CN113094725B - Encryption and decryption method and system for bidding documents opened remotely and intensively - Google Patents
Encryption and decryption method and system for bidding documents opened remotely and intensively Download PDFInfo
- Publication number
- CN113094725B CN113094725B CN202110355551.XA CN202110355551A CN113094725B CN 113094725 B CN113094725 B CN 113094725B CN 202110355551 A CN202110355551 A CN 202110355551A CN 113094725 B CN113094725 B CN 113094725B
- Authority
- CN
- China
- Prior art keywords
- bidding
- decryption
- encryption
- certificate
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The embodiment of the application discloses an encryption and decryption method and system for remote and centralized bidding documents. The method comprises the following steps: randomly generating M; adopting a private key signature M and a bidding document F in a supplier USBKEY to generate MS and FS; encrypting F by using M to generate F1; generating M1 and M2; the third party CA decryption service system decrypts M2 to obtain M1; the electronic bidding system completes decryption and signature verification of F1 according to M1, MS and FS. The application has the following advantages: (1) The problems of disputes and the like caused by different opening time due to easy operation difficulty in the encryption and decryption process are solved; (2) The problem of price leakage caused by the fact that the decryption process is completed by the party to which the platform belongs and the fact that the party to which the platform belongs decrypts the bidding document in advance is solved; (3) The encryption and decryption process is participated in multiple parties, so that the safety and the supervision of the remote label opening encryption and decryption process are enhanced; and (4) the remote signature decryption time is greatly shortened.
Description
Technical Field
The application relates to the technical field of bidding, in particular to an encryption and decryption method and system for bidding documents opened remotely and intensively.
Background
Electronic bidding is continually being conducted and applied since the implementation of the electronic bidding approach. Electronic bidding has been fully implemented by various government authorities and enterprises to date. The remote and centralized bidding becomes a trend of the electronic bidding industry.
At present, encryption and decryption of remote and centralized bidding documents mainly comprise two modes:
1. platform certificate finish encryption and decryption
And (5) encrypting and decrypting the bidding document by adopting a server certificate of the party to which the platform belongs.
Disadvantages: the whole decryption process only takes part in the part of the platform, and the risk of advanced decryption and no effective supervision exists when the platform is used as an athlete and a referee.
2. Platform certificate and supplier USBKEY certificate cooperate to complete encryption and decryption
When encrypting, the server certificate of the party to which the platform belongs firstly encrypts the bidding document, and the provider USBKEY certificate encrypts for the second time;
during decryption, the provider USBKEY certificate completes first decryption; the server certificate of the party to which the platform belongs completes the second decryption.
Disadvantages: suppliers need to participate in the decryption process, which increases the risk of excessively long decryption time and decryption failure.
Disclosure of Invention
Aiming at the technical defects, the embodiment of the application aims to provide an encryption and decryption method and system for bidding documents opened remotely and intensively.
In order to achieve the above objective, in a first aspect, an embodiment of the present application provides an encryption and decryption method for a bid file for remote and centralized bidding, which is applicable to a bid file encryption and decryption system, where the bid file encryption and decryption system includes a vendor bid client, an electronic bid system and a third party CA decryption service system.
The encryption and decryption method mainly comprises the following steps:
the provider bidding client randomly generates a symmetric key M, and acquires a bidding file F and an access provider USBKEY;
the vendor bidding client signs the symmetric key M and the bidding file F by adopting a private key in the vendor USBKEY to generate MS and FS; MS refers to information generated by the private key signature M of the provider certificate, and FS refers to information generated by the private key signature of the provider certificate and the bidding document;
the provider bidding client encrypts the bidding file F by using the symmetric key M to generate an encrypted file F1;
the vendor bid client generates M1 and M2; m1 refers to information generated by encrypting a symmetric key M by a public key of a certificate of a server side of the electronic bidding system, and M2 refers to information generated by encrypting the public key M1 by a certificate of a server side of a third party CA;
the third party CA decryption service system decrypts M2 to obtain M1;
the electronic bidding system completes decryption and signature verification of the encrypted file F1 according to M1, MS and FS.
As a specific embodiment of the application, the vendor bidding client generates M1 and M2, specifically:
encrypting the symmetric key M by using a public key of an electronic bidding system certificate to generate M1;
m1 is encrypted by using a public key of the third party CA server side certificate, and M2 is generated.
