CN106936578A - Timestamp system and the method for signing and issuing timestamp - Google Patents
Timestamp system and the method for signing and issuing timestamp Download PDFInfo
- Publication number
- CN106936578A CN106936578A CN201511021263.1A CN201511021263A CN106936578A CN 106936578 A CN106936578 A CN 106936578A CN 201511021263 A CN201511021263 A CN 201511021263A CN 106936578 A CN106936578 A CN 106936578A
- Authority
- CN
- China
- Prior art keywords
- timestamp
- time
- module
- value
- signing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to timestamp field, disclose a kind of timestamp system and sign and issue the method for timestamp, the timestamp system includes:Receiver module, for receiving the timestamp application transmitted by client;Time source module, signing and issuing the time for being obtained from big-dipper satellite corresponding to the timestamp application, and by this sign and issue time encryption after be sent to Security Encryption module;Security Encryption module, to be decrypted for the time of signing and issuing after to encryption and described sign and issue the time obtaining;Management module, signer information is created for signing and issuing time and the timestamp application according to;And sending module, for the signer information to be sent to the client.Transmitted again after being encrypted to time prime information by time source board in timestamp system, the safety acquisition of time source information can be effectively ensured.
Description
Technical field
The present invention relates to timestamp field, in particular it relates to a kind of timestamp system and sign and issue timestamp
Method.
Background technology
Time stamp server is a set of based on PKI (Public Key Infrastructure, PKIX)
The timestamp authoritative system of technology, externally provides accurate believable time-stamping service, includes time-stamp device
And system.It uses accurate time source, the security mechanism of high intensity high standard, there is provided timestamp
Issue, inquire about and authentication function, meet the non-repudiation and auditability demand of network application requirement.Time
Stamp server can be widely applied to online transaction, electronic health record, net admitance, government's network shopping,
In the E-Government and e-commerce initiative such as Report on Network and digital intellectual property protection, it is related to online friendship
Easily, many E-Government such as on-line approval, ERP, OA, electronic contract, e-commerce system,
For business provides the non repudiation and the non repudiation of time factor that ensure content and signed by.
Time stamp server as very important part in PKI systems, in national information safety
Important role is play, it has to be ensured that its operation safe and reliable, timestamp system in the prior art
System is based primarily upon X86 platforms, and the mode for obtaining Perfect Time source is by Network Time Protocol, with plaintext side
Formula obtains Perfect Time from time source board, although this is transmission in machine, also there is the risk being stolen,
Cause to sign and issue the timestamp for making mistake.
The content of the invention
It is an object of the invention to provide a kind of timestamp system and the method for signing and issuing timestamp, it can be effective
The safety acquisition of guarantee time source information.
To achieve these goals, the present invention provides a kind of timestamp system, including:Receiver module, uses
In the timestamp application transmitted by reception client;Time source module, the time is corresponded to for obtaining
Stamp application sign and issue the time, and by this sign and issue the time encryption after be sent to Security Encryption module;Safety encryption
Module, to be decrypted for the time of signing and issuing after to encryption and described sign and issue the time obtaining;Management module,
Signer information is created for signing and issuing time and the timestamp application according to;And sending module,
For the signer information to be sent to the client.
Preferably, the management module is additionally operable to sign and issue time creation time stamp structural information according to;
The sending module is additionally operable to send the timestamp structural information to the client.
Preferably, the management module is additionally operable to:Obtain the hashing algorithm that the timestamp application is included
And plaintext hashed value;Time and the plaintext hashed value meter are signed and issued according to using the hashing algorithm
Evaluation time stabs data value;Using signature algorithm to the time stamp data value carry out signature computing obtain when
Between stab signature value;And the signer information is created according to the timestamp signature value.
Preferably, the time source module is additionally operable to be obtained from big-dipper satellite and corresponds to the timestamp application
Sign and issue the time.
Correspondingly, the present invention also provides a kind of timestamp system, including:Receiver module, for receiving visitor
The proving time stamp request that family end sends;Control module, is used for:Parse proving time stamp request with
Obtain signer information and timestamp structural information;According to the signer information and the timestamp structure
The correctness of Information Authentication time stamp data;And sending module, for by the checking of the control module
Result is sent to the client.
Preferably, the control module is additionally operable to:Go out timestamp signature according to the signer information analysis
Value, signature algorithm and hashing algorithm, are decrypted according to the signature algorithm to the timestamp signature value
To obtain time stamp data value.
Preferably, the control module is additionally operable to:Parsed according to the timestamp structural information when signing and issuing
Between and plaintext hashed value;Time and the plaintext hashed value meter are signed and issued according to using the hashing algorithm
Calculate one and verify hashed value;The checking hashed value is compared to obtain with the time stamp data value
State the result.
Correspondingly, the present invention also provides a kind of method for signing and issuing timestamp, and the method includes:Receive client
The transmitted timestamp application in end;Signing and issuing the time corresponding to the timestamp application is obtained, and this is signed
Security Encryption module is sent to after the encryption of hair time;Security Encryption module to encryption after the time of signing and issuing carry out
Decryption described signs and issues the time to obtain;Time and timestamp application acquisition signer are signed and issued according to described
Information;And send to the client signer information.
Preferably, methods described also includes:Time acquisition timestamp structural information is signed and issued according to described;With
And send to the client timestamp structural information.
Preferably, methods described also includes:Obtain hashing algorithm that the timestamp application included and
Plaintext hashed value;When time and plaintext hashed value calculating are signed and issued according to using the hashing algorithm
Between stab data value;Signature computing is carried out to the time stamp data value using signature algorithm and obtains timestamp
Signature value;And the signer information is obtained according to the timestamp signature value.
By above-mentioned technical proposal, time prime information is added by time source board in timestamp system
Transmitted again after close, the safety acquisition of time source information can be effectively ensured.
Other features and advantages of the present invention will be described in detail in subsequent specific embodiment part.
Brief description of the drawings
Accompanying drawing is, for providing a further understanding of the present invention, and to constitute the part of specification, with
Following specific embodiment is used to explain the present invention together, but is not construed as limiting the invention.
In accompanying drawing:
Fig. 1 shows the structural representation of the timestamp system of present invention offer;
Fig. 2 shows that timestamp system signs and issues the principle schematic of timestamp;
Fig. 3 shows that timestamp verifies principle schematic;And
Fig. 4 shows the flow chart of the method for signing and issuing timestamp of present invention offer.
Description of reference numerals
The timestamp system of 100 client 200
300 big-dipper satellites
Specific embodiment
Specific embodiment of the invention is described in detail below in conjunction with accompanying drawing.It should be appreciated that
Specific embodiment described herein is merely to illustrate and explain the present invention, and is not limited to this hair
It is bright.
Fig. 1 shows the structural representation of the timestamp system of present invention offer.As shown in figure 1, this hair
Bright to provide a kind of timestamp system, the timestamp system includes:Receiver module, for receiving client 100
Transmitted timestamp application;Time source module, when corresponding to described for being obtained from big-dipper satellite 300
Between stab application sign and issue the time, and by this sign and issue the time encryption after be sent to Security Encryption module;Safety adds
Close module, to be decrypted for the time of signing and issuing after to encryption and described sign and issue the time obtaining;Management module,
Signer information is obtained for signing and issuing time and the timestamp application according to;And sending module,
For the signer information to be sent to the client 100.
Fig. 2 shows that timestamp system signs and issues the principle schematic of timestamp.As shown in Fig. 2 specific work
When making, client 100 carries out hash operations to plaintext data and obtains hash in plain text first by hashing algorithm
Value H1, is then connect the stamp application of the makeup times such as the plaintext hashed value H1 and hashing algorithm by API
Mouth is sent to timestamp system 200.Preferably, hashing algorithm here can choose SM3 hash algorithms,
But the present invention is not restricted to this.
The receiver module of timestamp system 200 receives timestamp application, and the timestamp application is sent to
Management module, Security Encryption module is obtained by RJ45 interface driver time source boards from big-dipper satellite 300
Take signing and issuing the time corresponding to timestamp application, time source board by this sign and issue time encryption after be sent to peace
Full encrypting module, specifically, generates in time source board hardware and stores a key, and in cipher card
The same key of middle storage, and it is periodically synchronous with time source board.Here key can select SM4
Symmetric key, cipher card can select SJK1120-B cipher cards, but the present invention is not restricted to this.This
In, Security Encryption module is resent to after being encrypted to the time of signing and issuing by time source board can be effective
The safety acquisition of guarantee time source information.
Security Encryption module is communicated by EBI with cipher card, with by storage in cipher card
The ciphertext D (T) of SM4 symmetric key decryption time sources board transmission, time T is signed and issued to obtain.
Management module is right according to the hashing algorithm (e.g., SM3 hashing algorithms) included in timestamp application
Plaintext hashed value H1 and sign and issue time T carry out hash operations obtain new hashed value as timestamp hash
Value H2, H2=Hash (H1+T), then control module call cipher card to obtain corresponding to signature algorithm
Private key, signature computing is carried out using the private key to timestamp hashed value H2, obtains timestamp signature value.
Further, management module creates signer information, and this is built in signer information can be comprising above-mentioned
Hashing algorithm, signature algorithm and timestamp signature value, further, it is also possible to comprising timestamp sequence number with
Uniquely distinguish the signer information.Additionally, management module can stab structural information with creation time, should
Above-mentioned timestamp sequence number is included in timestamp structural information, needs to add a cover the hashed value of time stamp data
(plaintext hashed value H1 i.e. above), above-mentioned sign and issue time T, timestamp sign and issue information etc..
Build signer information and timestamp structural information constitutes timestamp and returns to file and by timestamp system
Timestamp return file is back to client 100 by 200 sending module.When client 100 is by this
Between stab and return to file and plaintext data and stored.
Here, sending module and receiver module can be integrated into time-stamping service interface, the time-stamping service
Interface can enter row data communication by api interface and client 100.Timestamp system signs and issues timestamp
Can be carried out based on Godson 3A platforms.
Further, the present invention also provides a kind of timestamp system, including:Receiver module, for receiving
The proving time stamp request that client sends;Control module, is used for:Parse the proving time stamp request
To obtain signer information and timestamp structural information;According to the signer information and the timestamp knot
The correctness of structure Information Authentication time stamp data;And sending module, for testing the control module
Card result is sent to the client.
Fig. 3 shows that timestamp verifies principle schematic.As shown in figure 3, control module is further parsed
Signer information obtains timestamp signature value, signature algorithm and hashing algorithm, and it is right to call cipher card to obtain
Timestamp signature value should be decrypted using the public key in the public key of signature algorithm, obtain timestamp and dissipate
Train value H2 '.
Control module further parses timestamp structural information and obtains plaintext hashed value H1, signs and issues time T,
Using the hashing algorithm that analytically signer information is obtained is to plaintext hashed value H1 and signs and issues time T and carries out
Hash operations obtain a checking hashed value H2.Then by the checking hashed value H2 of the calculating and above-mentioned parsing
The timestamp hashed value H2 ' for obtaining is compared, according to the two it is whether identical come obtain timestamp checking knot
Really, the result is sent to client by sending module.
Fig. 4 shows the flow chart of the method for signing and issuing timestamp of present invention offer.As shown in figure 4, this
Invention also provides a kind of method for signing and issuing timestamp, and the method includes:Receive the time transmitted by client
Stamp application;Signing and issuing the time corresponding to the timestamp application is obtained from big-dipper satellite, and when this is signed and issued
Between encrypt after be sent to Security Encryption module;Security Encryption module to encryption after the time of signing and issuing be decrypted
The time is signed and issued with described in acquisition;Time and timestamp application acquisition signer letter are signed and issued according to described
Breath;And send to the client signer information.
The work of the method for signing and issuing timestamp provided by the present invention and the timestamp system shown in above-mentioned Fig. 1
Principle and benefit are similar, repeat no more here.
The preferred embodiment of the present invention is described in detail above in association with accompanying drawing, but, the present invention is not limited
Detail in above-mentioned implementation method, in range of the technology design of the invention, can be to the present invention
Technical scheme carry out various simple variants, these simple variants belong to protection scope of the present invention.
It is further to note that each particular technique described in above-mentioned specific embodiment is special
Levy, in the case of reconcilable, can be combined by any suitable means, in order to avoid need not
The repetition wanted, the present invention is no longer separately illustrated to various possible combinations.
Additionally, can also be combined between a variety of implementation methods of the invention, as long as its
Without prejudice to thought of the invention, it should equally be considered as content disclosed in this invention.
Claims (10)
1. a kind of timestamp system, it is characterised in that including:
Receiver module, for receiving the timestamp application transmitted by client;
Time source module, for obtaining signing and issuing the time corresponding to the timestamp application, and this is signed and issued
Security Encryption module is sent to after time encryption;
Security Encryption module, is decrypted to obtain during described signing and issuing for the time of signing and issuing after to encryption
Between;
Management module, signer information is created for signing and issuing time and the timestamp application according to;
And
Sending module, for the signer information to be sent to the client.
2. timestamp system according to claim 1, it is characterised in that
The management module is additionally operable to sign and issue time creation time stamp structural information according to;
The sending module is additionally operable to send the timestamp structural information to the client.
3. timestamp system according to claim 1, it is characterised in that the management module is used
In:
Obtain hashing algorithm and plaintext hashed value that the timestamp application is included;
The time is signed and issued according to using the hashing algorithm and the plaintext hashed value calculates the time
Stamp data value;
Signature computing is carried out to the time stamp data value using signature algorithm and obtains timestamp label
Name value;And
The signer information is created according to the timestamp signature value.
4. timestamp system according to claim 1, it is characterised in that the time source module
It is additionally operable to be obtained from big-dipper satellite and signs and issues the time corresponding to the timestamp application.
5. a kind of timestamp system, it is characterised in that including:
Receiver module, the proving time for receiving client transmission stabs request;
Control module, is used for:
The proving time stamp request is parsed to obtain signer information and timestamp structural information;
According to the signer information and timestamp structural information proving time stamp data just
True property;And
Sending module, for the result of the control module to be sent to the client.
6. timestamp system according to claim 5, it is characterised in that
The control module is additionally operable to:
Go out timestamp signature value, signature algorithm and hashing algorithm according to the signer information analysis,
The timestamp signature value is decrypted according to the signature algorithm obtain timestamp number
According to value.
7. timestamp system according to claim 6, it is characterised in that the control module is also
For:
The time of signing and issuing and plaintext hashed value are parsed according to the timestamp structural information;
The time is signed and issued according to using the hashing algorithm and the plaintext hashed value calculates a checking and dissipates
Train value;
The checking hashed value is compared to obtain the result with the time stamp data value.
8. a kind of method for signing and issuing timestamp, it is characterised in that the method includes:
Receive the timestamp application transmitted by client;
Obtain and being signed and issued the time corresponding to the timestamp application, and by this sign and issue time encryption after be sent to
Security Encryption module;
Security Encryption module to encryption after the time of signing and issuing to be decrypted and described sign and issue the time obtaining;
Time and timestamp application establishment signer information are signed and issued according to described;And
The signer information is sent to the client.
9. method according to claim 8, it is characterised in that methods described also includes:
Time acquisition timestamp structural information is signed and issued according to described;And
The timestamp structural information is sent to the client.
10. method according to claim 8, it is characterised in that sign and issue the time described in the basis
Creating signer information with the timestamp application includes:
Obtain hashing algorithm and plaintext hashed value that the timestamp application is included;
The time is signed and issued according to using the hashing algorithm and the plaintext hashed value calculates timestamp number
According to value;
Signature computing is carried out to the time stamp data value using signature algorithm and obtains timestamp signature value;
And
The signer information is obtained according to the timestamp signature value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511021263.1A CN106936578B (en) | 2015-12-30 | 2015-12-30 | Time stamp system and method for issuing time stamp |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511021263.1A CN106936578B (en) | 2015-12-30 | 2015-12-30 | Time stamp system and method for issuing time stamp |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106936578A true CN106936578A (en) | 2017-07-07 |
| CN106936578B CN106936578B (en) | 2020-02-18 |
Family
ID=59442586
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511021263.1A Active CN106936578B (en) | 2015-12-30 | 2015-12-30 | Time stamp system and method for issuing time stamp |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106936578B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020014996A1 (en) * | 2018-07-19 | 2020-01-23 | 沃通电子认证服务有限公司 | Email timestamp anti-counterfeiting method, server, and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1547344A (en) * | 2003-12-17 | 2004-11-17 | 上海市高级人民法院 | Method of applying timestamp in remote signature system |
| US20070266256A1 (en) * | 2006-05-09 | 2007-11-15 | Interdigital Technology Corporation | Secure time functionality for a wireless device |
| CN101917273A (en) * | 2010-08-26 | 2010-12-15 | 四川大学 | ECC certificate-based ADS-B data authentication method |
| CN102647461A (en) * | 2012-03-29 | 2012-08-22 | 奇智软件(北京)有限公司 | Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol) |
| CN102916971A (en) * | 2012-10-31 | 2013-02-06 | 重庆君盾科技有限公司 | Electronic data curing system and method |
| CN103561044A (en) * | 2013-11-20 | 2014-02-05 | 无锡儒安科技有限公司 | Data transmission method and data transmission system |
| CN104506503A (en) * | 2014-12-08 | 2015-04-08 | 北京北邮国安技术股份有限公司 | Security certification system based on broadcast television one-way transmission network |
-
2015
- 2015-12-30 CN CN201511021263.1A patent/CN106936578B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1547344A (en) * | 2003-12-17 | 2004-11-17 | 上海市高级人民法院 | Method of applying timestamp in remote signature system |
| US20070266256A1 (en) * | 2006-05-09 | 2007-11-15 | Interdigital Technology Corporation | Secure time functionality for a wireless device |
| CN101917273A (en) * | 2010-08-26 | 2010-12-15 | 四川大学 | ECC certificate-based ADS-B data authentication method |
| CN102647461A (en) * | 2012-03-29 | 2012-08-22 | 奇智软件(北京)有限公司 | Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol) |
| CN102916971A (en) * | 2012-10-31 | 2013-02-06 | 重庆君盾科技有限公司 | Electronic data curing system and method |
| CN103561044A (en) * | 2013-11-20 | 2014-02-05 | 无锡儒安科技有限公司 | Data transmission method and data transmission system |
| CN104506503A (en) * | 2014-12-08 | 2015-04-08 | 北京北邮国安技术股份有限公司 | Security certification system based on broadcast television one-way transmission network |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020014996A1 (en) * | 2018-07-19 | 2020-01-23 | 沃通电子认证服务有限公司 | Email timestamp anti-counterfeiting method, server, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106936578B (en) | 2020-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Malik et al. | Blockchain based secured identity authentication and expeditious revocation framework for vehicular networks | |
| Yang et al. | Multimedia cloud transmission and storage system based on internet of things | |
| US10015159B2 (en) | Terminal authentication system, server device, and terminal authentication method | |
| CN101340437B (en) | Time source regulating method and system | |
| CN104753881B (en) | A kind of WebService safety certification access control method based on software digital certificate and timestamp | |
| Sudha et al. | Enhanced security framework to ensure data security in cloud computing using cryptography | |
| CN108040065B (en) | Login-free method and device after webpage skipping, computer equipment and storage medium | |
| CN109614802B (en) | Anti-quantum-computation signature method and signature system | |
| CN106357396A (en) | Digital signature method, digital signature system and quantum key card | |
| CN104735068A (en) | SIP security authentication method based on commercial passwords | |
| CN106713336B (en) | Electronic data safeguard system and method based on double, asymmetrical encryption technology | |
| US20130311772A1 (en) | Non-pki digital signatures and information notary public in the cloud | |
| JP2016515235A5 (en) | ||
| JP2007089156A (en) | Message transmitting method | |
| Pan et al. | ADS-B data authentication based on ECC and X. 509 certificate | |
| CN105681470A (en) | Communication method, server and terminal based on hypertext transfer protocol | |
| CN104506503A (en) | Security certification system based on broadcast television one-way transmission network | |
| CN109600228A (en) | The signature method and sealing system of anti-quantum calculation based on public keys pond | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| CN101917273A (en) | ECC certificate-based ADS-B data authentication method | |
| CN101938500A (en) | Method and system for verifying source address | |
| CN109560935A (en) | The signature method and sealing system of anti-quantum calculation based on public asymmetric key pond | |
| CN106603182A (en) | Space environment oriented safe time synchronization method | |
| CN111404671B (en) | Mobile quantum secret communication method, gateway, mobile terminal and server | |
| CN104270756A (en) | Intra-domain mapping updating authenticating method in identity and position separation network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |