjL2NRtWyeKhdOsZU8s2GLTCINTzEY
CIjoIWloGb0/ewIgHldloVgslXjWPduvHGzePH1HiIFBL/rdK6TpsEpYDY0CIQCq
Q7ZhgkH11ccgsmK8vAhaXfDSczdwk1921hSlIPf7sA==
-----END RSA PRIVATE KEY-----”。
Sending device 110 generates dynamic verification code by pre-defined algorithm according to the key, above-mentioned cryptographic Hash and sequence number, Middle pre-defined algorithm can be HOTP algorithm, and the dynamic verification code of generation can be short integer, such as by HOTP algorithm according to close The dynamic verification code that key, the cryptographic Hash of the first data file and sequence number generate be "<identifying_code>576744</ identifying_code>”。
The cryptographic Hash of generation, sequence number and dynamic verification code can also be written in data file, can be generally written number According to the end of file;After write-in, this is included again cryptographic Hash, the data file of sequence number and dynamic verification code by sending device 110 It is sent to receiving device 120.Such as the first data file can be written in cryptographic Hash, sequence number and dynamic verification code includes data End, it is specific as follows:
Receiving device 120 is connected with sending device 110, and being suitable for receiving above-mentioned includes cryptographic Hash, sequence number and dynamic authentication The data file of code, and separately verify the cryptographic Hash and dynamic verification code.Specifically, receiving device 120 can be according to its reception Content data file generate verification cryptographic Hash, which is compared with the cryptographic Hash in data file, if than To consistent, then the data file is not tampered with, and is verified.Further, receiving device 120 is stored with and sending device 110 identical keys can generate verification dynamic verification code according to the sequence number in the key, verification cryptographic Hash and data file, The verification dynamic verification code is compared with the dynamic verification code in data file, if comparing unanimously, confirms data text Part is not tampered with, and is verified.It can effectively detect whether transmission data are tampered by multiple verification in this way, prevent from judging by accident.
After being verified, receiving device 120 can delete cryptographic Hash, sequence number and dynamic verification code in data file; It can also allow for the data file to continue to transmit, which be sent to the other equipment being connected with receiving device 120.
Wherein, according to embodiment of the present invention, data file further includes the file information, and this document information is at least wrapped File format, file size and transmission time are included, it, can be with before receiving device 120 verifies cryptographic Hash and dynamic verification code Whether audit this document information meets transmission specification.Wherein, transmission specification includes at least:Whether file format is predetermined format, Whether file size exceeds size limitation and whether transmission time is located at the permission period, and wherein predetermined format may include XML format, size limitation can be 45 bits, and by taking resident identification card information as an example, identification card number length (longest) is 18, meter 18 characters are generally stored as in calculation machine, information content is 144 bits.It, can be to legal identity by the semanteme of identification card number data Card format is defined and audits, and comentropy is reduced to 40 to 50 bits, substantially reduces information redundance, carries uncontrolled number secretly According to difficulty greatly improve.Such as 142701197409027313 be one legal 18 and occupy people's identification card number, can be divided into seven Section:
First segment 14 is province number.The whole nation amounts to 32 provinces, 5 bit of information content;
Second segment 27 is districts and cities' number.Districts and cities' quantity in each province is within 32,5 bit of information content;
Third section 01 is district number.The district quantity of each districts and cities is within 32,5 bit of information content;
4th section 1974 is year of birth.For reasonable value range between 1900 to 2027, information content is 7 bits;
5th section 09 is birth month.For reasonable value range between 1 to 12, information content is 4 bits;
6th section 02 is date of birth.For reasonable value range between 1 to 31, information content is 5 bits;
7th section 7313 is serial number, gender and check bit, and information content is 12 to 14 bits.
To sum up, the information content of resident identification card number can be at least limited within 45 bits.
Further, receiving device 120 can also obtain the data strip in its transmission frequency and received data file Number, and audit the transmission frequency and whether number of data meets transmission specification, at this point, transmission specification can also include:Transmitting pin Whether rate exceeds the limitation of the data transmission frequencies in the unit time;Whether number of data exceeds the export item of the data in the unit time Number limitation, by taking the population library of the Ministry of Public Security whole nation as an example, the data item for needing to export to countries population has ID card No., name, property Not, the items such as nationality, date of birth, photo, birthplace, every data size is about 30KB.The peak value of data maintenance amount is daily 10000000 datas, i.e., 10,000,000/24/60/60=116 item is per second, is calculated as 30KB x 10,000,000 by data volume =300GB is daily namely 300GB/24/60/60=3.47MB is per second.To sum up, transmission frequency limitation can be a thousands of times, data Exporting the limitation of item number can be 10,000,000.