As a specific implementation mode of the application, the third party CA decryption service system decrypts M2 to obtain M1, which is specifically as follows:
and decrypting M2 by using the private key of the third party CA server side certificate to obtain M1.
As a specific implementation mode of the application, the electronic bidding system completes decryption and signature verification of the encrypted file F1 according to M1, MS and FS, and specifically comprises the following steps:
decrypting M1 by using a private key of the electronic bidding system certificate to obtain the symmetric key M;
signing the symmetric key M according to the MS;
decrypting the encrypted file F1 by using the symmetric key M to obtain the bidding file F;
and checking the bidding document F according to the FS.
In a second aspect, an embodiment of the present application provides an encryption and decryption system for remote and centralized bidding documents, including:
a CA certification authority for providing digital certificates;
the provider bidding client is used for signing and encrypting the bidding document F according to the digital certificate;
the vendor bid client is also configured to generate M1 and M2; m1 refers to information generated by encrypting a symmetric key M by a public key of a certificate of a server side of the electronic bidding system, and M2 refers to information generated by encrypting the public key M1 by a certificate of a server side of a third party CA;
the third party CA decryption service system is used for decrypting M2 to obtain M1;
the electronic bidding system is used for finishing decryption and signature verification of the encrypted file F1 according to M1 and FS; FS refers to information generated by signing the bidding document with the vendor certificate private key.
The embodiment of the application has the main advantages that:
(1) The problems of disputes and the like caused by different bid opening time due to uneven knowledge level of bidders on the password technology and easy operation difficulty in the encryption and decryption process are solved;
(2) The problem of price leakage caused by the fact that the decryption process is completed by the party to which the platform belongs and the fact that the party to which the platform belongs decrypts the bidding document in advance is solved;
(3) The encryption and decryption process is participated in multiple ways (a provider bidding client, an electronic bidding system and a third party CA decryption service system), so that the security and the supervision of the remote bidding encryption and decryption process are further enhanced;
(4) The remote label opening decryption time is greatly shortened, and the label opening time length can be shortened from 10-30 minutes to 1-3 minutes for 1 item, so that the label opening time length is improved by 10 times.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
FIG. 1 is a schematic flow chart of a method for encrypting and decrypting bid documents for remote and centralized bidding in accordance with an embodiment of the present application;
FIG. 2 is a schematic diagram of an encryption and decryption system for remote, centrally-opened bid documents in accordance with embodiments of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Referring to fig. 1, an embodiment of the present application provides an encryption and decryption method for remote and centralized bidding documents, which is suitable for a bidding document encryption and decryption system. As can be seen from FIG. 1, the bid document encryption and decryption system mainly comprises a supplier bid client, an electronic bidding system and a third party CA decryption service system.
In combination with the bid file encryption and decryption system, the encryption and decryption method of the embodiment of the application comprises the following steps:
(1) The vendor bidding client randomly generates a symmetric key M and obtains the bid file F and the access vendor USBKEY.
(2) The vendor bidding client signs M and bidding file F by using a private key in the vendor USBKEY to generate MS and FS; MS refers to information generated by the vendor certificate private key signature M, and FS refers to information generated by the vendor certificate private key signature bid file.
(3) The vendor bid client uses M to encrypt the bid file F, generating an encrypted file F1.
(4) The vendor bidding client encrypts M using the public key of the electronic bidding system certificate, generating M1.
(5) The vendor bidding client encrypts M1 by using a public key of a third party CA server side certificate to generate M2; m1 refers to information generated by encrypting a symmetric key M by a public key of a certificate of a server side of the electronic bidding system, and M2 refers to information generated by encrypting the public key M1 by a certificate of a server side of a third party CA.
(6) And the third-party CA decryption service system decrypts M2 by using the private key of the third-party CA server side certificate to obtain M1.
(7) The electronic bidding system decrypts M1 using the private key of the electronic bidding system certificate to obtain M.
(8) The electronic bidding system performs signature verification on M according to MS.
(9) The electronic bidding system decrypts the encrypted file F1 using M to obtain the bidding file F.
(10) The electronic bidding system performs signature verification on the bidding document F according to the FS; MS refers to information generated by the vendor certificate private key signature M, and FS refers to information generated by the vendor certificate private key signature bid file.
Based on the same inventive concept, please refer to fig. 2, the embodiment of the application provides an encryption and decryption system for remote and centralized bidding documents, which mainly comprises a CA certification authority, a vendor bidding client, a third-party CA decryption service system and an electronic bidding system.
Wherein the vendor bid client: for bidding suppliers, the digital certificate-based login authentication, digital signature, electronic signature and other applications are provided, and the traditional UEB KEY mode is adopted.
Electronic bidding system: the whole-flow online management work for providing the electronic bidding service needs to realize network intercommunication with a third-party CA mechanism decryption service system. The system needs to integrate the signature verification server and the timestamp server. In the process that the electronic bidding system transmits data to the third-party CA mechanism decryption service system, the signature verification server realizes digital signature, the authenticity of the data is guaranteed, the time stamp server realizes the retention of trusted time, and the trusted archiving and management of the data are guaranteed.
Third party CA decryption service system: the escrow service with the protected symmetric key in the online bidding process is provided, and the network intercommunication with the electronic bidding system is needed. The system needs to integrate the signature verification server and the timestamp server. In the process that the third-party CA mechanism decrypts the service system and returns data to the electronic bidding system, the signature verification server realizes digital signature, the authenticity of the data is guaranteed, the time stamp server realizes the retention of the trusted time, and the trusted archiving and management of the data are guaranteed.
CA certification authority: certificate services are provided for bidding providers, including lifecycle management services such as certificate application, certificate auditing, certificate issuing, certificate updating, and the like. By issuing a digital certificate for the user unit, the authenticity of the entity identity of the bidding provider is ensured.
Further, based on the system shown in fig. 2, the hardware functions of each part are described as follows:
a CA certification authority for providing digital certificates;
the provider bidding client is used for signing and encrypting the bidding document F according to the digital certificate;
the vendor bid client is also configured to generate M1 and M2;
the third party CA decryption service system is used for decrypting M2 to obtain M1;
and the electronic bidding system is used for finishing decryption and signature verification of the encrypted file F1 according to M1 and FS.
Further, the vendor bid client is specifically configured to:
randomly generating a symmetric key M, and accessing a supplier USBKEY and generating a bidding document F;
signing the symmetric key M and the bidding document F by adopting a private key in the vendor USBKEY to generate MS and FS;
encrypting the bidding document F by using the symmetric key M to generate the encrypted document F1;
encrypting the symmetric key M by using a public key of an electronic bidding system certificate to generate M1;
m1 is encrypted by using a public key of the third party CA server side certificate, and M2 is generated.
Further, the electronic bidding system is specifically configured to:
decrypting M1 by using a private key of the electronic bidding system certificate to obtain the symmetric key M;
signing the symmetric key M according to the MS;
decrypting the encrypted file F1 by using the symmetric key M to obtain the bidding file F;
and checking the bidding document F according to the FS.
It should be noted that, regarding the more specific workflow of the encryption and decryption system, please refer to the foregoing method embodiment section, and the description is omitted herein.
As can be seen from the above description, the bid file encryption and decryption method and the bid file encryption and decryption system provided by the embodiment of the application have the following main advantages:
(1) The problems of disputes and the like caused by different bid opening time due to uneven knowledge level of bidders on the password technology and easy operation difficulty in the encryption and decryption process are solved;
(2) The problem of price leakage caused by the fact that the decryption process is completed by the party to which the platform belongs and the fact that the party to which the platform belongs decrypts the bidding document in advance is solved;
(3) The encryption and decryption process is participated in multiple ways (a provider bidding client, an electronic bidding system and a third party CA decryption service system), so that the security and the supervision of the remote bidding encryption and decryption process are further enhanced;
(4) The remote label opening decryption time is greatly shortened, and the label opening time length can be shortened from 10-30 minutes to 1-3 minutes for 1 item, so that the label opening time length is improved by 10 times.
While the application has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the application. Therefore, the protection scope of the application is subject to the protection scope of the claims.
Claims (7)
1. The encryption and decryption method for the bidding documents in remote and centralized bidding is characterized in that the encryption and decryption method is suitable for a bidding document encryption and decryption system, and the bidding document encryption and decryption system comprises a supplier bidding client, an electronic bidding system and a third party CA decryption service system; the encryption and decryption method comprises the following steps:
the provider bidding client randomly generates a symmetric key M, and acquires a bidding file F and an access provider USBKEY;
the provider bidding client signs the symmetric key M and the bidding file F by adopting a private key in the provider USBKEY to generate signature information MS and FS; MS refers to information generated by the private key signature M of the provider certificate, and FS refers to information generated by the private key signature of the provider certificate and the bidding document;
the provider bidding client encrypts the bidding file F by using the symmetric key M to generate an encrypted file F1;
the vendor bid client generates M1 and M2; m1 refers to information generated by encrypting a symmetric key M by a public key of a certificate of a server side of the electronic bidding system; m2 refers to information generated by encrypting M1 by a third party CA server certificate public key;
the third party CA decryption service system decrypts M2 to obtain M1;
the electronic bidding system completes decryption and signature verification of the encrypted file F1 according to M1, MS and FS.
2. The encryption and decryption method according to claim 1, wherein the third party CA decryption service system decrypts M2 to obtain M1, specifically:
and decrypting M2 by using the private key of the third party CA server side certificate to obtain M1.
3. The encryption and decryption method according to claim 2, wherein the electronic bidding system completes decryption and signature verification of the encrypted file F1 according to M1, MS and FS, specifically:
decrypting M1 by using a private key of the electronic bidding system certificate to obtain the symmetric key M;
checking the symmetric key M according to the MS;
decrypting the encrypted file F1 by using the symmetric key M to obtain the bidding file F;
and checking and signing the bidding document F according to the FS.
4. An encryption and decryption system for remote and centralized bidding documents, comprising:
a CA certification authority for providing digital certificates;
the provider bidding client is used for signing and encrypting the bidding document F according to the digital certificate;
the provider bidding client randomly generates a symmetric key M, and the provider bidding client encrypts the bidding file F by using the symmetric key M to generate an encrypted file F1;
the vendor bid client is also configured to generate M1 and M2; m1 refers to information generated by encrypting a symmetric key M by a public key of a certificate of a server side of the electronic bidding system, and M2 refers to information generated by encrypting the public key M1 by a certificate of a server side of a third party CA;
the third party CA decryption service system is used for decrypting M2 to obtain M1;
the electronic bidding system is used for finishing decryption and signature verification of the encrypted file F1 according to M1 and FS; FS refers to information generated by signing the bidding document with the vendor certificate private key.
5. The encryption and decryption system of claim 4, wherein the vendor bid client is specifically configured to:
randomly generating a symmetric key M, and accessing a supplier USBKEY and acquiring a bidding document F;
signing the symmetric key M and the bidding document F by adopting a private key in the vendor USBKEY to generate MS and FS; MS refers to information generated by the vendor certificate private key signature M;
and encrypting the bidding document F by using the symmetric key M to generate the encrypted document F1.
6. The encryption and decryption system of claim 5, wherein the vendor bid client is specifically configured to:
encrypting the symmetric key M by using a public key of an electronic bidding system certificate to generate M1;
m1 is encrypted by using a public key of the third party CA server side certificate, and M2 is generated.
7. The encryption and decryption system of claim 6, wherein the electronic bidding system is specifically configured to:
decrypting M1 by using a private key of the electronic bidding system certificate to obtain the symmetric key M;
checking the symmetric key M according to the MS;
decrypting the encrypted file F1 by using the symmetric key M to obtain the bidding file F;
and checking and signing the bidding document F according to the FS.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110355551.XA CN113094725B (en) | 2021-04-01 | 2021-04-01 | Encryption and decryption method and system for bidding documents opened remotely and intensively |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110355551.XA CN113094725B (en) | 2021-04-01 | 2021-04-01 | Encryption and decryption method and system for bidding documents opened remotely and intensively |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113094725A CN113094725A (en) | 2021-07-09 |
| CN113094725B true CN113094725B (en) | 2023-09-01 |
Family
ID=76672486
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110355551.XA Active CN113094725B (en) | 2021-04-01 | 2021-04-01 | Encryption and decryption method and system for bidding documents opened remotely and intensively |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113094725B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113434911B (en) * | 2021-07-30 | 2022-05-20 | 四川省数字证书认证管理中心有限公司 | Method for proving consistency of bid documents in response to failure of bid decryption |
| CN116910790B (en) * | 2023-09-11 | 2023-11-24 | 四川建设网有限责任公司 | Bid file encryption method with self-integrity checking function |
| CN116915406B (en) * | 2023-09-14 | 2023-12-01 | 北京电子科技学院 | Collaborative decryption bidding method of electronic bidding document, storage medium and electronic device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2001134687A (en) * | 1999-11-04 | 2001-05-18 | Ntt Data Corp | Bid system, information managing system, participant terminal, bid server and bidding method |
| CN101655931A (en) * | 2008-08-21 | 2010-02-24 | 东方钢铁电子商务有限公司 | Electronic public bidding method based on digital certificate |
| CN103795523A (en) * | 2014-01-14 | 2014-05-14 | 福州市勘测院 | Multilayer electronic tender encryption and decryption system and method for electronic tendering |
| CN106603233A (en) * | 2017-01-04 | 2017-04-26 | 顾建明 | Encryption and decryption method for remote bid opening type bidding system |
| CN106789927A (en) * | 2016-11-28 | 2017-05-31 | 华迪计算机集团有限公司 | A kind of on-line bid method and system |
| CN109245896A (en) * | 2018-08-06 | 2019-01-18 | 上海汇招信息技术有限公司 | A kind of e-bidding method realizing CA and interconnecting |
| CN109800586A (en) * | 2018-12-24 | 2019-05-24 | 武汉思路富邦工程咨询有限公司 | A kind of pair of tender documents realize that a side encrypts the system and method decrypted in many ways |
-
2021
- 2021-04-01 CN CN202110355551.XA patent/CN113094725B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2001134687A (en) * | 1999-11-04 | 2001-05-18 | Ntt Data Corp | Bid system, information managing system, participant terminal, bid server and bidding method |
| CN101655931A (en) * | 2008-08-21 | 2010-02-24 | 东方钢铁电子商务有限公司 | Electronic public bidding method based on digital certificate |
| CN103795523A (en) * | 2014-01-14 | 2014-05-14 | 福州市勘测院 | Multilayer electronic tender encryption and decryption system and method for electronic tendering |
| CN106789927A (en) * | 2016-11-28 | 2017-05-31 | 华迪计算机集团有限公司 | A kind of on-line bid method and system |
| CN106603233A (en) * | 2017-01-04 | 2017-04-26 | 顾建明 | Encryption and decryption method for remote bid opening type bidding system |
| CN109245896A (en) * | 2018-08-06 | 2019-01-18 | 上海汇招信息技术有限公司 | A kind of e-bidding method realizing CA and interconnecting |
| CN109800586A (en) * | 2018-12-24 | 2019-05-24 | 武汉思路富邦工程咨询有限公司 | A kind of pair of tender documents realize that a side encrypts the system and method decrypted in many ways |
Non-Patent Citations (1)
| Title |
|---|
| CA加解密技术在电子招投标中的应用研究;赵永国;刘志霞;;现代国企研究(第24期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113094725A (en) | 2021-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109377198B (en) | Signing system based on multi-party consensus of alliance chain | |
| EP3847565B1 (en) | Methods and devices for managing user identity authentication data | |
| US10812487B2 (en) | Certificate system for verifying authorized and unauthorized secure sessions | |
| CN113094725B (en) | Encryption and decryption method and system for bidding documents opened remotely and intensively | |
| TWI709314B (en) | Data processing method and device | |
| US8843415B2 (en) | Secure software service systems and methods | |
| US10361852B2 (en) | Secure verification system | |
| TW201933255A (en) | Blockchain system and data processing method for blockchain system | |
| CN109450843B (en) | SSL certificate management method and system based on block chain | |
| US10432595B2 (en) | Secure session creation system utililizing multiple keys | |
| US10374808B2 (en) | Verification system for creating a secure link | |
| JP2005502269A (en) | Method and apparatus for creating a digital certificate | |
| WO2021154157A1 (en) | Blockchain-based data exchange | |
| US20220171832A1 (en) | Scalable key management for encrypting digital rights management authorization tokens | |
| KR20020093680A (en) | A Notarizing Device for Electronic Documents And The Method Using The Same | |
| CN112329032B (en) | Privacy mirror image financial auditing method and system based on function encryption | |
| CN110020538B (en) | Transaction data encryption and decryption method and system based on block chain | |
| CN112950356B (en) | Personal loan processing method, system, equipment and medium based on digital identity | |
| JPH10240826A (en) | Electronic contracting method | |
| JP5159752B2 (en) | Communication data verification device and computer program therefor | |
| US20230269099A1 (en) | Revocation of certificates issued by distributed servers | |
| Sultan et al. | Overcoming Barriers to Client-Side Digital Certificate Adoption | |
| CN115396096A (en) | Encryption and decryption method and protection system for secret file based on national cryptographic algorithm | |
| Chokhani et al. | PKI and certificate authorities | |
| CN114722414A (en) | Encryption and decryption method based on electronic business license, electronic bidding method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |