CN116561228A

CN116561228A - System and method for archiving based on engineering archive sheet composition

Info

Publication number: CN116561228A
Application number: CN202310601901.5A
Authority: CN
Inventors: 盛忠波
Original assignee: Hangzhou Ambo Data Technology Co ltd
Current assignee: Hangzhou Ambo Data Technology Co ltd
Priority date: 2023-05-26
Filing date: 2023-05-26
Publication date: 2023-08-08

Abstract

The invention provides a system and a method for archiving a bill based on engineering files, comprising a business layer, a file management layer and a file management layer, wherein the business layer is used for identifying business links of document management in the energy industry, and the business links are used for managing flow relationships based on the life cycle of the files; the resource layer is used for managing the content and the structure of resources on a chain of the block chain and storing various files and archive resources; the platform layer comprises an enterprise file and archive management platform, is connected with the service layer and the resource layer, integrates the service capable of being uplink in the service layer, and links various file and archive resources in the resource layer; the supervision layer is used for identifying and supervising various management objects and activities in the document management of the platform layer, so that the whole document management activity is ensured to be in a safe and perceivable state; and the block chain is used for calculating, packaging, assembling and publishing various information needing to be uplink and forming the block chain for data management according to the service time sequence.

Description

System and method for archiving based on engineering archive sheet composition

Technical Field

The disclosure relates to the technical field of blockchains, in particular to a system and a method for archiving a bill based on engineering files.

Background

Foreign scholars and practice departments began relatively early in research and application in the blockchain field, and they first utilized blockchain technology to solve the problems of authenticity and integrity assurance in archive management. The blockchain electronic file project at this stage is mainly focused on maintaining the authenticity and integrity of file resources in the archive, and the technical advantages of blockchain oriented multi-main body, distributed, strong trust and traceability are not fully exerted yet.

With the initial landing of blockchain technology in multiple fields of finance, trade, logistics, food traceability and the like, the application of blockchain technology in the document field is considered in China, and some large enterprises start 'water testing' blockchain application. The blockchain application at the stage realizes the preliminary integration with a front-end business system or a back-end digital archive system, and basically plays the technical characteristics of transparency, traceability and difficult tampering of the blockchain. But the business scene mainly stays in the range of a single enterprise main body, the advantage of guaranteeing the credibility of the blockchain through participation of multiple main bodies is not enough, and the coverage of the whole life cycle management of the electronic file is also a lifting space.

The information disclosed in the background section of this application is only for enhancement of understanding of the general background of this application and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.

Disclosure of Invention

The embodiment of the disclosure provides a method and a system for archiving a bill based on engineering files, which can at least solve part of problems in the prior art.

In a first aspect of embodiments of the present disclosure,

provided is an archive system based on engineering archive sheet set, comprising:

the business layer is used for identifying business links of document management in the energy industry, wherein the business layer comprises business links with uplink feasibility in document and file management business, and the business links are used for managing flow relationships based on the life cycle of the document;

the resource layer is used for managing the content and the structure of resources on a chain of the block chain and storing various files and archive resources;

the platform layer comprises an enterprise file and archive management platform, is connected with the service layer and the resource layer, integrates the service capable of being uplink in the service layer, and links various file and archive resources in the resource layer; the platform layer adopts three systems of a business system, an electronic file management system and a digital file resource long-term storage system for front-back connection;

The supervision layer is used for identifying and supervising various management objects and activities in the document management of the platform layer by adopting access control management, audit trail log record and file guarantee technology, so that the whole document management activity is ensured to be in a safe and perceivable state;

and the block chain is used for calculating, packaging, assembling and publishing various information needing to be uplink and forming the block chain for data management according to the service time sequence.

In an alternative embodiment of the present invention,

the service layer also comprises a service receiving link, a service management link, a service storage link and a service using link, wherein,

the business receiving link comprises capturing or archiving the electronic file from the business layer to the electronic file management system, wherein the business receiving link comprises a capturing link and an archiving link, and the capturing link is used for acquiring the electronic file and metadata corresponding to the electronic file; the archiving link is used for submitting the management authority of the electronic file and the metadata corresponding to the electronic file to an archive department;

the management business link comprises at least one of capturing registration, classification organization, identification treatment, statistical management and storage and preservation of electronic files;

The business storage link comprises at least one of copying, backing up, updating and migrating the electronic file in a file management system;

the business links comprise the retrieval of the electronic files and the electronic files through a file management system.

In an alternative embodiment of the present invention,

the platform layer comprises a business system, an electronic archive management system and a digital archive resource storage system, wherein,

the business system is used for automatically or semi-automatically carrying out authentication and arrangement work when the electronic file is formed and carrying out pre-archiving;

the electronic file management system is used for capturing, maintaining, utilizing and disposing electronic files and electronic files,

the digital archive resource storage system is used for storing the digital archive resource in a trusted digital warehousing system.

In an alternative embodiment of the present invention,

the resource layer is further configured to uplink the electronic file and metadata corresponding to the electronic file in at least three manners:

independently chaining through Hash values;

the Hash value and the metadata corresponding to the electronic file are uplink;

and the Hash value, the electronic file and the metadata corresponding to the electronic file are all uplink.

In an alternative embodiment of the present invention,

the block chain is a chain type data structure organized in a block form, a linked list of hash pointers is used, and nodes of the block chain are a plurality of blocks;

a block consists of a block head and a block body; the block header is used for storing the hash value of the last block, the hash value of the current block, the block size and the time stamp block metadata information;

the block body stores transaction records related to the business, each record of the transaction ledger contains the content of each operation, and simultaneously, hash values of the state ledger, which change from front to back, are also stored.

In an alternative embodiment of the present invention,

transaction records are organized in a Merkle tree structure and hash values are calculated:

transmitting any changed bottom data in the Merkle tree to the hash value change of the father node until the hash value change of the root node;

carrying out hash operation on the data packets in the block, generating new hash values by continuous recursion operation upwards and storing the new hash values in the block head;

when certain transaction data in the block is tampered, the Merkle root hash value stored in the block head changes, and the tampered block is determined and a problematic transaction record is positioned.

In a second aspect of an embodiment of the present invention,

there is provided an engineering archive sheet set-up based archiving method applied to any one of the foregoing engineering archive sheet set-up based archiving systems, the method comprising:

identifying a business link of document management in the energy industry, wherein the business link is used for managing a flow relation based on a file life cycle;

the on-chain resource content and structure management of the block chain is realized, and various files and archive resources are stored;

integrating the uplink business in the business layer, and linking various files and archive resources in the resource layer;

various management objects and activities in the document management of the platform layer are identified and supervised by adopting access control management, audit trail log record and file guarantee technology, so that the whole document management activity is ensured to be in a safe and perceivable state;

and calculating, packaging, assembling and publishing various information needing to be uplink, and forming a block chain for data management according to the service time sequence.

In a third aspect of the embodiments of the present disclosure,

there is provided an electronic device including:

a processor;

a memory for storing processor-executable instructions;

Wherein the processor is configured to invoke the instructions stored in the memory to perform the method described previously.

In a fourth aspect of embodiments of the present disclosure,

there is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method as described above.

Based on comprehensive consideration of service management elements, system operation elements and life cycle elements, a block chain evidence-preserving general model for 'single-system' archiving management is creatively provided. The model is based on five plates of a service layer, a platform layer, a resource layer, a supervision layer (contract layer) and a blockchain layer, and smooth operation of service flow, information flow and file flow can be realized based on mutual coordination among the five plates.

Besides, a block structure is superimposed, the key management information and rules are concentrated through the design of the block structure, and cross-business, cross-department and cross-system scheme construction can be achieved through expansion, so that internal trust is expanded to be public trust, and a trust layer support is provided for document management single-set system operation management.

Drawings

Fig. 1 is a schematic structural diagram of an engineering archive system according to an embodiment of the disclosure.

FIG. 2 is a diagram illustrating a basic data structure of a blockchain in accordance with embodiments of the present disclosure.

FIG. 3 is a block and ledger structure diagram of a document blockchain in accordance with an embodiment of the present disclosure.

FIG. 4 is a diagram illustrating the combination of a full tree structure model and a state Merkle tree according to an embodiment of the present disclosure.

Detailed Description

For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, not all embodiments. Based on the embodiments in this disclosure, all other embodiments that a person of ordinary skill in the art would obtain without making any inventive effort are within the scope of protection of this disclosure.

The technical scheme of the present disclosure is described in detail below with specific examples. The following embodiments may be combined with each other, and some embodiments may not be repeated for the same or similar concepts or processes.

In order to facilitate understanding of the technical solution of the present application, corresponding terms are explained first:

and (3) single-sleeve manufacturing: an electronic archive "single-copy" refers to an archive system in which, for a source electronic file generated by an electronic device, only the electronic archive is saved at the time of archiving, and no paper archive is generated and saved.

Four-sex detection: the method is used for detecting the authenticity, availability, security and integrity of the electronic file, which is the key for ensuring the credential value, the examination value and the preservation value of the electronic file.

It should be noted that, the method according to the embodiment of the present application may be applied to a plurality of technical fields, for example, the coal chemical industry, and may also be applied to other fields, and the specific technical field to which the method is applied is not limited in this application.

Fig. 1 is a schematic structural diagram of an engineering archive sheet system according to an embodiment of the disclosure, as shown in fig. 1, where the system includes:

the business layer is used for identifying main business links of document management in the energy industry, wherein the business layer refers to business links with uplink feasibility in document and file management business, and the business links arrange a main body based on the flow relation of the life cycle of the document;

for this purpose, it is mainly necessary to identify the main business links of document management of the organization. Organization electronic document management can be broadly divided into four main business links, namely "receive, manage, store and use" from the perspective of the type of system that the organization electronic document experiences in the life cycle from formation to long-term storage.

In an alternative embodiment of the present invention,

the business receiving link comprises a capturing or archiving link which is used for capturing the electronic file from the business layer to the electronic file management system, wherein the capturing link refers to a method and a process for acquiring the electronic file and metadata thereof at proper time; the archiving link refers to the process of submitting the electronic files which have the values of certificates, examination and preservation and are processed through the system and the metadata management authorities of the electronic files to the archive department;

the management business link comprises a management link of the electronic file in the electronic file management system or the electronic file in the file management system, wherein the management content in the electronic file management system comprises at least one of capturing registration, classified organization, identification treatment, statistical management and storage and custody, and the management content of the electronic file in the electronic file management system comprises at least one of storage, statistics, metadata maintenance, treatment and handover;

the business storage link comprises long-term storage of the electronic file in a file management system and comprises at least one of copying, backup, updating and migration;

The business links comprise the action process that file users search and utilize file information through a file management system to meet the utilization requirements of users, and the business links comprise the retrieval and utilization of electronic files and electronic files.

In an alternative embodiment of the present invention,

the long-term preservation system is divided into six functional entities of receiving, archival storage, data management, preservation plan, access and administrative management, and under the six functional entities, each functional module is provided with a detailed secondary function, so that the basic and core links in the "single-set" archiving management are basically covered.

The six functional modules have different emphasis points, so that the functional implementation and the block chain value fit point are different, and development and design are needed respectively. Based on six functional partitions and with the secondary functions of the blockchain participation as drop points, a clear and definite functional map combining blockchain technology and 'single-set system' archiving management is constructed, functional visualization is promoted, and the current functional emphasis of the system and the possibility of future continuous development are illustrated.

The blockchain system is provided with authentication nodes in a series of processes of document creation, approval, editing, archiving, archive storage, borrowing and destruction, and the whole traceability of a document management process is realized by timely uploading document information and process information to document storage and authentication.

The platform layer comprises an enterprise file and file management platform, a service layer and a resource layer, integrates the service capable of being linked downwards and upwards receives various file and file resources; the platform layer adopts three systems of a business system, an electronic file management system and a digital file resource long-term storage system to connect front and back, so that front-end control, medium-term archiving and later-term storage are communicated, and full life cycle management of electronic files and electronic files is realized;

in an alternative embodiment of the present invention,

the platform layer comprises a business system, an electronic archive management system and a digital archive resource long-term storage system, wherein,

the business system is a computer system for forming or managing the activity data of an organization, embeds an electronic file classification scheme, an archiving range, a preservation schedule and a sorting requirement, automatically or semi-automatically performs authentication and sorting work when the electronic file is formed, and performs pre-archiving;

the electronic file management system comprises a computer information system for capturing, maintaining, utilizing and disposing electronic files and electronic files,

the system for long-term storage of the digital archive resource comprises a trusted digital warehousing system for long-term storage of the digital archive resource.

Wherein, the liquid crystal display device comprises a liquid crystal display device,

business Systems (BS) refer to computer systems that form or manage institutional activity data, commonly known as office automation systems and other business systems. Office automation systems and other business systems should embed electronic file classification schemes, archive ranges, and custody schedules and collation requirements, automatically or semi-automatically perform authentication and collation work when electronic files are formed, and implement pre-archiving.

Major concerns of business systems include:

the electronic files and the metadata thereof can be formed, collected, arranged and archived according to the related requirements; tools such as an electronic file classification scheme, a preservation schedule and the like are arranged in the electronic file system, so that electronic file formation or complete collection of a handling department and filing of electronic files and metadata thereof are supported; the method can record all the modification information of the electronic file in the process of drafting and handling the electronic file in a single stream file set; the electronic file and the components thereof can be automatically named and stored according to the built-in rule, the internal organic connection of the electronic file is maintained, and the association relationship between the electronic file and the metadata is established; the electronic file and the metadata archiving data package thereof can be generated according to the standard, or the electronic file and the metadata thereof can be pushed to an archiving interface; all operations of the collected and accumulated electronic files can be tracked and audited.

An electronic archive management system (erm) refers to a computer information system that captures, maintains, utilizes, and disposes of electronic files, electronic archives. The electronic file management system should have perfect functions and moderately look ahead, and meet the requirements of electronic file authenticity, reliability, integrity and availability management.

The electronic archive management system (ERMS) basic functions comprise file management configuration, file management service, security management, system management and other aspects, and specifically comprise:

the system has the functions of electronic file management and configuration, including classification scheme management, file number rule management, retention time limit table management, metadata scheme management, gate class definition and the like; the electronic file management function comprises the functions of electronic file and metadata thereof such as acquisition, registration, classification, cataloging, naming, storage, utilization, statistics, authentication, destruction, handover, backup, report management and the like; the electronic file security management function comprises the functions of identity authentication, authority management, tracking audit, solidification information generation and the like; the system management function comprises the functions of system parameter management, system user and resource management, system function configuration, operation authority allocation, event report and the like; the system has the paper file management functions of all doors, including the functions of synchronously cataloging, sequencing, compiling file numbers and the like of electronic files and paper files; the system has the functions of digitizing the paper files and managing the digital copies of the paper files.

A digital archive resource long-term storage system (TDR) is a trusted digital warehousing system that performs long-term storage of digital archive resources. The long-term storage technology of the digital file comprises a packaging technology, a format technology, a simulation technology, a regeneration technology, a migration technology and the like. Accordingly, a digital archive long-term storage system (TDR) should focus on perfecting the following functions:

ensuring that trusted digital archive resources are formed; supporting automatic acquisition and management of metadata; the packaging structure has perfect packaging function; ensuring effective management of static storage digital files; migration functions, including format migration and system migration.

The platform layer is compatible with the existing intelligent project platform, document management system, OA system (integrated office management platform), electronic signature system and digital financial sharing service center system electronic data, so that repeated investment and construction are avoided. The system pays attention to independence and operation convenience, and reserves an interface of a business system outside the system to be accessed into the system, so that the utilization rate of the whole system is highest, the business process is more efficient (particularly, various repeated input and repeated operation are needed to be avoided), the input-output ratio of the system is maximum, and all data can form a unified data pool so as to carry out data analysis and support enterprise decision.

The block chain file management platform mainly comprises three subsystems of a file management system, a block chain certification system and an electronic file management system, wherein the block chain certification system comprises a block chain platform and an electronic printing control platform, the electronic file management system comprises a file management platform, a delivery data platform and an OCR management platform, and the file management system comprises various functions for long-term storage of digital file resources.

The system is in an interactive mode,

the interaction of the archive management system, the blockchain certification system and the business system mainly comprises two links, namely uplink certification and uplink certification. Through interaction with the blockchain, the whole-process important links such as drafting, auditing, archiving, sharing and application of the electronic file can be realized.

Taking two links of generating and archiving an electronic file as an example, analyzing the interactive flow of a block chain, a business system and an electronic file management system, carrying out uplink certification in the generating link and carrying out uplink verification in the archiving link.

The resource layer is used for controlling the content and the structure of resources on the chain of the document block chain;

the resource layer comprises a static business original record, dynamic various archive management log records and various files or core metadata parts of the records; wherein, the liquid crystal display device comprises a liquid crystal display device,

The service original record comprises content data and metadata, and further comprises at least three uplink modes: only Hash values are uplink, hash values and electronic document metadata are uplink, and Hash values, electronic document metadata and content data are all uplink.

First, a static business original record. This is also the subject matter of future component blockchain status ledgers. This section is closely related to the functional activities represented by the business layer, and all types of records (including direct, indirect, and procedural record materials) with archival meaning formed by the business activities can be recorded in a specific form (original file or hash value) into the blockchain system.

Second, various types of archive management log records are dynamically managed. The method is a main source for forming a transaction ledger in an archive blockchain, the part records the document change process, and the whole course traceability of the document change process is realized through the record of a log.

Third, various types of files or core metadata parts of records. In many cases, the archive organization will not choose to directly ul the original record, but will ul the core metadata portion (including the signature) after hash computation. There is a large difference in the metadata composition of the files or records of different services, which will be the core content that the archive department needs to prepare to participate in the blockchain.

Blockchains are essentially information storage systems that perform the functions of processing and storing data, the core of which is ledger administration and transaction processing. From the viewpoint of cost, it is the data volume that determines the document's uplink scope, not all document traffic or all data of a certain traffic are suitable for uplink, but the uplink content is finally determined through rational analysis. The block chain file management platform has the uplink resource mainly comprising service data, metadata and corresponding activity records, wherein the original service records can have different uplink methods, the file management activity records are stored and uplink in the form of a status account book, and the metadata composition suitable for uplink is determined from the aspects of the system experienced by the electronic file and the related service.

Different uplink modes of business original record

The service original record comprises content data and metadata, and in the past blockchain application practice, the following uplink storage modes are mainly formed:

(1) Uplink mode a: only Hash values are chained;

(2) Uplink mode B: the Hash value is linked with the metadata of the electronic document;

(3) Uplink mode C: hash values, electronic document metadata, and content data are all chained.

The following table is a comparison of different uplink modes in terms of application, cost, applicable object, authenticity guarantee, and long-term guarantee:

overall, the current blockchain platform is only suitable for storing hash values and partial metadata of electronic documents, and is not suitable for storing content data. The main reason for this is: (1) functional positioning requirements. The positioning of the current blockchain technology in document management is mainly to enhance the authenticity and integrity guarantee, and is not data backup; (2) performance considerations. Processing of large amounts of data using the current stage blockchain platform is neither economical nor practical, limited by the current stage blockchain technology maturity, and if content data is to be uploaded, not only is the pressure of data storage and processing of each blockchain node increased, but also extremely high computational cost can be brought; (3) safety reasons. For security reasons, the content data cannot be completely uploaded without authentication.

In the context of electronic document management, the log record of the electronic document operation and the metadata related to the electronic document trusted authentication are core uplink content, and the transaction ledger and the status ledger correspond to the log record of the electronic document operation and the metadata related to the electronic document trusted authentication, respectively. The transaction account book stores operation records and descriptions for creating and changing the electronic document, and is a dynamic record of the change of the electronic document; the status ledger is the current status and information record of the electronic document, and refers to static data of the resource file. The hash value of the electronic document is the core of realizing the block chain function, is a key tool for authenticating the authenticity and the integrity of the electronic document, and realizes the effective support of the consensus credibility, the whole course traceability and the authenticity safety of the electronic document through the record of dynamic and static combination of the electronic document resource.

For an electronic document, in order to maintain the organic association of the electronic document formed in the same business activity, so as to ensure that the background information of the document is fully understood, the hash value of the final manuscript of the electronic document after solidification cannot be saved in a uplink manner, and the hash values of different versions of the electronic document must be all uplink. For example, the hash values of files such as scripts of important nodes in the file forming process, forms of different formats formed by long-term storage work implementation format migration, different release objects, and different texts formed by application scenes need to be stored in a uplink mode.

For metadata of electronic documents in the status ledger, in order to ensure the effectiveness of subsequent traceable queries, relevant metadata needs to be stored in a relatively complete uplink manner. Specifically, the basic idea of determining metadata that needs to be preserved in the uplink is: from the system perspective of electronic document experience, the unique metadata with unique retrieval identification and credential meaning formed in different systems are stored in a uplink manner; from related business of the electronic document, the result information of the business operation evidence and the business supervision can be stored in a linking way, wherein the result information comprises business behaviors such as electronic document handover, "four" detection, borrowing utilization, conversion and migration, disposal and destruction and the like.

The supervision layer is used for identifying and supervising various management objects and activities in the document management by adopting access control management, audit trail log record and file guarantee technology, so that the whole document management activity is ensured to be in a safe and perceivable state;

in an alternative embodiment of the present invention,

the supervisory layer is further configured to:

front-end supervision, which is used for managing and preventing possible risk points in advance by combing the functions of the institutions and the business links;

the middle-end supervision is used for perfecting relevant business link standards and checking the standard execution strength at regular time;

and the back-end supervision is used for realizing the permanent storage and destruction of the electronic file.

the core of front-end supervision is to fully comb the functions and business links of the institutions and manage and prevent possible risk points in advance. In this stage, the business body mainly comprises a document former, a document management department and a technical department, and the main task is to build an environment for receiving and managing the electronic document, form standard matched metadata and promote the electronic document to be successfully formed and captured.

The aim of supervising the 'single-sleeve' archiving management is to ensure the quality of the electronic files, maintain the reality, integrity, availability and safety of the electronic files, and exert the advantages of the electronic files on the premise of trust, so that pain points of the file management are solved in a targeted way. The functional set of the blockchain is exactly matched with the archiving management supervision requirement of single-sleeve, and the blockchain is applied to the three aspects of member management, key management and authority management as follows:

Member management

The platform performs identity authentication mainly through a CA system, and the certificate issuing system is simplified from version 1.6 to version 1.8;

root.ca (root certificate authority) represents a trust anchor in the PKI hierarchy. The root CA is the uppermost CA in the PKI hierarchy for issuing a certificate authority and a role certificate admission authority. ECA (Enrollment Certificate Authority) is an admission certificate authority that is able to admit certificates ECert to a downstream issuing node. ECert (Enrollment Certificate) admission certificate is a long term certificate that a node holding an ECert can interact with a service on the platform chain, otherwise cannot join the corresponding Namespace.

In addition, there are two implementations of the ECert design of the platform. The institution holding ECert1 not only has the right to interact with services on the blockchain, but also issues TCert (Transaction Certificate) transaction certificates downwards. The Transaction certificate is used for realizing pseudo-anonymous Transaction, a client needs to carry when initiating the Transaction, and the client encrypts the Transaction by using a private key matched with TCert. Tcerts can implement online applications, issued by various nodes, each Transaction can be signed with a new TCert, and the relative anonymity of each Transaction can be achieved, but can be reviewed by the issuer.

In addition, the platform provides a matched tool certgen for certificate management, which is mainly used for generating and managing related CA certificates and digital certificates, including functions of certificate issue, public and private key generation, certificate check and the like.

Certificate issuance: before the node is started, a pair of public and private keys are required to be generated, and when the node is started, each node firstly generates a self-signed certificate according to the public key, and a root certificate is generated according to the self-signed certificate. The sub-certificates of the specified type (ECert, RCert, TCert and SDKCert) can be generated by the root certificate of the node when the sub-certificates are issued, or the user provides a public key to the issuer and the issuer issues the sub-certificates.

Node admission: the new node firstly sends a joining request to each node, all VP nodes on the chain inquire about the CA public key certificate according to the handshake information of the application node, the public key certificate is used for signature verification, and then whether the node holding the CA certificate is allowed to join or not is judged by CAF. If so, issuing an ECert certificate of the node to the node, and issuing the ECert certificate to the applied node by the new node.

Certificate checking: certgen provides a certificate checking service that checks whether the content includes a certificate that is signed by a CA certificate, whether the signature is legitimate, and whether it is a CA certificate that is capable of signing a sub-certificate.

Certificate revocation: when the user's personal identity information changes, or the private key is lost, compromised or suspected to be compromised, the certificate user may make a certificate revocation request to the CA, which will put the certificate into a publicly issued certificate revocation list listing all digital certificates that are revoked during the validity period.

Key management

The private key of the user is split into two parts for encryption respectively during issuing, wherein one part is self-managed by an organization, and the other part is managed by a trusted third-party organization. If the private key of the user is lost, firstly, the mechanism performs identity authentication on the user on line, and after the authentication is passed, a private key recovery process is initiated.

The user keeps the complete public and private key pair by himself and does not carry out backup. The private key of the user cannot be retrieved once lost, the mechanism newly generates the private key for the user, and the original assets of the user are transferred to the new public key address by calling an intelligent contract of a super administrator in the background. The scheme relies on the following operations:

on the basis of the existing business contracts, a super manager intelligent contract is independently designed;

when a user key pair is generated, storing a corresponding public key address in an organization database to form a mapping relation (user account/identity information— > public key address), wherein the user identity information needs to be authenticated offline;

After the private key of the user is lost, a private key resetting application is initiated to the mechanism, and the mechanism firstly authenticates the identity of the user; the new public key address of the user is added to the database (without deleting the original public key address of the user).

Rights management

The platform adopts a hierarchical authority management mechanism to further ensure data security, and a three-level authority distribution mechanism of 'chain level manager-node manager-user' is formed:

chain level administrator: rights management at the blockchain level, including node management, system upgrades, rights control for contract upgrades, are often internal superadministrators specified by the various federation authorities. The operation authority of the link level such as node admission, system upgrading and contract upgrading is determined by voting of various organizations of the alliance, and not only a single entity can dominate. Specific voting rules are negotiated offline by the federation authorities and written into Genesis blocks. If the change is needed, a round of voting is carried out according to the rule agreed before to finish the change. Chain level rights management requires the assistance of the autonomous federation organization (CAF) mentioned above.

Node administrator: the rights management at the level of the participating nodes, including the control of the access rights of the nodes, are often operation and maintenance administrators specified by each alliance organization. An access certificate (SDKCert) is issued to each user, the authority of the user to access the SDK interface is controlled, and the request with the node access certificate is accepted by the node. The node administrator can issue certificates through the client, configure a user permission table, and allocate the permission of the user to access the SDK, such as the permission of access calling contracts, the permission of obtaining blocks, and the like. The chain level administrator defaults to having the node access certificate SDKCert.

The user: the common user participates in the on-link business scene. The user may hold certificates issued by different nodes to initiate transactions to the different nodes. The authority of a specific user in a corresponding service scene is defined by an upper service system. The subsequent platform can abstract a series of universal rights management interfaces for the business layer to better manage the rights.

And the block chain is used for calculating, packaging, assembling and publishing various information needing to be uplink according to technical requirements, and forming the block chain for data management according to service time sequence.

In an alternative embodiment of the present invention,

the block chain is a chain data structure organized in a block form, a linked list of hash pointers is used, and nodes of the chain are blocks;

a block consists of a block head and a block body; the block header comprises control information related to the block and is used for storing the hash value of the last block, the hash value of the current block, the block size and the time stamp block metadata information;

the block body contains specific transaction data, stores transaction records related to the business, and in each record of the transaction ledger, not only contains the content of each operation, but also stores hash values of the state ledger changing back and forth.

In an alternative embodiment of the present invention,

Blockchains construct a chain data structure organized in blocks, which uses a linked list of hash pointers whose nodes are blocks. When the content in the block is changed, the hash value is also changed, so that the content of the block cannot be tampered. In addition, each chunk (the debridement century block) holds a hash value of the previous chunk. The user only needs to memorize the hash value of the last block to detect whether the content on the blockchain is tampered. Multiple data blocks in the same block are organized together in the form of a Merkle tree, and stored in the block header is the hash value of the root node. The data structure has the advantages that: only the root hash value needs to be remembered, and modifications to any part of the tree can be detected. In the document system, all the electronic documents can be organized according to a tree structure, the change of any one electronic document can cause the change of a root hash value, and the change of the whole electronic document is reflected through the change of the root hash value.

The biggest difference between a blockchain and other linked lists is that a Hash pointer is used instead of a normal pointer. When the data on the blockchain is large and needs to occupy a large space, a certain trouble is obviously caused, and the concept of a pointer can be introduced. When the data is required to be acquired, the data is read only by the corresponding position according to the address given by the pointer, so that the memory space is greatly saved. In practice, pointers actually store logical addresses rather than physical addresses for reasons of program portability and the like.

FIG. 2 is a diagram illustrating a basic data structure of a blockchain in accordance with embodiments of the present disclosure. Typically, a block consists of a block header and a block body. The block header comprises control information related to the block and is used for storing the hash value of the last block, the hash value of the current block, the block metadata information such as the block size, the time stamp and the like; the block body contains specific transaction data, stores transaction data (i.e. transaction ledger) related to the business, and in each record of the transaction ledger, not only the content of each operation is contained, but also hash values of the state ledger, which change from front to back, are stored.

FIG. 3 is a block and ledger structure diagram of a document blockchain in accordance with an embodiment of the present disclosure. FIG. 4 is a diagram illustrating the combination of a full tree structure model and a state Merkle tree according to an embodiment of the present disclosure.

The blockchain data structure suitable for the document field is designed according to the basic structure of the blockchain. In the context of electronic document management, the hash value of the block header is the primary key of the block, and is used as the unique identifier of the block, and by combining with the hash value of the previous block, the chain structure of the block can be realized. The transaction record of the zone block stores the operation log of each transaction of the electronic document, and records the hash value of the electronic document before and after the change. Each transaction in the transaction ledger records a log record of the electronic document being manipulated, and the structure of the log record generally includes document ID, transaction action, manipulation user, hash change value, etc. The state account book records the hash value and metadata information of the electronic document entity, and the blockchain connects and integrates the log record (transaction account book) and the metadata record (state account book) of the electronic document through the change of the hash value, so that the log record (transaction account book) and the metadata record (state account book) become a same-generation and same-change and mutually unified organic whole. The data in the blockchain completely records the whole life process from generation, change to destruction of the electronic document in the system, can effectively trace back the business on the chain, and ensures the authenticity, integrity and safety of the electronic document.

The transaction account book and the status account book are organized by adopting a tree structure:

in the blockchain architecture, transaction records are typically organized in a Merkle tree structure and hash values are computed. Merkle tree is a hash binary tree whose leaf nodes are used to store data files, and whose non-leaf nodes store hash values of their leaf nodes. Any change in the underlying data in the Merkle tree will be passed on to the hash value of its parent node until the hash value of the root node changes. The Merkle tree can be used to quickly summarize and verify the integrity of the block data, hash the data packets in the block, and recursively calculate up to generate new hash values that are stored in the block header. When a certain transaction data in the block is tampered, the Merkle root hash value stored in the block head is changed, so that the tampered block is quickly found and the transaction data with problems are positioned.

In the context of electronic document management, the tree structure may be applied to both transaction ledgers and status ledgers. The application of the transaction ledger is basically consistent with that of the traditional blockchain, each log record of the electronic document change is regarded as a transaction (or trade), the transaction record is organized into a Merkle tree, the hash value of the root node is calculated and stored in a block header, and when the block hash values among different nodes are inconsistent, the block and the log record with problems can be rapidly positioned. The application in the state ledger can rely on the tree structure of the electronic document system to design the Merkle binary tree, namely, the metadata record of the electronic document is treated as a common data body. Any electronic document change will cause the hash value of the block in the block header to change, thereby quickly finding and locating the changed electronic document.

The state tree is combined with a full tree structural model of the digital archive object:

the digital file object full tree model is a model which uses a tree structure to intensively describe the overall architecture showing file resources from full to metadata, and the digital file object model expressed by the full tree model can accord with the file management principle of China to the greatest extent, accords with the core idea of function classification, and accords with the decomposition mode of gradually asking for refinement from top to bottom of most institutions and business activities. The business entity object of the state ledger is an electronic document, and the directory system of the electronic document can be organized into a tree structure by means of a full tree model, so that a hash value can be calculated from bottom to top based on the structure, and the hash value of the root node is finally obtained and recorded in the block header. In addition, when the status ledger is changed, hash values before and after the change are stored in log records of transaction ledgers related to the status ledger, so that the status tree and the transaction tree are connected.

In a second aspect of the embodiments of the present disclosure,

the method for archiving the engineering archive sheet set comprises the following steps:

identifying main business links of document management in the energy industry, wherein the business links schedule a main body based on a flow relation of a file life cycle;

Integrating the service capable of being linked downwards and upwards receiving various files and file resources; the front end control, the middle-term archiving and the later-term preservation are communicated through the front-and-back connection of the service system, the electronic file management system and the digital file resource long-term preservation system, so that the full life cycle management of the electronic files and the electronic files is realized;

controlling the content and structure of resources on a chain of the document blockchain;

various management objects and activities in document management are identified and supervised by adopting access control management, audit trail log record and file guarantee technology, so that the whole document management activity is ensured to be in a safe and perceivable state;

and calculating, packaging, assembling and publishing various information to be uplink according to technical requirements, and forming a block chain for data management according to service time sequence.

In a third aspect of the embodiments of the present disclosure,

there is provided an electronic device including:

a processor;

a memory for storing processor-executable instructions;

In a fourth aspect of embodiments of the present disclosure,

The present invention may be a method, apparatus, system, and/or computer program product. The computer program product may include a computer readable storage medium having computer readable program instructions embodied thereon for performing various aspects of the present invention.

It will be appreciated by persons skilled in the art that the embodiments of the invention described above and shown in the drawings are by way of example only and are not limiting. The objects of the present invention have been fully and effectively achieved. The functional and structural principles of the present invention have been shown and described in the examples and embodiments of the invention may be modified or practiced without departing from the principles described.

Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present disclosure, and not for limiting the same; although the present disclosure has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present disclosure.

Claims

1. An engineering archive based sheet packaging archiving system, the system comprising:

2. The system of claim 1, wherein the business layer further comprises a receive business link, a manage business link, a store business link, and a use business link, wherein,

the business receiving link comprises capturing or archiving the electronic file from the business layer to an electronic file management system, wherein the business receiving link comprises a capturing link and an archiving link, and the capturing link is used for acquiring the electronic file and metadata corresponding to the electronic file; the archiving link is used for submitting the management authority of the electronic file and the metadata corresponding to the electronic file to an archive department;

3. The system of claim 1, wherein the platform layer comprises a business system, an electronic archive management system, and a digital archive resource preservation system, wherein,

4. The system of claim 1, wherein the system further comprises a controller configured to control the controller,

independently chaining through Hash values;

5. The system of claim 1, wherein the blockchain is a chained data structure organized in blocks, using a linked list of hash pointers, the nodes of which are a plurality of blocks;

6. The system of claim 5, wherein the transaction records are organized in a Merkle tree structure and hash values are calculated:

7. A method for archiving a project archive based on sheet composition, characterized in that the method is applied to the project archive based sheet composition archiving system according to any one of claims 1 to 6, the method comprising:

identifying and supervising various management objects and activities in the document management of the platform layer by adopting access control management, audit trail log record and file guarantee technology;

8. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to invoke the memory-stored instructions to perform the method of claim 7.

9. A computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the method of claim 7.