More, receiving device 120 can also obtain the keyword of its received content data file, and audit the key Whether word meets transmission specification, at this point, transmission specification can also include:Whether keyword is illegal keyword, with case information For inquiry, for the confidentiality for guaranteeing non-concluded case, illegal keyword may be configured as the case name of non-concluded case, folder, suspicion Doubtful name claims.
It is worth noting that, above-mentioned transmission specification can realize user to transmission data by user according to customized setting Customized filtering, convenient for the transmission of user management data.Also, it is understood that ground, controls and receives equipment 120 both and can permit symbol The transmitting data file for stating transmission specification is closed, also can permit the transmitting data file for not meeting above-mentioned transmission specification.
According to another implementation of the invention, receiving device 120 can also be stored with data format specifications, the data Format specification defines the format of content data file, and whether receiving device 120 can audit its received content data file Meet the data format specifications, if meeting, audit passes through.Wherein, when the file format of data file is XML format, Corresponding data format specifications are XSD format.
For the first data file after cryptographic Hash, sequence number and dynamic verification code is written, corresponding data format It standardizes as follows:
Wherein "<xs:Element name=" ZJHM ">" define corresponding data name (name) in the first data file For passport NO.;"<xs:Restriction base=" xs:string">" value type of the passport NO. is defined as word Symbol type;"<xs:MinLength value=" 2 "/>" and "<xs:MaxLength value=" 18 "/>" define the certificate The minimum length of number is 2, maximum length 18.
According to the definition of data format specifications, receiving device 120 can carry out elemental scan one by one to content data file, Whether audit each element, which meets in data format specifications, defines, and the data file for complying fully with data format specifications, which is then audited, leads to It crosses, allows to transmit, otherwise do not allow to transmit.Wherein data format specifications can be customized by the user generation, therefore can be simple It easily prevents from not meeting the desired data of user and protects wrong data (such as messy code) and transfer out.
Further, when the content data file that data format specifications define includes resident identification card number, reception is set It is whether effective that the resident identification card number can also be audited for 120.Specifically, resident identification card number includes 18 bit digitals, according to It is secondary for address code, date of birth code, sequence code and check code, therefore receiving device 120 can audit wherein 1-6 whether be to have The address code (i.e. administrative division code) of effect, whether 7-10 fall within 1860-2100 range (year i.e. in date of birth code), Whether 11-12 fall within 1-12 range (moon i.e. in date of birth code), and whether 13-14 fall within the 1-31 range (date of birth Day in code), whether 15-17 be number (male is odd number, and women is even numbers), finally, calculating (the 1st digit * 7+ the 2nd The 9th digit * 6 of the 3rd the 5th the 7th the 8th digit * 1+ of digit * 2+ of digit * the 6th digit * 4+ of 8+ of the 4th digit * 5+ of digit * 10+ of digit * 9+ The 16th digit * of+the 10 the 12nd the 14th the 15th digit * 8+ of digit * 5+ of digit * the 13rd digit * 10+ of 9+ of the 11st digit * 7+ of digit * 3+ The 17th digit * 2 of 4+)/11 remainder, then the value of remainder is converted as follows:0 → 1,1 → 0,2 → X, 3 → 9,4 → 8,5 → 7,6 → 6,7 → 5,8 → 4,9 → 3,10 → 2.Number after conversion is compared with 18, whether audit compares consistent.
If the above auditing result is to be, the resident identification card number is effective, allows to transmit, otherwise the resident identification card Number is invalid, can carry out the audit more accurately more refined to content data file in this way, bring great advantage to the user.
Fig. 2 shows the streams of the audit method of calibration 200 of data file according to one exemplary embodiment Cheng Tu.This method is suitable for holding in the audit check system 100 of data file for including sending device 110 and receiving device 120 Row, starts from step S210.
In step S210, sending device 110 generates cryptographic Hash according to content data file, generates unique with data file Associated sequence number, and dynamic verification code is generated according to the cryptographic Hash and sequence number.
According to embodiment of the present invention, which may include the MAC Address of sending device 110, User ID And serial number, the serial number may include date and digital number.
According to another implementation of the invention, sending device 110 can store key, then sending device is according to Kazakhstan The step of uncommon value and sequence number generation dynamic verification code may include:It is calculated according to the key, cryptographic Hash and sequence number by predetermined Method generates dynamic verification code.Wherein pre-defined algorithm can be HOTP algorithm, and the dynamic verification code of generation can be short integer.
Then in step S220, data file is written in cryptographic Hash, sequence number and dynamic verification code by sending device 110, And the data file is sent to receiving device 120.
Receiving device 120 receives the data text that this includes cryptographic Hash, sequence number and dynamic verification code in step S230 Part, and separately verify the cryptographic Hash and dynamic verification code.If being proved to be successful, confirm that the content data file is not tampered with.
According to another implementation of the invention, the step of verifying of receiving device 120 cryptographic Hash may include:According to it Received content data file generates verification cryptographic Hash, and verification cryptographic Hash is compared with cryptographic Hash in data file, if than To consistent, then it is verified.
According to another implementation of the invention, receiving device 120 be stored with it is identical close in sending device 110 Key, then receiving device 120 verify dynamic verification code the step of may include:According to the key, verification cryptographic Hash and data file Middle sequence number generates verification dynamic verification code, and verification dynamic verification code is compared with dynamic verification code in data file, if It compares unanimously, is then verified.
It is verified above, after confirming that the content data file is not tampered with, in step S240, receiving device 120 Delete cryptographic Hash, sequence number and the dynamic verification code in data file.
Yet another embodiment according to the present invention, data file further include the file information, and the file information includes at least File format, file size and transmission time, method 200 can also include:Separately verify cryptographic Hash and dynamic verification code it Before, whether receiving device 120, which can audit this document information and meet, meets transmission specification.Further, method 200 can also wrap It includes:Before separately verifying cryptographic Hash and dynamic verification code, its available transmission frequency of receiving device 120, its received number According to the keyword of number of data in file and content data file, and audit whether transmission frequency, number of data and keyword accord with Close transmission specification.
Wherein, which at least may include:Whether file format is predetermined format;Whether file size exceeds greatly Small limitation;Whether transmission time, which is located at, allows the period;Whether transmission frequency exceeds the limit of the data transmission frequencies in the unit time System;Whether number of data exceeds the export item number limitation of the data in the unit time;And whether keyword is illegal keyword.
Yet another embodiment according to the present invention, receiving device 120 are also stored with data format specifications, the data lattice Formula specification defines the format of content data file, then method 200 can also include:Receiving device 120 audits its received data Whether file content meets data format specifications, if meeting, audit passes through.Wherein when the file format of data file is XML When format, corresponding data format specifications are XSD format.
Yet another embodiment according to the present invention, when content data file includes resident identification card number, method 200 can also include:Whether receiving device 120 audits the resident identification card number effective.
Above in each step in the specific descriptions for the audit check system 100 for being illustrated with reference to Fig. 1 data file Respective handling explained in detail, no longer duplicate contents are repeated here.
It should be appreciated that in order to simplify the disclosure and help to understand one or more of the various inventive aspects, it is right above In the description of exemplary embodiment of the present invention, each feature of the invention be grouped together into sometimes single embodiment, figure or In person's descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention:I.e. claimed hair Bright requirement is than feature more features expressly recited in each claim.More precisely, as the following claims As book reflects, inventive aspect is all features less than single embodiment disclosed above.Therefore, it then follows specific real Thus the claims for applying mode are expressly incorporated in the specific embodiment, wherein each claim itself is used as this hair Bright separate embodiments.
Those skilled in the art should understand that the module of the equipment in example disclosed herein or unit or groups Part can be arranged in equipment as depicted in this embodiment, or alternatively can be positioned at and the equipment in the example In different one or more equipment.Module in aforementioned exemplary can be combined into a module or furthermore be segmented into multiple Submodule.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose It replaces.
The invention also includes:A6, system as described in a5, the receiving device be stored with it is identical close in sending device Key, and be suitable for generating verification dynamic verification code according to sequence number in the key, the verification cryptographic Hash and the data file, The verification dynamic verification code is compared with dynamic verification code in the data file, if comparing unanimously, is verified. A7, the system as described in A6, the data file further include the file information, and the file information includes at least file format, text Part size and transmission time, the receiving device are suitable for auditing whether the file information meets transmission specification.A8, as described in A7 System, the receiving device is further adapted for obtaining its transmission frequency, number of data and data file in its received data file The keyword of content, and audit whether the transmission frequency, number of data and keyword meet transmission specification.A9, such as the institute of A7 or 8 The system stated, the transmission specification include at least:Whether the file format is predetermined format;Whether the file size exceeds Size limitation;Whether the transmission time, which is located at, allows the period;
