Summary of the invention
The invention provides a kind of electronic record verification method and device, to realize the anti-counterfeiting of electronic record, anti-tamper and anti-repudiation, electronic record is obtained and is worth with the core voucher of traditionally on paper archives same purpose.
To achieve these goals, the invention provides a kind of electronic record verification method, described electronic record verification method comprises:
Transmitting terminal receives the file that user submits to, forms e-file;
Described e-file is added a cover electronics shelves chapter by described transmitting terminal, generates electronic record;
Described transmitting terminal does Hash summary to described electronic record, generates the first hashed value;
The local private key of described transmitting terminal is signed to described first hashed value, generates digital signature;
Described electronic record and described digital signature are carried out symmetric cryptography by described transmitting terminal, generate the first ciphertext;
Described transmitting terminal utilizes the symmetric cryptographic key of receiving terminal PKI to described first ciphertext to carry out asymmetric encryption, generates the second ciphertext, and the first described ciphertext and the second ciphertext are sent to described receiving terminal;
Described receiving terminal is decrypted the first described ciphertext and the second ciphertext and certifying signature operation.
In one embodiment, described receiving terminal is decrypted the first described ciphertext and the second ciphertext and certifying signature operation, comprising:
Described receiving terminal own private key is decrypted operation to the second described ciphertext, generates symmetric key;
Described receiving terminal utilizes described symmetric key, is decrypted described first ciphertext, generates the digital signature after the electronic record after deciphering and deciphering;
Described receiving terminal utilizes described transmitting terminal public key verifications to sign.
In one embodiment, utilize described transmitting terminal public key verifications to sign, comprising:
Described receiving terminal utilizes the digital signature after deciphering described in the public key decryptions of described transmitting terminal, generates the second hashed value;
More described first hashed value and described second hashed value, generate the result.
In one embodiment, more described first hashed value and described second hashed value, generate the result, comprising:
Judge that whether described first hashed value is consistent with described second hashed value, if unanimously, signature verification success; If inconsistent, signature verification failure.
To achieve these goals, the invention provides a kind of electronic record demo plant, described electronic record demo plant comprises:
E-file generation unit, for receiving the file that user submits to, forms e-file;
Electronic record generation unit, for described e-file is added a cover electronics shelves chapter, generates electronic record;
Hash value generation unit, for doing Hash summary to described electronic record, generates the first hashed value;
Signature unit, for signing to described first hashed value with local private key, generates digital signature;
First ciphertext generation unit, for described electronic record and described digital signature are carried out symmetric cryptography, generates the first ciphertext;
Second ciphertext production unit, for utilizing the symmetric cryptographic key of receiving terminal PKI to described first ciphertext to carry out asymmetric encryption, generating the second ciphertext, and the first described ciphertext and the second ciphertext is sent to described receiving terminal;
Decryption verification unit, for being decrypted the first described ciphertext and the second ciphertext and certifying signature operation.
In one embodiment, described decryption verification unit comprises:
First deciphering module, for being decrypted operation with own private key to the second described ciphertext, generates symmetric key;
Second deciphering module, for utilizing described symmetric key, is decrypted described first ciphertext, generates the digital signature after the electronic record after deciphering and deciphering;
Signature verification module, for signing by described transmitting terminal public key verifications.
In one embodiment, described signature verification module comprises:
Second hashed value generation module, for utilizing the digital signature after deciphering described in the public key decryptions of described transmitting terminal, generates the second hashed value;
Comparison module, for more described first hashed value and described second hashed value, generates the result.
In one embodiment, described comparison module specifically for:
Judge that whether described first hashed value is consistent with described second hashed value, if unanimously, signature verification success; If inconsistent, signature verification failure.
The beneficial effect of the embodiment of the present invention is, the present invention shows with the form of visual electronics shelves chapter, by digital signature, achieve the anti-counterfeiting of electronic record, anti-tamper and anti-repudiation, achieve electronic record acquisition and be worth with the core voucher of traditionally on paper archives same purpose.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
In order to solve problems of the prior art, the invention provides a kind of electronic record verification method, based on hash Hash and digital signature technology, achieving the anti-counterfeiting of electronic record, anti-tamper and anti-repudiation.This electronic record verification method defines electronics shelves chapter system, it has practical operation and is worth, instead of the forward position staying in framework and design philosophy aspect is explored, thus on security system realizes, the authenticity of electronic record, integrality, availability and fail safe are ensured, make electronic record obtain the voucher same with archives of paper quality to be worth, achieve the electronic record with actual application value.
The Hybrid Encryption Protocol that the present invention adopts elliptic curve cryptosystem (ECC) to combine with Advanced Encryption Standard (AES).There is more succinct accurate mathematical algorithm AES inside, ECC is a kind of password [2] that in current known public-key cryptosystem, every bit encryption intensity is the highest, the fail safe of 160 bit ECC is equivalent to 1024 bit RSA, 256 bit ECC are then far beyond 2048 bit RSA, suitable with the fail safe of 128 bit A ES.
The design framework of electronics shelves chapter system as shown in Figure 1, the network system, based on hardware device and systems soft ware, facility supports, shelves chapter key disk is provided to manage, shelves chapter makes management, shelves chapter log audit, the data management of shelves chapter and digital certificate authentication service, support Word, Excel document, WPS, the domestic document of Yongzhong, PDF, GDF layout files, CAD drawing file, TIF fax paper, Web list, copy editor's softwares such as Form forms, based on electronic record application system, shelves chapter is provided to fill in, shelves chapter is added a cover, digital signature, document priority assignation, network encryption transmits, the signature verification of shelves chapter, two-dimensional bar code, the functions such as secure print.
The authentication service of electronics shelves chapter system adopts J2EE framework, supports cross-platformly to be in charge of whole Electronic Seal System, seal application, making, deletion, log recording etc.
Electronics shelves chapter system supports the various document formats such as Word, Excel, WPS, Web list, PDF, meets various application system demand.
Platform construction based on electronics shelves chapter system, the application meeting all kinds of archival operation (archives accession, archives storage, file administration and File use) and electronics shelves chapter combines.
The safe practices such as electronics shelves Zhang Caiyong digital signature, data encryption, two-dimensional bar code, technical finesse is carried out to filed e-file, obtain the antifalsification of information resources, can not tamper and non repudiation, thus the authenticity of guarantee information resource, integrality and security availability, achieve " electronic record " of real meaning.Digital signature and the metadata information of electronic record is contained in two-dimensional bar code, the signing messages of archives of paper quality can be verified by two-dimensional bar code, ensure the authenticity of archives of paper quality, integrality and security availability, support barcode scanning inquiry and the management of archives of paper quality, for the management and use of archives of paper quality are provided convenience simultaneously.
As shown in Figure 2, the embodiment of the present invention provides a kind of electronic record verification method, and described electronic record verification method comprises:
S201: transmitting terminal receives the file that user submits to, forms e-file;
S202: described e-file is added a cover electronics shelves chapter by described transmitting terminal, generates electronic record;
S203: described transmitting terminal does Hash summary to described electronic record, generates the first hashed value;
S204: the local private key of described transmitting terminal is signed to described first hashed value, generates digital signature;
S205: described electronic record and described digital signature are carried out symmetric cryptography by described transmitting terminal, generate the first ciphertext;
S206: described transmitting terminal utilizes the symmetric cryptographic key of receiving terminal PKI to described first ciphertext to carry out asymmetric encryption, generates the second ciphertext, and the first described ciphertext and the second ciphertext are sent to described receiving terminal;
S207: described receiving terminal is decrypted the first described ciphertext and the second ciphertext and certifying signature operation.
Known by above-mentioned flow process, first formation e-file is added a cover electronics shelves Zhang Shengcheng electronic record by the present invention, does Hash summary, generate the first hashed value to electronic record; With transmitting terminal private key, the first hashed value is signed, generate digital signature.Then electronic record and digital signature are carried out symmetric cryptography, generate the first ciphertext; Utilize the symmetric cryptographic key of receiving terminal PKI to described first ciphertext to carry out asymmetric encryption, generate the second ciphertext, and the first described ciphertext and the second ciphertext are sent to described receiving terminal; Finally, the first described ciphertext and the second ciphertext are decrypted and certifying signature operation.By above-mentioned flow process, the present invention can show with the form of visual electronics shelves chapter, by digital signature, achieves the anti-counterfeiting of electronic record, anti-tamper and anti-repudiation.
Before S201 specifically implements, need to carry out filling in of shelves chapter, add a cover as electronics shelves chapter, the basis of digital signature, the function such as checking and two-dimensional bar code.Shelves chapter fill in process schematic as shown in Figure 3, electronics shelves chapter is while filling in, the archive information filled in can synchronously be presented on shelves chapter picture (7 in Fig. 3,2014, permanent, 8,23,1, office), the color of size, font size and the shelves chapter that can adjust shelves chapter is set by shelves chapter, shelves chapter confirm fill in errorless after, stamped signature button is added a cover in click, shelves chapter can finally generate, and add a cover on current document, the electronics shelves chapter after adding a cover is as shown in Figure 4.
Electronic record verification method of the present invention, the encryption system adopting digital signature and digital envelope to combine, comprises Hash computing, signature that ECC makes a summary to official document, ECC is to the encryption of AES key and AES encryption.
In the flow process of Fig. 2, transmitting terminal (transmit leg) and receiving terminal (recipient) are unfixed, need to transfer object according to electronic record and determine.Such as, transfer to Beijing municipal archive if archives are archive offices of the State Scientific and Technological Commission, this time, transmit leg was archive office of the State Scientific and Technological Commission, and recipient is archives, Beijing, and the two is all manager.If electronic record is sent to storage area by office of the State Scientific and Technological Commission, at this time transmit leg is State Scientific and Technological Commission official archives personnel, and recipient is storage area administrative staff.
The file that user is submitted to transmitting terminal is paper, when S201 specifically implements, after transmitting terminal receives the file of user's submission, needs to generate e-file.
S201 to S206 be electronics shelves chapter add a cover flow process, shown in composition graphs 5, the e-file in Fig. 5 is added a cover electronics shelves chapter by transmitting terminal, defines electronic record.Then be Hash summary (namely passing through hashing algorithm) to electronic record, generate the first hashed value, the first hashed value is also called digest value.For the first hashed value, transmitting terminal needs to sign to it with local private key, generates digital signature.
After forming digital signature, the electronic record obtained in S202 is carried out symmetric cryptography with this digital signature by transmitting terminal, generates the first ciphertext.
Then and send to receiving terminal to carry out certifying signature the first ciphertext and the second ciphertext for the symmetric cryptographic key of the first ciphertext, transmitting terminal needs to utilize receiving terminal PKI to carry out asymmetric encryption to it, generates the second ciphertext.
S207 is the signature verification flow process of electronics shelves chapter, shown in composition graphs 6, when S207 specifically implements, comprising:
Receiving terminal own private key is decrypted operation to the second ciphertext received from transmitting terminal, generates symmetric key, utilizes this symmetric key, be decrypted the first ciphertext received from transmitting terminal, generates the digital signature after the electronic record after deciphering and deciphering.Finally, receiving terminal utilizes this digital signature of transmitting terminal public key verifications.
In one embodiment, utilize transmitting terminal public key verifications to sign, comprising: receiving terminal utilizes the digital signature after the public key decryptions deciphering of transmitting terminal, generates the second hashed value; Relatively the first hashed value and described second hashed value, generates the result.Particularly, need to judge that whether the first hashed value is consistent with described second hashed value, if unanimously, signature verification success; If inconsistent, signature verification failure.
In ciphering process, the Hybrid Encryption Protocol adopting elliptic curve cryptosystem (ECC) PKI to combine with Advanced Encryption Standard (AES) symmetric cryptography, is not intended to limit the present invention.In sealing system popular in the market, symmetric cryptography many employings DES, 3DES scheduling algorithm.There is more succinct accurate mathematical algorithm AES inside, and enciphered data only need once be passed through.In addition AES is through the encryption standard of many wheel demonstrations and tight test, is highly resistant to known various attack method, safe and reliable and realize simple.And choosing at public key encryption algorithm, current all kinds of sealing systems all realize based on RSA or DSA signature system.
Electronics shelves chapter system of the present invention is used for authentication in trans-departmental electronic document transmission, confidentiality, anti-tamper, and according to the demand analysis to system, the major function that realize is as follows:
1) electronics shelves chapter is added a cover;
2) Internet Transmission (ciphering process comprise make Hash summary, digital signature, symmetric cryptography etc.);
3) electronics shelves chapter checking (proof procedure comprises deciphering official document, checking official document identity of the sender etc.);
4) electronics shelves chapter makes.
Electronics shelves chapter system implementation pattern of the present invention is under Microsoft windows platform, for Office office software (mainly for Word), adopts COM thought to realize.Add a cover at electronics shelves chapter, the checking of Internet Transmission, shelves chapter, shelves chapter make in module, achieve that shelves chapter makes, adds a cover shelves chapter, amendment shelves chapter, cancels shelves chapter, password opened by document, document locking, confirm shelves chapter, Internet Transmission, checking shelves chapter, borrow the function such as chapter, secure print.
The present invention, with the performance of the form of visual electronics shelves chapter, by digital signature, achieves the anti-counterfeiting of electronic record, anti-tamper and anti-repudiation, achieves electronic record acquisition and is worth with the core voucher of traditionally on paper archives same purpose.
As shown in Figure 7, the invention provides a kind of electronic record demo plant, described electronic record demo plant comprises: e-file generation unit 701, electronic record generation unit 702, hash value generation unit 703, signature unit 704, the first ciphertext generation unit 705, second ciphertext production unit 706 and decryption verification unit 707.
The file that e-file generation unit 701 is submitted to for receiving user, forms e-file.
Electronic record generation unit 702, for described e-file is added a cover electronics shelves chapter, generates electronic record.
Hash value generation unit 703, for doing Hash summary to described electronic record, generates the first hashed value.
Signature unit 704, for signing to described first hashed value with local private key, generates digital signature.
First ciphertext generation unit 705, for described electronic record and described digital signature are carried out symmetric cryptography, generates the first ciphertext.
Second ciphertext production unit 706 carries out asymmetric encryption for utilizing the symmetric cryptographic key of receiving terminal PKI to described first ciphertext, generates the second ciphertext, and the first described ciphertext and the second ciphertext are sent to described receiving terminal.
Decryption verification unit 707 is for being decrypted the first described ciphertext and the second ciphertext and certifying signature operation.
As shown in Figure 8, in one embodiment, decryption verification unit 707 comprises: the first deciphering module 801, second deciphering module 802 and signature verification module 803.
First deciphering module 801, for being decrypted operation with own private key to the second described ciphertext, generates symmetric key.
Second deciphering module 802, for utilizing described symmetric key, is decrypted described first ciphertext, generates the digital signature after the electronic record after deciphering and deciphering.
Signature verification module 803 is for signing by described transmitting terminal public key verifications.
As shown in Figure 9, in one embodiment, signature verification module 803 comprises: the second hashed value generation module 901 and comparison module 902.
Second hashed value generation module 901, for utilizing the digital signature after deciphering described in the public key decryptions of described transmitting terminal, generates the second hashed value.Comparison module 902, for comparing the first hashed value and described second hashed value, generates the result.Comparison module 902 needs to judge that whether the first hashed value is consistent with described second hashed value particularly, if unanimously, and signature verification success; If inconsistent, signature verification failure.
The present invention, with the performance of the form of visual electronics shelves chapter, by digital signature, achieves the anti-counterfeiting of electronic record, anti-tamper and anti-repudiation, achieves electronic record acquisition and is worth with the core voucher of traditionally on paper archives same purpose.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code.
The present invention describes with reference to according to the flow chart of the method for the embodiment of the present invention, equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computer or other programmable data processing device produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
Apply specific embodiment in the present invention to set forth principle of the present invention and execution mode, the explanation of above embodiment just understands method of the present invention and core concept thereof for helping; Meanwhile, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.