CN106713336A - Electronic data safekeeping system and method based on double and asymmetric encryption technology - Google Patents

Electronic data safekeeping system and method based on double and asymmetric encryption technology Download PDF

Info

Publication number
CN106713336A
CN106713336A CN201710000940.4A CN201710000940A CN106713336A CN 106713336 A CN106713336 A CN 106713336A CN 201710000940 A CN201710000940 A CN 201710000940A CN 106713336 A CN106713336 A CN 106713336A
Authority
CN
China
Prior art keywords
electronic data
party
data
certifying authority
double
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710000940.4A
Other languages
Chinese (zh)
Other versions
CN106713336B (en
Inventor
陈艳
赵福林
纪怡忻
李佩茜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Legal notary cloud (Xiamen) Technology Co., Ltd.
Original Assignee
Xiamen Faxin Notary Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Faxin Notary Cloud Technology Co Ltd filed Critical Xiamen Faxin Notary Cloud Technology Co Ltd
Priority to CN201710000940.4A priority Critical patent/CN106713336B/en
Publication of CN106713336A publication Critical patent/CN106713336A/en
Application granted granted Critical
Publication of CN106713336B publication Critical patent/CN106713336B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an electronic data safekeeping system and method based on the double and asymmetric encryption technology. The system has the advantages that all electronic data submitted by a party involved is stored in a server of a certifying institution, and the certification institution participates throughout encryption and decryption processes for the electronic data, so that tampering of the data during storage can be prevented; the electronic data submitted by the party involved is fixed through verification of an MD5 value and a timestamp, so that completeness of the original data can be ensured, and tampering of the original data can be prevented; and through the double and asymmetric key encryption technology, when the party involved applies for a certification, the party involved and the certifying institution need to successively carry out double decryption of the encrypted original data through private keys, the original data needs to be obtained, and the MD5 value and the timestamp need to be verified, so that the data can be prevented from being tampered or denied, the completeness and confidentiality of the data can be ensured, and the rights and interests of the certifying institution and the party involved can be guaranteed.

