CN114499914A - Proof data processing system and proof data processing method - Google Patents
Proof data processing system and proof data processing method Download PDFInfo
- Publication number
- CN114499914A CN114499914A CN202110076164.2A CN202110076164A CN114499914A CN 114499914 A CN114499914 A CN 114499914A CN 202110076164 A CN202110076164 A CN 202110076164A CN 114499914 A CN114499914 A CN 114499914A
- Authority
- CN
- China
- Prior art keywords
- data processing
- electronic
- processing system
- hash
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims abstract description 74
- 238000003672 processing method Methods 0.000 title claims abstract description 27
- 238000004891 communication Methods 0.000 claims description 31
- 238000000034 method Methods 0.000 claims description 22
- 238000004321 preservation Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 4
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000012356 Product development Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Abstract
The invention provides a certification data processing system and a certification data processing method, wherein a plurality of electronic signatures are received in a time interval, wherein each electronic signature is generated by processing and encrypting original data according to a private key of an electronic certificate. In the certification data processing method, after the time interval, a Meckel tree is generated based on the electronic signatures, and a token for each of the electronic signatures is generated. Each token records a Merkel root of the Merkel tree, each electronic signature, an electronic certificate corresponding to each electronic signature, a Merkel certificate corresponding to each electronic signature, and a timestamp set.
Description
Technical Field
The present invention relates to a data processing system and a data processing method, and more particularly, to a certification data processing system and a certification data processing method.
Background
The existing electronic evidence preservation or electronic evidence storage service is a service for providing preservation for electronic original data or assisting in adding a time stamp to the original data for storing evidence. The raw data may be data that a general user wants to store, such as development records, year-round versions in the process of program development, raw manuscripts, etc., and the electronic raw data may be electronic files, such as photos, pictures, document files, etc., that are converted from raw data of a paper book or an object. The certification data is used to certify the time and owner of the original data generated or secured, so that the time and owner of the original data can be certified clearly in litigation. It is therefore important that a user (e.g., an individual household or business) store particular certification data in a certification data processing system to later certify the time and owner of the corresponding raw data in litigation. The existing technology mainly performs evidence preservation operation on each piece of original data in real time, for example, uploading the original data to a block chain and obtaining a timestamp of the block chain, because the data volume of the original data is large and each operation of uploading the original data to the block chain requires cost, such an operation mode is not only high in cost, but also low in efficiency.
In addition, the prior art records a single time stamp for each piece of original data, and the reliability of the original data may be insufficient if the single piece of original data corresponds to the single time stamp. For example, in a lawsuit across countries, once the court of another country does not acknowledge a unique timestamp corresponding to a certain original data, the competent organization will not consider the original data as authentic.
In summary, how to reduce the cost of the security evidence and increase the reliability of the original data in the technical field of data processing is a problem to be solved urgently in the technical field of the present invention.
Disclosure of Invention
To solve at least the above problems, an embodiment of the present invention provides an attestation data processing system that may include a communication interface and a processor electrically connected to each other. The communication interface can be used for receiving a plurality of electronic signatures in a time interval, wherein each electronic signature is generated by processing and encrypting original data according to a private key of an electronic certificate. The processor may be configured to: generating a Merkle tree (Merkle tree) based on the plurality of electronic signatures after the time interval; and generating a Token (Token) for each of the electronic signatures. Wherein each token records a Merkle root (Merkle root) of the Merkle tree, each electronic signature, an electronic certificate corresponding to each electronic signature, a Merkle proof (Merkle proof) corresponding to each electronic signature, and a timestamp set, and the timestamp set includes more than one timestamp.
In order to solve at least the above problems, an embodiment of the present invention also provides an attestation data processing method, which may include the steps of: receiving a plurality of electronic signatures by a certification data processing system in a time interval, wherein each electronic signature is generated by processing and encrypting original data according to a private key of an electronic certificate; generating, by the attestation data processing system, a meikel tree based on the plurality of electronic signatures after the time interval; and generating a token for each electronic signature by the certification data processing system, wherein each token records a root of the merkel tree, each electronic signature, an electronic certificate corresponding to each electronic signature, a merkel certification corresponding to each electronic signature, and a timestamp set, and the timestamp set comprises more than one timestamp.
Embodiments of the present invention also provide another attestation data processing system that may include a communication interface and a processor electrically coupled to each other. The communication interface is configured to receive a plurality of hash data within a time interval, wherein each of the hash data corresponds to a respective original data. The processor may be configured to: after the time interval, generating a Meckel tree according to the plurality of hash data; and generating a token for each of the hash data. Each token records a merkel root of the merkel tree, each hash datum, a merkel certificate corresponding to each hash datum, and a timestamp set, wherein the timestamp set comprises more than one timestamp.
The embodiment of the invention also provides another certification data processing method, which comprises the following steps: receiving a plurality of hash data within a time interval by a certification data processing system, wherein each hash data corresponds to an original data; generating, by the attestation data processing system, after the time interval, a merkel tree based on the plurality of hash data; and generating a token for each electronic signature by the certification data processing system, wherein each token records a root of the Merkel tree, each hash datum, a Merkel certification corresponding to each hash datum, and a timestamp set, and the timestamp set comprises more than one timestamp.
Unlike the conventional certification data processing system which performs evidence preservation operation on each piece of original data, the embodiment of the invention performs batch certification data processing on a plurality of pieces of original data within a period of time to serve as certification data. In particular, as described above, embodiments of the present invention first build a merkel tree for electronic signatures or hash data derived from raw data, and then perform batch evidence preservation based on the merkel tree to generate tokens (which can be used to prove the evidentiary capability or credibility of the raw data, respectively). Therefore, the embodiment of the invention can greatly reduce the cost of the traditional single evidence preservation operation and greatly improve the efficiency of the single evidence preservation operation.
On the other hand, unlike the conventional certification data processing service that only records a single time stamp for each piece of original data, the embodiment of the present invention records a time stamp set, which may include more than one time stamp and different types of time stamps, in the corresponding token generated for the same piece of original data, and further updates or increases the types and amounts of the time stamps according to the time variation, so as to improve the reliability of the original data.
The foregoing is not intended to limit the invention but rather to generally describe the technical problems which can be solved, the technical means which can be adopted and the technical effects which can be achieved in order to provide a first understanding of the invention to a person skilled in the art. Further details of various embodiments of the invention can be understood by those of ordinary skill in the art from the following description of the embodiments with reference to the drawings.
Drawings
The accompanying drawings may assist in describing various embodiments of the invention, wherein:
FIG. 1 illustrates the architecture of an attestation data processing system in accordance with certain embodiments of the invention;
FIG. 2 illustrates a correspondence of an electronic signature to a token in accordance with certain embodiments of the present invention;
FIG. 3 illustrates the Merkel tree shown in FIG. 2 in accordance with certain embodiments of the invention;
FIG. 4 illustrates a flow of an attestation data processing method in accordance with some embodiments of the invention; and
FIG. 5 illustrates a flow of a method of attestation data processing in accordance with certain embodiments of the invention.
Reference numerals
1: attestation data processing system
11: processor
13 memory
Communication interface 15
S1 electronic signature
D1 original data
L1 index tag
T1 token
S11, S12, S13 and S14, electronic signature
T11, T12, T13, T14, token
MT1 Merkel tree
MR1 Merkel root
4 proving data processing method
41 to 43, step
5 proving data processing method
51 to 53 steps
Detailed Description
The present invention is illustrated by the following examples, which are not intended to limit the present invention to only those embodiments in which the operations, environments, applications, structures, processes, or steps described herein are performed. For the sake of easy explanation, those not directly related to the embodiments of the present invention or those understood without specific explanation will be omitted in this document and the drawings. In the drawings, the sizes of the elements (elements) and the ratios between the elements are merely examples, and are not intended to limit the present invention. In the following, the same (or similar) element numbers may correspond to the same (or similar) elements, except where specifically noted. In the case where it can be realized, the number of each element described below may be one or more, as not particularly described.
The terminology used in the disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. The terms "comprises," "comprising," "including," and the like, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. The term "and/or" includes any and all combinations of one or more of the associated listed items.
FIG. 1 illustrates the architecture of an attestation data processing system in accordance with certain embodiments of the invention, the illustration is only for the purpose of illustrating embodiments of the invention and is not intended to limit the scope of protection of the invention. Referring to FIG. 1, it is demonstrated that a data processing system 1 may comprise at least a processor 11 and a communication interface 15 electrically connected to each other.
The processor 11 may be a Microprocessor (Microprocessor) or a Microcontroller (Microcontroller) having a signal processing function. The microprocessor or microcontroller is a programmable special integrated circuit, which has the capability of operation, storage, output/input, etc., and can accept and process various coded instructions to perform various logic operations and arithmetic operations, and output the corresponding operation results. The processor 11 may be programmed to interpret various instructions and perform various tasks or programs to achieve various corresponding functions as described below.
The communication interface 15 may include various input/output elements for wired/wireless communication provided in a general calculator device/computer, and may receive data from the outside and output data to the outside, thereby implementing various corresponding functions described below. The communication interface 15 may include, for example but not limited to: ethernet (Ethernet) interface, Internet (Internet) interface, telecommunications (telecommunications) interface, Universal Serial Bus (USB) interface, and the like.
In some embodiments, the attestation data processing system 1 may also include a memory 13 electrically connected to the processor 11. The memory 13 may include various storage units provided within a general computing device/computer to implement various corresponding functions described below. For example, the memory 13 may include a first level storage device (also referred to as main memory or internal memory), often referred to simply as memory, that is directly connected to the processor 11. The processor 11 may read the set of instructions stored in the memory and execute the set of instructions as needed. The memory 13 may also include a second level storage device (also known as external memory or secondary memory) that is connected to the processor 11 through an I/O channel of memory and uses a data buffer to transfer data to the first level storage device. The secondary storage may be, for example, various types of hard disks, optical disks, and so forth. Memory 13 may also include a third level of storage, such as a flash drive that may be plugged directly into or unplugged from the computer, or a cloud-based hard drive.
According to some embodiments of the invention, the communication interface 15 may be used to receive an electronic signature S1 from one or more external devices. According to some embodiments of the present invention, in addition to electronic signature S1, communication interface 15 may be used to receive raw data D1 and/or index tag L1 from one or more external devices. According to some embodiments of the present invention, the memory 13 may be used to store the original data D1 and/or the index tag L1. According to some embodiments of the present invention, the communication interface 15 may be used to transfer various data (such as, but not limited to, raw data D1, index tag L1) stored by the memory 13 to one or more external devices.
An exemplary proof of operation of the data processing system 1 will now be described with reference to figures 1 to 3. FIG. 2 illustrates a correspondence of an electronic signature to a token in accordance with certain embodiments of the invention, and FIG. 3 illustrates the Meckel tree shown in FIG. 2 in accordance with certain embodiments of the invention. The illustration in fig. 2 and 3 is only for illustrating the embodiment of the present invention, and is not intended to limit the scope of the present invention.
The communication interface 15 may receive a plurality of electronic signatures S1 over a time interval. According to different requirements, the time interval may be time intervals of various lengths, such as but not limited to: half an hour, one hour, five hours, twenty-four hours, forty-eight hours. After the time interval, processor 11 may generate a Merkel tree MT1 based on the plurality of electronic signatures S1, and processor 11 may then generate a token T1 for each of the electronic signatures S1. Each token T1 records at least a meiker root of the meiker tree MT1, each electronic signature S1, an electronic certificate corresponding to each electronic signature, a meiker certificate corresponding to each electronic signature, and a timestamp set, and the timestamp set includes more than one timestamp. According to some embodiments of the invention, an electronic signature S1 and a token T1 may be stored in memory 13.
Taking the example shown in fig. 2 as an example, the communication interface 15 may receive four electronic signatures S11, S12, S13, S14 in a time interval, and then the processor 11 may generate a meikel tree MT1 according to the four electronic signatures S11, S12, S13, S14, and generate corresponding four tokens T11, T12, T13, T14 for the four electronic signatures S11, S12, S13, S14, respectively.
Each electronic signature S1 is generated by processing and encrypting a respective original data D1 according to a private key of an electronic certificate. In some embodiments, the raw data D1 may be an electronic source file, such as a file, a photo, a research and development record, a product development process, etc., that a user (e.g., a user or a business) wants to save. In some embodiments, the communication interface 15 may receive the user-provided raw data D1, and the memory 13 may store the raw data D1 to additionally provide a preservation service for the user raw data D1. In some embodiments, if the original data D1 is not required to be additionally saved by the certification data processing system 1, the user can save the original data D1 by himself via another storage device, and only provide the electronic signature S1 to the certification data processing system 1 for the security of the certification data.
According to some embodiments of the present invention, each electronic signature S1 is generated by a user performing a hash process on the corresponding original data D1 to obtain a hash data at a local end, and then using the private key of the corresponding electronic certificate to process and encrypt the hash data. In still other embodiments, each electronic signature S1 may also perform other data processing, such as formatting, on the hash. For example, if the original data D1 that the user wants to save is a document file, he can perform a hash process on the document file locally to obtain a hash value, and then use the private key of the corresponding electronic certificate to process and encrypt the hash value to generate the corresponding electronic signature S1.
According to some embodiments of the invention, the user's electronic credentials may be a x.509 certificate (i.e., an SSL certificate). The electronic signature S1 is generated for the original data D1 by using the private key of the electronic certificate, and by storing the electronic certificate in the token, in addition to proving the existence of the original data D1, the ownership of the original data D1 can be proved to belong to the user by decrypting the electronic signature S1 by using the public key of the electronic certificate.
The electronic signatures S1 may be from the same user (e.g., the same individual or the same business), or may be from different users (e.g., different individuals or different businesses). If an electronic signature S1 is from a business, the electronic signature S1 is generated by processing and encrypting a private key corresponding to a business certificate of the business.
According to some embodiments of the invention, the communication interface 15 may transmit one or more of the plurality of tokens T1 generated by the processor 11 to one or more external devices. For example, in response to an electronic signature S1 provided by a business, communication interface 15 may transmit a corresponding token T1 to the business.
After communication interface 15 receives the four electronic signatures S11, S12, S13, S14 shown in fig. 2, processor 11 may generate meikel tree MT1 according to the four electronic signatures S11, S12, S13, S14 as shown in fig. 3. In detail, the bottom layer of the mekerr tree MT1 includes four Hash values obtained by the processor 11 hashing the received four electronic signatures S11, S12, S13, and S14 respectively on the respective raw data, i.e., Hash (S11), Hash (S12), Hash (S13), and Hash (S14). Except for the lowest layer, each layer in the merkel tree MT1 is a hash value obtained by adding all hash values of the next layer and then performing a hash process. The highest level of the Merkel tree MT1, namely the Merkel root MR1 of the Merkel tree MT 1.
Each mekerr root MR1 can transmit a timestamp service request to a timestamp service system external to the system to provide a timestamp service and obtain more than one timestamp. The timestamp service system may be a centralized timestamp service system (e.g., telecom timestamp service, WIPO PROOF), or a decentralized timestamp service system (e.g., block chain). Therefore, the merkel root MR1 corresponds to more than one timestamp stored in the set of timestamps of the token T1, i.e., all electronic signatures S1 under the same merkel root MR1 correspond to the timestamps. In addition, each electronic signature S1 corresponds to a Merkel certificate, and the Merkel certificate of each electronic signature S1 can prove that the electronic signature S1 belongs to the Merkel root MR 1. For example, the meikel of e-signature S11 proves to be "Hash (S12)" and "Hash (S13) + Hash (S14))", since from "Hash (S11)" and "Hash (S12)", it will be possible to calculate "Hash (S11) + Hash (S12)"), while from "Hash (S11) + Hash (S12)") and "Hash (S13) + Hash (S14)") it will be possible to calculate "Hash (S11) + Hash (S12)) + Hash (S13) + Hash (S14))) equal to meikel root MR1, and such a way will prove that the e-signature S11 is indeed under the meikel root S1.
Processor 11, after generating mekerl tree MT1, may generate a corresponding token T1 for each electronic signature S1 within the same time interval. For example, according to some embodiments of the invention, the processor 11 may record each electronic signature S1 and auxiliary data of each electronic signature S1 (i.e., the mekerr root MR1 of the mekerr tree MT1, the electronic certificate corresponding to the electronic signature S1, the corresponding mekerr certificate of the electronic signature in the mekerr tree MT1, and a set of timestamps) in the corresponding token T1. More than one timestamp is included in the timestamp set.
According to some embodiments of the present invention, the auxiliary data may further include a certificate validity proof of the electronic certificate included in each of the electronic signatures S1. The credential validity proof may be from the user. In response to the fact that the electronic certificate is usually time-sensitive, for example, the electronic certificate may expire or be replaced at regular intervals, and after the electronic certificate expires, the electronic certificate cannot be proved to be a valid certificate of the user or the enterprise at a later date. Therefore, when the certification data is processed, the electronic certificate can be verified at the same time to obtain the certificate validity certification. The token T1 may also contain proof of credential validity of the electronic credential, yet be able to be proven to be previously valid when the electronic credential expires.
According to some embodiments of the present invention, the processor 11 records the hash data received by the communication interface 15 in a time interval into the corresponding token T1. In these embodiments, each piece of hash data received by the communication interface 15 may correspond to a piece of original data, for example, an external device (not shown) storing the original data may perform a hash process on each piece of original data to obtain hash data corresponding to the original data, and then transmit each piece of hash data to the communication interface 15. The communication interface 15 may receive a plurality of hash data from a plurality of external devices, and the processor 11 may generate a meikel tree based on the plurality of hash data after the time interval, and generate a token for each of the hash data. In this embodiment, each token records a merkel root of the merkel tree, each of the hash data, a merkel certificate corresponding to each of the hash data, and a time stamp set, and the time stamp set includes more than one time stamp.
According to some embodiments of the invention, the set of timestamps included in each of the tokens T1 is more than any two of a plurality of centralized timestamps and a plurality of decentralized timestamps. In some cases, token T1 may include multiple centralized timestamps. In some cases, token T1 may include multiple decentralized timestamps. In some cases, token T1 may include at least one centralized timestamp and at least one decentralized timestamp. According to some embodiments of the invention, the centralized timestamp may be an RFC-3161 timestamp, such as, but not limited to: telecom timestamp, WIPO pro; and the decentralized timestamp may be a block chain timestamp, such as but not limited to: bitcoin time stamp, ether house time stamp.
In some embodiments, the processing time required by the processor 11 to put various timestamps on the token may be different because the time required by each timestamp service system to provide the timestamps is different, and the processor 11 may first generate an initial token for the user to use or first store the initial token in the memory 13 when any timestamp is not recorded in the timestamp set of the token. Processor 11 may update the tokens as each time stamp is successfully recorded in the initial token, and when all time stamps are successfully recorded in a token, token T1 is completed. Processor 11 may provide the completed token T1 to the user for use or update the token in memory 13.
In some embodiments, the communication interface 15 may further receive an index tag L1 corresponding to each electronic signature S1 during the time interval, and the index tag L1 may be from the user. Processor 11 may store the received index tab L1 in memory 13 and record the association between the index tab L1 and the corresponding token T1 for providing index services in the future (i.e., as a basis for the user to search for the corresponding token T1). For example, the index tab L1 may include a user-defined keyword, and when the user needs evidence at a later date, the required token T1 may be quickly and systematically found according to the keyword of the index tab L1.
Fig. 4 illustrates the flow of the certification data processing method according to some embodiments of the present invention, but the illustration is only for illustrating the embodiments of the present invention and is not intended to limit the scope of the present invention.
Referring to fig. 4, the attestation data processing method 4 may include the steps of: receiving, by a certification data processing system, a plurality of electronic signatures within a time interval, wherein each electronic signature is generated by processing and encrypting an original data according to a private key of an electronic certificate (step 41); generating, by the attestation data processing system, a Merkel tree based on the plurality of electronic signatures after the time interval (denoted as step 42); and generating a token for each electronic signature by the certification data processing system, wherein each token records a root of the merkel tree, each electronic signature, the electronic certificate corresponding to each electronic signature, a merkel certificate corresponding to each electronic signature, and a timestamp set, and the timestamp set includes more than one timestamp (denoted as step 43).
The order of steps 41 to 43 shown in fig. 4 is not limited. The sequence of steps 41 to 43 shown in fig. 4 may be arbitrarily adjusted, while still being practicable.
According to some embodiments of the invention, in addition to steps 41 to 43, the attestation data processing method 4 may further comprise the steps of: storing, by the attestation data processing system, the plurality of tokens.
According to some embodiments of the invention, in addition to steps 41 to 43, the attestation data processing method 4 may further comprise the steps of: transmitting, by the attestation data processing system, the plurality of tokens to one or more external devices.
According to some embodiments of the present invention, each of the electronic signatures is generated by first performing a hash process on the original data to obtain a hash, and then processing and encrypting the hash using a private key of the corresponding electronic certificate.
According to some embodiments of the invention, in addition to steps 41 to 43, the attestation data processing method 4 may further comprise the steps of: receiving, by the certification data processing system, an index tag corresponding to each of the electronic signatures within the time interval; and storing, by the attestation data processing system, at least one of the plurality of index tags and the original data. In other embodiments, the index tag may also be stored in an external storage device.
According to some embodiments of the invention, each of the electronic certificates is an x.509 certificate.
According to some embodiments of the invention, the set of timestamps included in each of the tokens is greater than any two of a plurality of centralized timestamps and a plurality of decentralized timestamps.
According to some embodiments of the invention, each of the tokens further comprises a certificate validity proof of the electronic certificate comprised by each of the electronic signatures.
According to some embodiments of the present invention, each of the electronic signatures is from a different enterprise, and each of the electronic signatures is processed and encrypted according to a private key corresponding to a corresponding enterprise credential.
Each embodiment of the attestation data processing method 4 will essentially correspond to one embodiment of the attestation data processing system 1. Therefore, even if not detailed above for every embodiment of the attestation data processing method 4, a person skilled in the art will be able to directly understand the not detailed embodiments of the attestation data processing method 4 from the above description for the attestation data processing system 1.
Fig. 5 illustrates the flow of the certification data processing method according to some embodiments of the present invention, but the illustration is only for illustrating the embodiments of the present invention and is not for limiting the scope of the present invention.
Referring to fig. 5, the attestation data processing method 5 may include the steps of: receiving, by a certification data processing system, a plurality of hash data within a time interval, wherein each of the hash data corresponds to a respective original data (denoted as step 51); generating, by the attestation data processing system, a Merkel tree based on the plurality of hash data after the time interval (denoted as step 52); and generating a token for each electronic signature by the certification data processing system, wherein each token records a root of the merkel tree, each hash data, a merkel certification corresponding to each hash data, and a timestamp set, and the timestamp set includes more than one timestamp (denoted as step 53).
The order of steps 51 to 53 shown in fig. 5 is not limited. The sequence of steps 51 to 53 shown in fig. 5 may be arbitrarily adjusted, while still being practicable.
Each embodiment of the attestation data processing method 5 will essentially correspond to one embodiment of the attestation data processing system 1. Therefore, even if not detailed above with respect to each embodiment of the proof data processing method 5, a person skilled in the art will be able to directly understand the not-detailed embodiment of the proof data processing method 5 from the above description with respect to the proof data processing system 1.
The above-described embodiments are merely illustrative of the present invention and are not intended to limit the present invention. Any other embodiments modified, changed, adjusted and integrated with the above embodiments are within the scope of the present invention as long as they are not easily understood by those skilled in the art. The protection scope of the invention is subject to the claims.
Claims (20)
1. An attestation data processing system, comprising:
a communication interface for receiving a plurality of electronic signatures in a time interval, wherein each electronic signature is generated by processing and encrypting original data according to a private key of an electronic certificate; and
a processor electrically connected to the communication interface and configured to:
generating a Meckel tree based on the plurality of electronic signatures after the time interval; and
generating a token for each electronic signature, wherein each token records a merkel root of the merkel tree, each electronic signature, an electronic certificate corresponding to each electronic signature, a merkel certificate corresponding to each electronic signature, and a timestamp set, and the timestamp set includes more than one timestamp.
2. The attestation data processing system of claim 1, further comprising:
And the memory is electrically connected to the communication interface and the processor and used for storing each token.
3. The attestation data processing system of claim 1, wherein:
the communication interface is further configured to transmit each of the tokens to one or more external devices.
4. The system of claim 1, wherein each electronic signature is generated by hashing the raw data to obtain a hash, and then using the private key of the corresponding electronic certificate to process and encrypt the hash.
5. The certification data processing system of claim 1, wherein the communication interface is further configured to receive an index tag corresponding to each of the electronic signatures during the time interval, and the system further comprises:
a memory electrically connected to the communication interface and the processor for storing at least one of the index tags and the original data.
6. The certification data processing system of claim 1, wherein each of the electronic certificates is an x.509 certificate.
7. The attestation data processing system of claim 1, wherein the set of timestamps included in each of the tokens is more than any two of a plurality of centralized timestamps and a plurality of decentralized timestamps.
8. The certification data processing system of claim 1, wherein each of the tokens further comprises a certificate validity proof of the electronic certificate included in each of the electronic signatures.
9. The certification data processing system of claim 1, wherein each of the electronic signatures is from a different enterprise, and each of the electronic signatures is processed and encrypted according to a private key corresponding to a corresponding enterprise credential.
10. An attestation data processing system, comprising:
a communication interface for receiving a plurality of hash data within a time interval, wherein each hash data corresponds to an original data; and
a processor electrically connected to the communication interface and configured to generate a Meckel tree according to the plurality of hash data after the time interval; and generating a token for each of the hash data, wherein each of the tokens records a merkel root of the merkel tree, each of the hash data, a merkel certificate corresponding to each of the hash data, and a timestamp set, and the timestamp set includes more than one timestamp.
11. A method for attestation data processing, comprising:
Receiving a plurality of electronic signatures in a time interval by a certification data processing system, wherein each electronic signature is generated by processing and encrypting original data according to a private key of an electronic certificate;
generating, by the certification data processing system, a Merkel tree after the time interval based on the plurality of electronic signatures; and
generating a token for each electronic signature by the certification data processing system, wherein each token records a root of the merkel tree, each electronic signature, an electronic certificate corresponding to each electronic signature, a merkel certification corresponding to each electronic signature, and a timestamp set, and the timestamp set includes more than one timestamp.
12. The certification data processing method of claim 11, further comprising:
each of the tokens is stored by the attestation data processing system.
13. The certification data processing method of claim 11, further comprising:
transmitting, by the attestation data processing system, each of the tokens to one or more external devices.
14. The method as claimed in claim 11, wherein each electronic signature is generated by first performing a hash process on the original data to obtain a hash, and then using the private key of the corresponding electronic certificate to process and encrypt the hash.
15. The certification data processing method of claim 11, further comprising:
receiving, by the certification data processing system, an index tag corresponding to each of the electronic signatures within the time interval; and
storing, by the attestation data processing system, at least one of the plurality of index tags and the original data.
16. The method of claim 11, wherein each of the electronic certificates is an x.509 certificate.
17. The method of claim 11, wherein the set of timestamps included in each token is more than two of a plurality of centralized timestamps and a plurality of decentralized timestamps.
18. The method of claim 11, wherein each of the tokens further comprises a certificate validity proof of the electronic certificate included in each of the electronic signatures.
19. The method of claim 11, wherein each electronic signature is from a different enterprise, and each electronic signature is processed and encrypted according to a private key corresponding to a corresponding enterprise credential.
20. A method for attestation data processing, comprising:
Receiving a plurality of hash data within a time interval by a certification data processing system, wherein each hash data corresponds to an original data;
generating, by the attestation data processing system, after the time interval, a Merkel tree from the hash data; and
generating, by the attestation data processing system, a token for each of the electronic signatures, wherein each of the tokens records a merkel root of the merkel tree, each of the hash data, a merkel attestation corresponding to each of the hash data, and a time stamp set, and the time stamp set includes more than one time stamp.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW109139623 | 2020-11-13 | ||
| TW109139623A TWI778448B (en) | 2020-11-13 | 2020-11-13 | Verification data processing system and verification data processing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114499914A true CN114499914A (en) | 2022-05-13 |
Family
ID=81491679
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110076164.2A Pending CN114499914A (en) | 2020-11-13 | 2021-01-20 | Proof data processing system and proof data processing method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN114499914A (en) |
| TW (1) | TWI778448B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI807979B (en) * | 2022-08-30 | 2023-07-01 | 中華電信股份有限公司 | A fido certification and auditing system, method base on timestamp signature and computer-readable medium thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109525583A (en) * | 2018-11-26 | 2019-03-26 | 中国科学院数据与通信保护研究教育中心 | A kind of false voucher detection method and system of the service system that Identity Management is provided for third party |
| TW201924279A (en) * | 2017-11-16 | 2019-06-16 | 中華電信股份有限公司 | Signature system incorporating block chain technique, signature method and signature authentication method |
| US20190312734A1 (en) * | 2018-04-05 | 2019-10-10 | Ares Technologies, Inc. | Systems and methods authenticating a digitally signed assertion using verified evaluators |
| US20200067907A1 (en) * | 2018-08-21 | 2020-02-27 | HYPR Corp. | Federated identity management with decentralized computing platforms |
| CN111835526A (en) * | 2020-06-30 | 2020-10-27 | 北京泰尔英福网络科技有限责任公司 | Method and system for generating anonymous voucher |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10046228B2 (en) * | 2016-05-02 | 2018-08-14 | Bao Tran | Smart device |
-
2020
- 2020-11-13 TW TW109139623A patent/TWI778448B/en active
-
2021
- 2021-01-20 CN CN202110076164.2A patent/CN114499914A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201924279A (en) * | 2017-11-16 | 2019-06-16 | 中華電信股份有限公司 | Signature system incorporating block chain technique, signature method and signature authentication method |
| US20190312734A1 (en) * | 2018-04-05 | 2019-10-10 | Ares Technologies, Inc. | Systems and methods authenticating a digitally signed assertion using verified evaluators |
| US20200067907A1 (en) * | 2018-08-21 | 2020-02-27 | HYPR Corp. | Federated identity management with decentralized computing platforms |
| CN109525583A (en) * | 2018-11-26 | 2019-03-26 | 中国科学院数据与通信保护研究教育中心 | A kind of false voucher detection method and system of the service system that Identity Management is provided for third party |
| CN111835526A (en) * | 2020-06-30 | 2020-10-27 | 北京泰尔英福网络科技有限责任公司 | Method and system for generating anonymous voucher |
Non-Patent Citations (2)
| Title |
|---|
| FRANCESCO BRUSCHI ETAL.: "Tunneling Trust Into the Blockchain A Merkle Based Proof System for Structured Documents", 《IEEE ACCESS》 * |
| 孟嘉霖 等: "基于区块链的数字资产安全发行及管理技术实现", 《网络空间安全》, vol. 10, no. 9 * |
Also Published As
| Publication number | Publication date |
|---|---|
| TWI778448B (en) | 2022-09-21 |
| TW202219799A (en) | 2022-05-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109101572B (en) | Block chain based evidence storing method and device, server and storage medium | |
| US20220366020A1 (en) | Method and system for verifying ownership of a digital asset using a distributed hash table and a peer-to-peer distributed ledger | |
| TWI829816B (en) | Systems and methods for efficient and secure processing, accessing and transmission of data via a blockchain network | |
| US10754848B2 (en) | Method for registration of data in a blockchain database and a method for verifying data | |
| CN110276613B (en) | Block chain-based data processing apparatus, method, and computer-readable storage medium | |
| US11151276B1 (en) | Systems and methods for data certificate notarization utilizing bridging from private blockchain to public blockchain | |
| Wang et al. | Enabling public verifiability and data dynamics for storage security in cloud computing | |
| CA2887191C (en) | Secure linkage of databases | |
| Bianchi et al. | On the implementation of the discrete Fourier transform in the encrypted domain | |
| US20080133514A1 (en) | Method and Apparatus for Organizing an Extensible Table for Storing Cryptographic Objects | |
| Thompson | The preservation of digital signatures on the blockchain | |
| CN109858263A (en) | Search data memory method, apparatus, electronic equipment and storage medium | |
| Peng et al. | Secure and traceable copyright management system based on blockchain | |
| Sun et al. | Research on logistics information blockchain data query algorithm based on searchable encryption | |
| Patsonakis et al. | On the practicality of a smart contract PKI | |
| JP2019121946A (en) | Document management system, document management method, and document management program | |
| CN111406398A (en) | Managing trust points in an account book system | |
| CN114499914A (en) | Proof data processing system and proof data processing method | |
| George et al. | Data anonymization and integrity checking in cloud computing | |
| CN112887281B (en) | Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application | |
| US20220020010A1 (en) | Decentralized electronic contract attestation platform | |
| Li et al. | How to retrieve the encrypted data on the blockchain | |
| CN114826736A (en) | Information sharing method, device, equipment and storage medium | |
| JP2003134109A (en) | System for verifying validity of public key certificate | |
| CN112732789A (en) | Searchable encryption method based on block chain and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20220513 |