Whether the transmission frequency exceeds the limitation of the data transmission frequencies in the unit time;Whether the number of data exceeds Data export item number limitation in unit time;And whether the keyword is illegal keyword.It is any in A10, such as A1-9 System described in, the receiving device are also stored with data format specifications, and the data format specifications define the data text The format of part content, the receiving device are suitable for auditing whether its received content data file meets the data format rule Model, if meeting, audit passes through.A11, the system as described in A10, when the file format of the data file is XML format, The data format specifications are XSD format.A12, the system as described in A10 or 11, when the content data file includes resident When ID card No., whether the receiving device is further adapted for auditing the resident identification card number effective.
B18, the method as described in B17, the receiving device are stored with and key identical in sending device, the reception Include the step of dynamic verification code described in device authentication:According in the key, the verification cryptographic Hash and the data file Sequence number generates verification dynamic verification code, and the verification dynamic verification code and dynamic verification code in the data file are compared It is right, if comparing unanimously, it is verified.B19, the method as described in B18, the data file further includes the file information, described The file information includes at least file format, file size and transmission time, the method also includes:Separately verify cryptographic Hash and Before dynamic verification code, whether the receiving device audit the file information, which meets, meets transmission specification.B20, as described in B19 Method, further include:Before separately verifying cryptographic Hash and dynamic verification code, the receiving device obtain its transmission frequency, its The keyword of number of data and content data file in received data file, and audit the transmission frequency, number of data and Whether keyword meets transmission specification.B21, the method as described in B19 or 20, the transmission specification include at least:The file Whether format is predetermined format;Whether the file size exceeds size limitation;Whether the transmission time, which is located at, allows the time Section;Whether the transmission frequency exceeds the limitation of the data transmission frequencies in the unit time;Whether the number of data exceeds unit Data export item number limitation in time;And whether the keyword is illegal keyword.B22, any one of such as B18-21 The method, the receiving device are also stored with data format specifications, and the data format specifications define the data file The format of content, the method also includes:The receiving device audits whether its received content data file meets the number According to format specification, if meeting, audit passes through.B23, the method as described in B22, when the file format of the data file is When XML format, the data format specifications are XSD format.B24, the method as described in B22 or 23, when in the data file When holding including resident identification card number, the method also includes:Whether the receiving device audits the resident identification card number Effectively.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed Meaning one of can in any combination mode come using.
In addition, be described as herein can be by the processor of computer system or by executing by some in the embodiment The combination of method or method element that other devices of the function are implemented.Therefore, have for implementing the method or method The processor of the necessary instruction of element forms the device for implementing this method or method element.In addition, Installation practice Element described in this is the example of following device:The device be used for implement as in order to implement the purpose of the invention element performed by Function.
As used in this, unless specifically stated, come using ordinal number " first ", " second ", " third " etc. Description plain objects, which are merely representative of, is related to the different instances of similar object, and is not intended to imply that the object being described in this way must Must have the time it is upper, spatially, sequence aspect or given sequence in any other manner.
Although the embodiment according to limited quantity describes the present invention, above description, the art are benefited from It is interior it is clear for the skilled person that in the scope of the present invention thus described, it can be envisaged that other embodiments.Additionally, it should be noted that Language used in this specification primarily to readable and introduction purpose and select, rather than in order to explain or limit Determine subject of the present invention and selects.Therefore, without departing from the scope and spirit of the appended claims, for this Many modifications and changes are obvious for the those of ordinary skill of technical field.For the scope of the present invention, to this Invent done disclosure be it is illustrative and not restrictive, it is intended that the scope of the present invention be defined by the claims appended hereto.