Description

Electronic data safeguard system and method based on double, asymmetrical encryption technology
Technical field
The present invention relates to field of information security technology, more particularly to a kind of electron number based on double, asymmetrical encryption technology According to safeguard system and method.
Background technology
With the fast development of computer technology and computer network, it is each that the application of computer network has penetrated into each row Industry, also brings opportunity and new challenge to related certifying authority.By internet platform, traditional certifying authority has been changed Means, methods and procedures, but it on juristic fact, juristic act proof power property do not change, be tradition Prove extension campaign of the power in network field.And the electronic data for being proved also is no longer limited to traditional papery number According to electronic data information extends traditional data intension.In internet Technology Times, it is related to network Press Reputation Tort, knowledge to produce Power and the correlation dispute such as network prize drawing, shopping at network are increasing, form the electronic data of magnanimity, virtual because of network world Property, electronic data content such as can arbitrarily distort at the characteristic, this just electronic data is fixed and the security taken care of propose it is higher It is required that.Current existing symmetric cryptosystem electronic data keeping method, has that key is easily revealed, electronic data is easily distorted Problem, cause evidential effect low, it is impossible to obtain the administration of justice accreditation.
Chinese invention patent application number CN103078841A discloses the method and be that a kind of preventative electronic data saves from damage System.Method and step is as follows:1)Encryption uploading step:Client data uploads to service end, service end after being encrypted as the first ciphertext First ciphertext is preserved to user library;Service end to user library in the first ciphertext be encrypted as after the second ciphertext, preserve extremely The notarization storehouse of service end;Service end to user library in the first ciphertext generate the first check code, preserve to the verification storehouse of service end; 2)Download decryption step:The second ciphertext in client downloads notarization storehouse, obtains the 3rd ciphertext, and the 3rd ciphertext is given birth to after decryption Into the second check code, if the second check code is with the first check code verified in storehouse, and the match is successful, the 3rd ciphertext and first is represented Ciphertext is identical, then the 3rd ciphertext is decrypted, and obtains data clear text.
But uplink time information of the above-mentioned technical proposal before encryption not to initial data is fixed, it is impossible to verify The authenticity of initial data uplink time;Next to that carry out symmetric cryptography using data key, the confidentiality of data exists hidden Suffer from;Its decryption flow is to match whether ciphertext unanimously judges whether data are tampered by check code in addition, there is ciphertext one Cause but the inconsistent risk of former data;The order finally decrypted is that certifying authority is decrypted prior to party to electronic data, This there is the risk that electronic data is distorted by party.
Chinese invention patent application number CN1567288A discloses a kind of file multi-enciphering while sealing/opening method up for safekeeping. The method is when being encrypted to file, takes the rivest, shamir, adelman to carry out nested partitions method using the public key of multi-party participant, The function that realization is sealed up for safekeeping file.When this document needs Kaifeng, each participant must show up simultaneously, and provide each Decrypted successively from private key.
But temporal information of the above-mentioned technical proposal also not to original document is fixed, it is impossible to verify the files passe time Authenticity;The program does not describe sequencing of the participant in encryption and decryption processes, is not specifically described file and deposits It is placed on which side server.
Chinese invention patent application number CN102609658A discloses a kind of electronic evidence fixing device, method and system. User uploads electronic evidence information, and system carries out data integrity protection to electronic evidence information, generates the numeral of electronic data Summary, while carrying out data encryption treatment to electronic evidence original text, the electronics processed by digital digest and by data encryption is demonstrate,proved According to storage.System sends digital digest to long-range national standard time server, and time certification is carried out to digital digest, raw Pushed into time certification certificate and to user.Selected according to user, to needing the open electronic evidence information for proving to carry out disclosure Justification function.
But certifying authority is not engaged in encryption and the decryption flow of electronic evidence in above-mentioned technical proposal, while electronic evidence It is to be stored in third-party server, it is impossible to ensure that electronic evidence is tampered during encryption and decryption, cannot also ensures card After proof is disclosed its electronic evidence, whether electronic evidence is tampered for bright mechanism.
Chinese invention patent application number CN104580239A discloses voice evidence service system.The invention is by client The call voice content of end record user, the recording file that will be formed is stored in system server, it was demonstrated that mechanism is from system service Device obtains recording file.Verify whether voice document is tampered with by the comparison of check code, if client, server of the system It is consistent with the check code that legal certifying authority service end is generated respectively, then in the whole transmission of explanation and storing process, voice document Do not changed.
But certifying authority is the recording file obtained from third-party platform in above-mentioned technical proposal, it is impossible to ensure recording file It was not tampered with third-party platform, and certifying authority is after proof is disclosed recording file, it is impossible to ensure open card Recording file after bright is not tampered with.
The content of the invention
A kind of electronic data safeguard system and method based on double, asymmetrical encryption technology are the embodiment of the invention provides, Being used to solve certifying authority in the prior art cannot ensure that the electronic data obtained from third-party platform is not tampered with and to electronics Data are disclosed after proof, it is impossible to ensure the problem that the electronic data after open proof is not tampered with.
The embodiment of the invention provides a kind of electronic data safeguard system based on double, asymmetrical encryption technology, including card Bright mechanism's verification server, certifying authority time server and data custodial services device;
The certifying authority verifies server, the electronic data for receiving party's submission, the electronic data that verification is received, In real time from the certifying authority time server acquisition request timestamp, the calculating electronic data is combined with the timestamp MD5 values, are fixed to the electronic data, and by the electronic data after fixation and its timestamp real-time Transmission to described Data storing server;
The certifying authority time server, for being synchronized with external reference clock, and takes for the certifying authority is verified Business device provides time-stamping service, it is ensured that the reliability of the system time;
Be previously stored with the data storing server ca authentication system for certifying authority provide for data encrypting and deciphering First key pair and the digital certificate ukey for authentication provided for party and for data encrypting and deciphering second close Key pair;The data storing server, for receiving the electronic data after the fixation, and using in first secret key pair Certifying authority public key carries out the first heavy asymmetric encryption to the electronic data after the fixation, using in second secret key pair Party's public key to carrying out double, asymmetrical encryption by the electronic data after the fixation of certifying authority public key encryption, with And provide original electron data storing voucher to party.
Further, the data storing server, is additionally operable to receive party and comes to testify apply, and utilization described second is secret Certifying authority private key in party's private key and the first secret key pair of key centering by double, asymmetrical successively respectively to encrypting Electronic data after the fixation carries out double descrambling, and the electronic data after being fixed simultaneously verifies MD5 values and timestamp, verification Prompting party goes to specified certifying authority to provide a certificate document after errorless.
Further, the electronic data that the party that the certifying authority verification server is received submits to is in party After passing through using the digital certificate ukey authentications, mobile terminal or page end institute are passed through using ssl protocol by party Submit to.
Further, the certifying authority time server carries out time synchronized by Network Time Protocol and external reference clock, Time is accurate to millisecond.
Further, the embodiment of the present invention additionally provides a kind of electronic data keeping based on double, asymmetrical encryption technology Method, including:
Certifying authority verification server receives the electronic data that party submits to, and verifies the electronic data for receiving;
In real time from certifying authority time server acquisition request timestamp, the calculating electronic data is combined with the timestamp MD5 values, are fixed to the electronic data;
By the electronic data after fixation and its timestamp real-time Transmission to the data storing server.
Further, the electronic data that the party that the certifying authority verification server is received submits to is in party After passing through using the digital certificate ukey authentications, mobile terminal or page end institute are passed through using ssl protocol by party Submit to.
Further, the embodiment of the present invention additionally provides a kind of electronic data keeping based on double, asymmetrical encryption technology Method, including:
Certifying authority time server is synchronized with external reference clock, and for certifying authority verification server provides timestamp Service, it is ensured that the reliability of the system time.
Further, the certifying authority time server carries out time synchronized by Network Time Protocol and external reference clock, Time is accurate to millisecond.
Further, the embodiment of the present invention additionally provides a kind of electronic data keeping based on double, asymmetrical encryption technology Method, including:
Be previously stored with data storing server ca authentication system for certifying authority provide for the first of data encrypting and deciphering Key pair and the digital certificate ukey for authentication and the second key for data encrypting and deciphering for party's granting It is right;
Data storing server receives the electronic data after verified mechanism's verification server is fixed, and utilizes first key The certifying authority public key of centering carries out the first heavy asymmetric encryption to the electronic data after the fixation, using second key Party's public key of centering by the electronic data after the fixation of certifying authority public key encryption to carrying out double, asymmetrical Encryption, and provide original electron data storing voucher to party.
Further, methods described also includes:
Data storing server receives party and comes to testify apply, and the party's private key and first in utilization second secret key pair Certifying authority private key in secret key pair by the electronic data after the fixation that double, asymmetrical is encrypted successively respectively to carrying out Double descrambling, electronic data after being fixed simultaneously verifies MD5 values and timestamp, verify it is errorless after prompting party go to it is specified Certifying authority is provided a certificate document.
The present invention has the beneficial effect that:
A kind of electronic data safeguard system and method based on double, asymmetrical encryption technology are the embodiment of the invention provides, at this In system, the electronic data that party submits to is all stored in certifying authority server, it was demonstrated that mechanism participates in the overall process electronic data Encryption and decryption flow, it is ensured that data are not tampered with during storage;The electronic data that party submits to is by verification MD5 values and timestamp are fixed, it is ensured that the integrality of initial data and can not tamper;Skill is encrypted using double, asymmetrical key Art, when party's application is come to testify, it is necessary to which party and certifying authority are carried out double using the initial data of private key pair encryption successively Decrypt again, obtain initial data and verify MD5 values and timestamp, it is ensured that data can not tamper, non repudiation, complete Property and confidentiality, have ensured the rights and interests of certifying authority and party.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be to that will make needed for embodiment description Accompanying drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill in field, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings Accompanying drawing.
Fig. 1 show the electronic data safeguard system based on double, asymmetrical encryption technology described in the embodiment of the present invention one Structural representation;
Fig. 2 show the application of the electronic data safeguard system based on double, asymmetrical encryption technology described in inventive embodiments one Schematic flow sheet;
Fig. 3 show the flow chart of ca authentication system granting digital certificate and secret key pair in inventive embodiments one.
Specific embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing the present invention is made into One step ground is described in detail, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole implementation Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made All other embodiment, belongs to the scope of protection of the invention.
Embodiment one:
The embodiment of the present invention one provides a kind of electronic data safeguard system based on double, asymmetrical encryption technology, such as Fig. 1 institutes Show, it is the structural representation of the electronic data safeguard system based on double, asymmetrical encryption technology described in the embodiment of the present invention one Figure, including certifying authority verification server 11, certifying authority time server 12 and data custodial services device 13;
The certifying authority verifies server 11, can be used to receive the electronic data that party submits to, and verify the electricity for receiving Subdata, in real time from the acquisition request timestamp of the certifying authority time server 12, calculate the electronic data with it is described when Between stab joint MD5 values, the electronic data is fixed, with ensure party submission electronic data be not tampered with, And by the electronic data after fixation and its timestamp real-time Transmission to the data storing server 13;
The certifying authority time server 12, can be used to be synchronized with external reference clock, and be the certifying authority school Test server 11 and time-stamping service is provided, it is ensured that the reliability of the system time;
Be previously stored with the data storing server 13 ca authentication system for certifying authority provide for data encrypting and deciphering First key pair and for party provide for the digital certificate ukey of authentication and for data encrypting and deciphering second Key pair;The data storing server 13, can be used to receive the electronic data after the fixation, and utilize first key The certifying authority public key of centering carries out the first heavy asymmetric encryption to the electronic data after the fixation, using second key Party's public key of centering by the electronic data after the fixation of certifying authority public key encryption to carrying out double, asymmetrical Encryption, and provide original electron data storing voucher to party.
It should be noted that ca authentication system is the digital certificate ukey for authentication of party's granting, is used for The first key pair of data encrypting and deciphering and the second key pair for data encrypting and deciphering for certifying authority granting, are by ca authentication What system Zhong KMC centers provided, and provide to related services such as backup, filing, recovery, the renewals of these keys pair, with guarantor The need for card can meet authentication center and judicial evidence collection, the embodiment of the present invention is not repeated this.
Further, the data storing server 13, it may also be used for receive party and come to testify apply, and utilization described the Certifying authority private key in party's private key and the first secret key pair of two key centerings by double, asymmetrical successively respectively to adding Electronic data after the close fixation carries out double descrambling, and the electronic data after being fixed simultaneously verifies MD5 values and timestamp, Prompting party goes to specified certifying authority to provide a certificate document after verification is errorless.
Further, the electronic data that the party that the certifying authority verification server is received submits to is in party After passing through using the digital certificate ukey authentications, mobile terminal or page end institute are passed through using ssl protocol by party Submit to.
Specifically, party logs in certifying authority system, logical using ssl protocol after being passed through using ukey authentications Cross mobile terminal or page end submits electronic data to certifying authority server to.
Further, the certifying authority time server carries out time synchronized by Network Time Protocol and external reference clock, Time is accurate to millisecond.
The following detailed description of the electronic data safeguard system based on double, asymmetrical encryption technology of the present invention once Application flow, as shown in Fig. 2 idiographic flow is as follows:
It should be noted that before the concrete application flow of electronic data safeguard system of the present invention is performed, the data Be previously stored with custodial services device first key pair for data encrypting and deciphering that ca authentication system provided for certifying authority and The digital certificate ukey for authentication provided for party and the second key pair for data encrypting and deciphering, wherein, the Certifying authority public key in party's public key and the second secret key pair of one key centering is stored in data storing server;
Step 201:After party is passed through using ukey authentications, carried by mobile terminal or page end using ssl protocol Alternating current subdata verifies server to certifying authority;
Step 202:The electronic data that certifying authority verification server verification is received, in real time from the certifying authority Time Service Device acquisition request timestamp, the calculating electronic data combines MD5 values with the timestamp, and the electronic data is consolidated It is fixed, and by the electronic data after fixation and its timestamp real-time Transmission to the data storing server;
Wherein described timestamp, is that the certifying authority time server is synchronized with external reference clock, and for described Certifying authority verification server provides time-stamping service, it is ensured that the reliability of the system time;
Step 203:Data storing server receives the electronic data after the fixation, and using the card in first secret key pair Bright authority public key carries out the first heavy asymmetric encryption to the electronic data after the fixation;
Step 204:Party's public key in second secret key pair described in data storing server by utilizing is to public by certifying authority Electronic data after the fixation of key encryption carries out double, asymmetrical encryption, and provides original electron data guarantor to party Pipe voucher;
Step 205:If party wants to check the electronic data that oneself is submitted to, it is possible to use private key decryption obtains the electron number for replicating According to;
Step 206:Party's application is when coming to testify, and data storing server receives party and comes to testify apply, and utilization described second The certifying authority private key in party's private key and the first secret key pair in secret key pair by double, asymmetrical successively respectively to encrypting The fixation after electronic data carry out double descrambling, the electronic data after being fixed simultaneously verifies MD5 values and timestamp, school Test it is errorless after prompting party go to specified certifying authority to provide a certificate document.
Further, as shown in figure 3, providing the flow chart of digital certificate and secret key pair, all grantings for ca authentication system The step of digital certificate and key pair is as follows:
Step 301:Party carries out real name registration in the system of certifying authority;
Step 302:After succeeding in registration, party's proof by selection mechanism is its transacting business;
Step 303:Business personnel audits to the information of party, if examination & verification does not pass through, flow terminates;
Step 304:Business personnel passes through to the signal auditing of party, and ca authentication system is recognizing for identity for party's granting The digital certificate ukey of card, the second key pair for data encrypting and deciphering and for certifying authority provide for data encrypting and deciphering First key pair, wherein, the certifying authority public key in party's public key and the first secret key pair in the second secret key pair is stored in number According to custodial services device end.
Party's application is when coming to testify, and data storing server receives party and comes to testify apply, and utilization second key Certifying authority private key in party's private key and the first secret key pair of centering institute successively respectively to being encrypted by double, asymmetrical Stating the electronic data after fixing carries out double descrambling,
The embodiment of the present invention one provides a kind of electronic data safeguard system based on double, asymmetrical encryption technology, in the system In, the electronic data that party submits to is all stored in certifying authority server, it was demonstrated that mechanism participates in the overall process the encryption of electronic data With decryption flow, it is ensured that data are not tampered with during storage;The electronic data that party submits to is by verifying MD5 values Fixed with timestamp, it is ensured that the integrality of initial data and can not tamper;Using double, asymmetrical key encryption technology, when When thing people application is come to testify, it is necessary to which party and certifying authority carry out dual solution using the initial data of private key pair encryption successively It is close, obtain initial data and verify MD5 values and timestamp, it is ensured that data can not tamper, non repudiation, integrality and Confidentiality, has ensured the rights and interests of certifying authority and party.
Embodiment two
Based on the identical inventive concept of the embodiment of the present invention one, the embodiment of the present invention two provides and a kind of is based on double, asymmetrical The electronic data keeping method of encryption technology, methods described is applied to described in above-described embodiment one based on double, asymmetrical encryption The electronic data safeguard system of technology, the specific implementation of the method can be found in the associated description in said system embodiment one, weight Multiple part is repeated no more, and the method mainly may include:
Step A1:Certifying authority verification server receives the electronic data that party submits to, and verifies the electronic data for receiving;
Step A2:In real time from certifying authority time server acquisition request timestamp, the electronic data and the time are calculated The joint MD5 values of stamp, are fixed to the electronic data;
Step A3:By the electronic data after fixation and its timestamp real-time Transmission to the data storing server.
Further, the electronic data that the party that the certifying authority verification server is received submits to is in party After passing through using the digital certificate ukey authentications, mobile terminal or page end institute are passed through using ssl protocol by party Submit to.
The embodiment of the present invention two provides a kind of electronic data keeping method based on double, asymmetrical encryption technology, at this In method, the electronic data that party submits to is all stored in certifying authority server, it was demonstrated that mechanism participates in the overall process electronic data Encryption and decryption flow, it is ensured that data are not tampered with during storage;The electronic data that party submits to is by verification MD5 values and timestamp are fixed, it is ensured that the integrality of initial data and can not tamper;Skill is encrypted using double, asymmetrical key Art, when party's application is come to testify, it is necessary to which party and certifying authority are carried out double using the initial data of private key pair encryption successively Decrypt again, obtain initial data and verify MD5 values and timestamp, it is ensured that data can not tamper, non repudiation, complete Property and confidentiality, have ensured the rights and interests of certifying authority and party.
Embodiment three
Based on the identical inventive concept of the embodiment of the present invention one, the embodiment of the present invention three provides and a kind of is based on double, asymmetrical The electronic data keeping method of encryption technology, methods described is applied to described in above-described embodiment one based on double, asymmetrical encryption The electronic data safeguard system of technology, the specific implementation of the method can be found in the associated description in said system embodiment one, weight Multiple part is repeated no more, and the method mainly may include:
Certifying authority time server is synchronized with external reference clock, and for certifying authority verification server provides timestamp Service, it is ensured that the reliability of the system time.
Further, the certifying authority time server carries out time synchronized by Network Time Protocol and external reference clock, Time is accurate to millisecond.
The embodiment of the present invention three provides a kind of electronic data keeping method based on double, asymmetrical encryption technology, at this In method, the electronic data that party submits to is all stored in certifying authority server, it was demonstrated that mechanism participates in the overall process electronic data Encryption and decryption flow, it is ensured that data are not tampered with during storage;The electronic data that party submits to is by verification MD5 values and timestamp are fixed, it is ensured that the integrality of initial data and can not tamper;Skill is encrypted using double, asymmetrical key Art, when party's application is come to testify, it is necessary to which party and certifying authority are carried out double using the initial data of private key pair encryption successively Decrypt again, obtain initial data and verify MD5 values and timestamp, it is ensured that data can not tamper, non repudiation, complete Property and confidentiality, have ensured the rights and interests of certifying authority and party.
Example IV
Based on the identical inventive concept of the embodiment of the present invention one, the embodiment of the present invention four provides and a kind of is based on double, asymmetrical The electronic data keeping method of encryption technology, methods described is applied to described in above-described embodiment one based on double, asymmetrical encryption The electronic data safeguard system of technology, the specific implementation of the method can be found in the associated description in said system embodiment one, weight Multiple part is repeated no more, and the method mainly may include:
Be previously stored with data storing server ca authentication system for certifying authority provide for the first of data encrypting and deciphering Key pair and the digital certificate ukey for authentication and the second key for data encrypting and deciphering for party's granting It is right;
Data storing server receives the electronic data after verified mechanism's verification server is fixed, and utilizes first key The certifying authority public key of centering carries out the first heavy asymmetric encryption to the electronic data after the fixation, using second key Party's public key of centering by the electronic data after the fixation of certifying authority public key encryption to carrying out double, asymmetrical Encryption, and provide original electron data storing voucher to party.
Further, methods described may also include:
Data storing server receives party and comes to testify apply, and the party's private key and first in utilization second secret key pair Certifying authority private key in secret key pair by the electronic data after the fixation that double, asymmetrical is encrypted successively respectively to carrying out Double descrambling, electronic data after being fixed simultaneously verifies MD5 values and timestamp, verify it is errorless after prompting party go to it is specified Certifying authority is provided a certificate document.
The embodiment of the present invention four provides a kind of electronic data keeping method based on double, asymmetrical encryption technology, at this In method, the electronic data that party submits to is all stored in certifying authority server, it was demonstrated that mechanism participates in the overall process electronic data Encryption and decryption flow, it is ensured that data are not tampered with during storage;The electronic data that party submits to is by verification MD5 values and timestamp are fixed, it is ensured that the integrality of initial data and can not tamper;Skill is encrypted using double, asymmetrical key Art, when party's application is come to testify, it is necessary to which party and certifying authority are carried out double using the initial data of private key pair encryption successively Decrypt again, obtain initial data and verify MD5 values and timestamp, it is ensured that data can not tamper, non repudiation, complete Property and confidentiality, have ensured the rights and interests of certifying authority and party.
It will be understood by those skilled in the art that embodiments of the invention can be provided as method, device(Equipment)Or computer journey Sequence product.Therefore, in terms of the present invention can be using complete hardware embodiment, complete software embodiment or combination software and hardware The form of embodiment.And, the present invention can be used and wherein include the calculating of computer usable program code at one or more Machine usable storage medium(Including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)The computer program of upper implementation The form of product.
The present invention is with reference to method according to embodiments of the present invention, device(Equipment)With the flow chart of computer program product And/or block diagram is described.It should be understood that each flow during flow chart and/or block diagram can be realized by computer program instructions And/or the combination of the flow and/or square frame in square frame and flow chart and/or block diagram.These computer programs can be provided to refer to The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is made to produce One machine so that produced for realizing by the instruction of computer or the computing device of other programmable data processing devices The device of the function of being specified in one flow of flow chart or multiple one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable data processing devices with spy In determining the computer-readable memory that mode works so that instruction of the storage in the computer-readable memory is produced and include finger Make the manufacture of device, the command device realize in one flow of flow chart or multiple one square frame of flow and/or block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented treatment, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
, but those skilled in the art once know basic creation although preferred embodiments of the present invention have been described Property concept, then can make other change and modification to these embodiments.So, appended claims are intended to be construed to include excellent Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out various changes and modification without deviating from essence of the invention to the present invention God and scope.So, if these modifications of the invention and modification belong to the scope of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to comprising these changes and modification.

Claims (10)

1. the electronic data safeguard system of double, asymmetrical encryption technology is based on, it is characterised in that is verified including certifying authority and taken Business device, certifying authority time server and data custodial services device;
The certifying authority verifies server, the electronic data for receiving party's submission, the electronic data that verification is received, In real time from the certifying authority time server acquisition request timestamp, the calculating electronic data is combined with the timestamp MD5 values, are fixed to the electronic data, and by the electronic data after fixation and its timestamp real-time Transmission to described Data storing server;
The certifying authority time server, for being synchronized with external reference clock, and takes for the certifying authority is verified Business device provides time-stamping service, it is ensured that the reliability of the system time;
Be previously stored with the data storing server ca authentication system for certifying authority provide for data encrypting and deciphering First key pair and the digital certificate ukey for authentication provided for party and for data encrypting and deciphering second close Key pair;The data storing server, for receiving the electronic data after the fixation, and using in first secret key pair Certifying authority public key carries out the first heavy asymmetric encryption to the electronic data after the fixation, using in second secret key pair Party's public key to carrying out double, asymmetrical encryption by the electronic data after the fixation of certifying authority public key encryption, with And provide original electron data storing voucher to party.
2. the electronic data safeguard system of double, asymmetrical encryption technology is based on as claimed in claim 1, it is characterised in that institute Data storing server is stated, is additionally operable to receive party and is come to testify apply, and the party's private key in utilization second secret key pair With the certifying authority private key in the first secret key pair successively respectively to by the electron number after the fixation that double, asymmetrical is encrypted According to double descrambling is carried out, the electronic data after being fixed simultaneously verifies MD5 values and timestamp, before verifying errorless rear prompting party Provided a certificate document toward specified certifying authority.
3. the electronic data safeguard system of double, asymmetrical encryption technology is based on as claimed in claim 1, it is characterised in that institute The electronic data for stating party's submission that certifying authority verification server is received is to use the digital certificate in party After ukey authentications pass through, submitted to by mobile terminal or page end using ssl protocol by party.
4. the electronic data safeguard system of double, asymmetrical encryption technology is based on as claimed in claim 1, it is characterised in that institute State certifying authority time server carries out time synchronized by Network Time Protocol and external reference clock, and the time is accurate to millisecond.
5. a kind of electronic data keeping method based on double, asymmetrical encryption technology, methods described is applied to described in power 1 ~ power 4 Electronic data safeguard system based on double, asymmetrical encryption technology, it is characterised in that including:
Certifying authority verification server receives the electronic data that party submits to, and verifies the electronic data for receiving;
In real time from certifying authority time server acquisition request timestamp, the calculating electronic data is combined with the timestamp MD5 values, are fixed to the electronic data;
By the electronic data after fixation and its timestamp real-time Transmission to the data storing server.
6. the electronic data keeping method of double, asymmetrical encryption technology is based on as claimed in claim 5, it is characterised in that institute The electronic data for stating party's submission that certifying authority verification server is received is to use the digital certificate in party After ukey authentications pass through, submitted to by mobile terminal or page end using ssl protocol by party.
7. a kind of electronic data keeping method based on double, asymmetrical encryption technology, methods described is applied to described in power 1 ~ power 4 Electronic data safeguard system based on double, asymmetrical encryption technology, it is characterised in that including:
Certifying authority time server is synchronized with external reference clock, and for certifying authority verification server provides timestamp Service, it is ensured that the reliability of the system time.
8. the electronic data keeping method of double, asymmetrical encryption technology is based on as claimed in claim 7, it is characterised in that institute State certifying authority time server carries out time synchronized by Network Time Protocol and external reference clock, and the time is accurate to millisecond.
9. a kind of electronic data keeping method based on double, asymmetrical encryption technology, methods described is applied to described in power 1 ~ power 4 Electronic data safeguard system based on double, asymmetrical encryption technology, it is characterised in that including:
Be previously stored with data storing server ca authentication system for certifying authority provide for the first of data encrypting and deciphering Key pair and the digital certificate ukey for authentication and the second key for data encrypting and deciphering for party's granting It is right;
Data storing server receives the electronic data after verified mechanism's verification server is fixed, and utilizes first key The certifying authority public key of centering carries out the first heavy asymmetric encryption to the electronic data after the fixation, using second key Party's public key of centering by the electronic data after the fixation of certifying authority public key encryption to carrying out double, asymmetrical Encryption, and provide original electron data storing voucher to party.
10. the electronic data keeping method of double, asymmetrical encryption technology is based on as claimed in claim 9, it is characterised in that Methods described also includes:
Data storing server receives party and comes to testify apply, and the party's private key and first in utilization second secret key pair Certifying authority private key in secret key pair by the electronic data after the fixation that double, asymmetrical is encrypted successively respectively to carrying out Double descrambling, electronic data after being fixed simultaneously verifies MD5 values and timestamp, verify it is errorless after prompting party go to it is specified Certifying authority is provided a certificate document.
CN201710000940.4A 2017-01-03 2017-01-03 Electronic data safeguard system and method based on double, asymmetrical encryption technology Active CN106713336B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710000940.4A CN106713336B (en) 2017-01-03 2017-01-03 Electronic data safeguard system and method based on double, asymmetrical encryption technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710000940.4A CN106713336B (en) 2017-01-03 2017-01-03 Electronic data safeguard system and method based on double, asymmetrical encryption technology

Publications (2)

Publication Number Publication Date
CN106713336A true CN106713336A (en) 2017-05-24
CN106713336B CN106713336B (en) 2019-09-06

Family

ID=58906806

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710000940.4A Active CN106713336B (en) 2017-01-03 2017-01-03 Electronic data safeguard system and method based on double, asymmetrical encryption technology

Country Status (1)

Country Link
CN (1) CN106713336B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108089849A (en) * 2017-12-19 2018-05-29 国云科技股份有限公司 A kind of method for preventing cheating program from quickly submitting
CN108306899A (en) * 2018-05-03 2018-07-20 山东九州信泰信息科技股份有限公司 A kind of method that safe transmission is carried out to sensitive data in cloud service environment
CN108777601A (en) * 2018-08-06 2018-11-09 深圳信息职业技术学院 A kind of clock synchronizing method, device and the network equipment
CN109816344A (en) * 2019-01-10 2019-05-28 法信公证云(厦门)科技有限公司 A kind of cooperating forensic method and terminal
EP3544226A1 (en) * 2018-03-21 2019-09-25 Clover Network Inc. Unified secure device provisioning
CN111756738A (en) * 2020-06-24 2020-10-09 昆明东电科技有限公司 System framework for quickly constructing Web application, data processing method and system
CN112583772A (en) * 2019-09-30 2021-03-30 重庆傲雄在线信息技术有限公司 Data acquisition and storage platform
CN112613062A (en) * 2021-01-30 2021-04-06 山西瑞云微纳科技有限公司 Judicial-assisted case data encryption protection method
US11721181B2 (en) 2019-07-26 2023-08-08 Clover Network, Llc. Advanced hardware system for self service checkout kiosk

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1567288A (en) * 2003-09-02 2005-01-19 四川大学 Method for multiple encryption of file and simultaneous sealing/unsealing
CN102609658A (en) * 2012-02-15 2012-07-25 何晓行 Electronic evidence consolidating device, electronic evidence consolidating method and electronic evidence consolidating system
CN102916971A (en) * 2012-10-31 2013-02-06 重庆君盾科技有限公司 Electronic data curing system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1567288A (en) * 2003-09-02 2005-01-19 四川大学 Method for multiple encryption of file and simultaneous sealing/unsealing
CN102609658A (en) * 2012-02-15 2012-07-25 何晓行 Electronic evidence consolidating device, electronic evidence consolidating method and electronic evidence consolidating system
CN102916971A (en) * 2012-10-31 2013-02-06 重庆君盾科技有限公司 Electronic data curing system and method

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108089849B (en) * 2017-12-19 2021-04-27 国云科技股份有限公司 Method for preventing cheating program from being rapidly submitted
CN108089849A (en) * 2017-12-19 2018-05-29 国云科技股份有限公司 A kind of method for preventing cheating program from quickly submitting
EP3544226A1 (en) * 2018-03-21 2019-09-25 Clover Network Inc. Unified secure device provisioning
US11711205B2 (en) 2018-03-21 2023-07-25 Clover Network, Llc. Unified secure device provisioning
US10833849B2 (en) 2018-03-21 2020-11-10 Clover Network, Inc. Unified secure device provisioning
CN108306899A (en) * 2018-05-03 2018-07-20 山东九州信泰信息科技股份有限公司 A kind of method that safe transmission is carried out to sensitive data in cloud service environment
CN108306899B (en) * 2018-05-03 2019-04-23 山东九州信泰信息科技股份有限公司 A kind of method that safe transmission is carried out to sensitive data in cloud service environment
CN108777601A (en) * 2018-08-06 2018-11-09 深圳信息职业技术学院 A kind of clock synchronizing method, device and the network equipment
CN108777601B (en) * 2018-08-06 2020-01-17 深圳信息职业技术学院 Clock synchronization method, device and network equipment
CN109816344A (en) * 2019-01-10 2019-05-28 法信公证云(厦门)科技有限公司 A kind of cooperating forensic method and terminal
US11721181B2 (en) 2019-07-26 2023-08-08 Clover Network, Llc. Advanced hardware system for self service checkout kiosk
CN112583772A (en) * 2019-09-30 2021-03-30 重庆傲雄在线信息技术有限公司 Data acquisition and storage platform
CN112583772B (en) * 2019-09-30 2022-07-15 重庆傲雄在线信息技术有限公司 Data acquisition and storage platform
CN111756738A (en) * 2020-06-24 2020-10-09 昆明东电科技有限公司 System framework for quickly constructing Web application, data processing method and system
CN112613062A (en) * 2021-01-30 2021-04-06 山西瑞云微纳科技有限公司 Judicial-assisted case data encryption protection method
CN112613062B (en) * 2021-01-30 2024-02-09 山西瑞云微纳科技有限公司 Judicial auxiliary case data encryption protection method

Also Published As

Publication number Publication date
CN106713336B (en) 2019-09-06

Similar Documents

Publication Publication Date Title
CN106713336B (en) Electronic data safeguard system and method based on double, asymmetrical encryption technology
US11799668B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
CN107483212B (en) Method for generating digital signature by cooperation of two parties
CN108092982B (en) Data storage method and system based on alliance chain
CN112487778B (en) Multi-user online signing system and method
US8122255B2 (en) Methods and systems for digital authentication using digitally signed images
CN109614802B (en) Anti-quantum-computation signature method and signature system
CN109600228B (en) Anti-quantum-computation signature method and system based on public key pool
WO2018145127A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
CN109257180A (en) A kind of method and device for depositing card based on the intellectual property file of block chain
EP3481003B1 (en) An efficient certified email protocol
CN114697040B (en) Electronic signature method and system based on symmetric key
CN109560935B (en) Anti-quantum-computation signature method and signature system based on public asymmetric key pool
CN114692218A (en) Electronic signature method, equipment and system for individual user
CN109413116A (en) A kind of believable cloud identity identifying method and system
CN108924107A (en) A kind of block chain tele-medicine data call can verify that method
TWI526871B (en) Server, user device, and user device and server interaction method
CN114666032B (en) Block chain transaction data privacy protection method based on homomorphic encryption
CN109586918B (en) Anti-quantum-computation signature method and signature system based on symmetric key pool
Dowling et al. Continuous authentication in secure messaging
CN106027254A (en) Secret key use method for identity card reading terminal in identity card authentication system
CN114697038A (en) Quantum attack resistant electronic signature method and system
CN106027474A (en) Identity card reading terminal in identity card authentication system
Sangeetha et al. Development of novel blockchain technology for certificate management system using cognitive image steganography techniques
USRE49968E1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 4F-B1 361000 in Fujian Province, Xiamen torch hi tech Zone Software Park Alltronics floor C District

Patentee after: Legal notary cloud (Xiamen) Technology Co., Ltd.

Address before: 4F-B1 361000 in Fujian Province, Xiamen torch hi tech Zone Software Park Alltronics floor C District

Patentee before: XIAMEN FAXIN NOTARY CLOUD TECHNOLOGY CO., LTD.

CP01 Change in the name or title of a patent holder