Claims (14)

1. a kind of audit check system of data file, the data file include the file information, the file information is at least wrapped File format, file size and transmission time are included, the system comprises sending devices and receiving device, wherein
The sending device is suitable for generating cryptographic Hash according to the content data file, is further adapted for generating with the data file only One associated sequence number is further adapted for generating dynamic according to the key, the cryptographic Hash and the sequence number that store in the sending device Identifying code, and by after the cryptographic Hash, sequence number and dynamic verification code write-in data file, the data file is sent to and is connect Receiving unit;
It includes cryptographic Hash, the data file of sequence number and dynamic verification code that the receiving device, which is suitable for receiving described, according to data File content generates verification cryptographic Hash, and the verification cryptographic Hash is compared with cryptographic Hash in the data file, if comparing Unanimously, then it is verified;According to sequence in key, the verification cryptographic Hash and the data file stored in the receiving device Row number generates verification dynamic verification code, and the verification dynamic verification code and dynamic verification code in the data file are compared It is right, if comparing consistent, it is verified, wherein the key stored in the receiving device and being stored in the sending device close Key is identical;If cryptographic Hash and dynamic verification code are proved to be successful, confirm that the content data file is not tampered with, described in deletion Cryptographic Hash, sequence number and dynamic verification code;
The receiving device is further adapted for auditing whether the file information meets biography before verifying cryptographic Hash and dynamic verification code Defeated specification;The receiving device is further adapted for obtaining the received data text of the transmission frequency of the sending device, the receiving device The keyword of number of data and content data file in part, and audit whether the transmission frequency, number of data and keyword accord with Close transmission specification;
The receiving device is also stored with data format specifications, and the data format specifications define the lattice of the content data file Formula, the receiving device are suitable for the definition according to data format specifications, carry out elemental scan one by one, audit to content data file Whether each element, which meets in data format specifications, defines.
2. the audit check system of data file as described in claim 1, the sequence number includes the MAC of the sending device Address, User ID and serial number, the serial number include date and digital number.
3. the audit check system of data file as described in claim 1, the sending device is stored with key, and is suitable for root The dynamic verification code is generated by pre-defined algorithm according to the key, cryptographic Hash and sequence number.
4. the audit check system of data file as claimed in claim 3, wherein the pre-defined algorithm is HOTP algorithm, it is described Dynamic verification code is short integer.
5. the audit check system of data file as described in claim 1, the transmission specification include at least:
Whether the file format is predetermined format;
Whether the file size exceeds size limitation;
Whether the transmission time, which is located at, allows the period;
Whether the transmission frequency exceeds the limitation of the data transmission frequencies in the unit time;
Whether the number of data exceeds the export item number limitation of the data in the unit time;And
Whether the keyword is illegal keyword.
6. the audit check system of data file as described in claim 1, when the file format of the data file is XML lattice When formula, the data format specifications are XSD format.
7. the audit check system of data file as described in claim 1, when the content data file includes residential identity When demonstrate,proving number, whether the receiving device is further adapted for auditing the resident identification card number effective.
8. the audit method of calibration of a kind of data file, suitable for including the audit of the data file of sending device and receiving device It is executed in check system, the data file includes the file information, and the file information includes at least file format, file size And transmission time, the method includes:
The sending device generates cryptographic Hash according to content data file;Generate the sequence with the data file unique association Number;Dynamic verification code is generated according to the cryptographic Hash and sequence number, and the cryptographic Hash, sequence number and dynamic verification code are written After data file, the data file is sent to receiving device;
It includes cryptographic Hash, the data file of sequence number and dynamic verification code that the receiving device, which receives described, according to data file Content generates verification cryptographic Hash, and the verification cryptographic Hash is compared with cryptographic Hash in the data file, if comparing unanimously, Then it is verified;According to sequence number in key, the verification cryptographic Hash and the data file stored in the receiving device Verification dynamic verification code is generated, the verification dynamic verification code is compared with dynamic verification code in the data file, if It compares unanimously, is then verified, wherein the key stored in the receiving device and the key phase stored in the sending device Together;If cryptographic Hash and dynamic verification code are proved to be successful, confirm that the content data file is not tampered with, delete the Hash Value, sequence number and dynamic verification code;
Whether the receiving device is audited the file information and is met and meet before separately verifying cryptographic Hash and dynamic verification code Transmission specification;Obtain the transmission frequency of the sending device, number of data sum number in the received data file of the receiving device According to the keyword of file content, and audit whether the transmission frequency, number of data and keyword meet transmission specification;
The receiving device is also stored with data format specifications, and the data format specifications define the lattice of the content data file Formula, the receiving device are suitable for the definition according to data format specifications, carry out elemental scan one by one, audit to content data file Whether each element, which meets in data format specifications, defines.
9. the audit method of calibration of data file as claimed in claim 8, the sequence number includes the MAC of the sending device Address, User ID and serial number, the serial number include date and digital number.
10. the audit method of calibration of data file as claimed in claim 8, the sending device is stored with key, the hair The step of sending equipment to generate dynamic verification code according to cryptographic Hash and sequence number include:
The dynamic verification code is generated by pre-defined algorithm according to the key, cryptographic Hash and sequence number.
11. the audit method of calibration of data file as claimed in claim 10, wherein the pre-defined algorithm is HOTP algorithm, institute Stating dynamic verification code is short integer.
12. the audit method of calibration of data file as claimed in claim 8, the transmission specification include at least:
Whether the file format is predetermined format;
Whether the file size exceeds size limitation;
Whether the transmission time, which is located at, allows the period;
Whether the transmission frequency exceeds the limitation of the data transmission frequencies in the unit time;
Whether the number of data exceeds the export item number limitation of the data in the unit time;And
Whether the keyword is illegal keyword.
13. the audit method of calibration of data file as claimed in claim 8, when the file format of the data file is XML When format, the data format specifications are XSD format.
14. the audit method of calibration of data file as claimed in claim 8, when the content data file includes residential identity When demonstrate,proving number, the method also includes:
Whether the receiving device audits the resident identification card number effective.
CN201510809970.0A 2015-11-20 2015-11-20 A kind of the audit check system and method for data file Active CN105488423B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510809970.0A CN105488423B (en) 2015-11-20 2015-11-20 A kind of the audit check system and method for data file

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510809970.0A CN105488423B (en) 2015-11-20 2015-11-20 A kind of the audit check system and method for data file

Publications (2)

Publication Number Publication Date
CN105488423A CN105488423A (en) 2016-04-13
CN105488423B true CN105488423B (en) 2018-11-23

Family

ID=55675396

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510809970.0A Active CN105488423B (en) 2015-11-20 2015-11-20 A kind of the audit check system and method for data file

Country Status (1)

Country Link
CN (1) CN105488423B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787944B (en) * 2017-11-15 2021-11-19 阿里巴巴集团控股有限公司 Network interaction method, electronic equipment, client and server
CN109117624A (en) * 2018-08-03 2019-01-01 上海掌门科技有限公司 Generate method, electronic equipment and the computer-readable medium of identifying code image
CN109257726B (en) * 2018-08-20 2019-09-24 深圳一卡通新技术有限公司 A kind of identity identifying method based on Bluetooth communication, system and relevant apparatus
CN111200479B (en) * 2018-11-19 2022-04-12 福建天泉教育科技有限公司 Transmission data verification method and storage medium
CN109858266B (en) * 2019-01-25 2023-09-05 上海倍通医药科技咨询有限公司 Medicine circulation data verification method
CN111984881A (en) * 2019-05-21 2020-11-24 北京沃东天骏信息技术有限公司 Prompting method, prompting device, terminal, server and storage medium
CN110276205B (en) * 2019-06-06 2021-06-15 深圳市杰科数码有限公司 Method and system for generating product serial number file, electronic device and storage medium
CN110489983B (en) * 2019-08-15 2021-05-14 Oppo广东移动通信有限公司 Chip access method and device, chip and terminal

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141627A (en) * 2007-10-23 2008-03-12 深圳市迅雷网络技术有限公司 Storage system and method of stream media file

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003152714A (en) * 2001-11-15 2003-05-23 Yamaha Corp Data communication system and its method, and computer- readable recording medium for recording program applied to the system
CN104915591A (en) * 2014-03-10 2015-09-16 联想(北京)有限公司 Data processing method and electronic equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141627A (en) * 2007-10-23 2008-03-12 深圳市迅雷网络技术有限公司 Storage system and method of stream media file

Also Published As

Publication number Publication date
CN105488423A (en) 2016-04-13

Similar Documents

Publication Publication Date Title
CN105488423B (en) A kind of the audit check system and method for data file
Aini et al. Embedding a blockchain technology pattern into the QR code for an authentication certificate
JP5632514B2 (en) Apparatus and method for selectively securing records with NDEF messages
WO2018046008A1 (en) Storage design method of blockchain encrypted radio frequency chip
US8386793B2 (en) Method and apparatus for implementing electronic seal
CN108683669A (en) Data verification method and multi-party computations system
CN105335667B (en) Innovate creative data processing method, device, system and deposit card equipment
CN109150903A (en) A kind of account management method, device, storage medium and terminal device
JPS63503413A (en) Method and apparatus for qualitatively accumulating digitized data
CN107070660A (en) A kind of design Storage method of block chain encrypted radio-frequency chip
CN109785170A (en) Method of insuring based on block chain, the system of insuring based on block chain
CN109815051A (en) The data processing method and system of block chain
CN108632031A (en) Key generating device and method, encryption device and method
CN109981287A (en) A kind of code signature method and its storage medium
CN109981282A (en) Improve method, apparatus, system and the storage medium of image data transmission safety
CN100546239C (en) The application cryptogram diagram technology carries out method of encrypting to data
CN106358184A (en) Point-to-point identity authentication method
CN113225318B (en) Method and system for government affair big data encryption transmission and safe storage
CN107196973A (en) A kind of data encryption, decryption method and device
CN104410498B (en) A kind of dynamic password authentication method and its system
JP5518668B2 (en) Electronic signature key management apparatus, electronic signature key management method, electronic signature key management program
CN109754356A (en) Checking method, system and the storage medium of electronics license based on layout files
CN110493011B (en) Block chain-based certificate issuing management method and device
CN104394161A (en) Algorithm reconstruction mechanism based secret key transmission method and system
CN116781419A (en) Security data security management method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Li Zhipeng

Inventor after: Wang Hongbo

Inventor after: LingHu Yongxing

Inventor before: Li Zhipeng

Inventor before: Wang Hongbo

GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100084 No. 2 Building 2A201, 202, No. 1 Yuan, Nongda South Road, Haidian District, Beijing

Patentee after: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 100084 No. 2 Building 2A201, 202, No. 1 Yuan, Nongda South Road, Haidian District, Beijing

Patentee before: BEIJING TOPWALK INFORMATION TECHNOLOGY Co.,Ltd.

CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 100096 101, 1st to 7th floors, Building 3, Yard 6, Jianfeng Road (South Extension), Haidian District, Beijing

Patentee after: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 100084 2a201, 202, building 2, yard 1, Nongda South Road, Haidian District, Beijing

Patentee before: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd.