CN118075004A

CN118075004A - File verification method, device, system, computer equipment and storage medium

Info

Publication number: CN118075004A
Application number: CN202410290624.5A
Authority: CN
Inventors: 陈文琪; 黄琼
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2024-03-14
Filing date: 2024-03-14
Publication date: 2024-05-24

Abstract

The present application relates to a document authentication method, apparatus, system, computer device, storage medium and computer program product, which can be used in the field of computer technology, and also in the field of financial science and technology or other related fields. The method comprises the following steps: watermark embedding processing is carried out on the file blocks under the file to be verified to obtain target file blocks; carrying out hash calculation on the watermark in the target file block to obtain a real hash value; uploading the target file block to a file storage end, and uploading the real hash value to a file verification request end; the file verification request end is used for sending a file verification request carrying a real hash value to the file storage end; the file storage end is used for responding to a file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified. By adopting the method, the efficiency of file verification can be improved.

Description

File verification method, device, system, computer equipment and storage medium

Technical Field

The present application relates to the field of computer technology, and in particular, to a method, an apparatus, a system, a computer device, a storage medium, and a computer program product for file verification.

Background

With the development of information technology, data security has important applications in a plurality of fields. In cloud storage security, in order to ensure that data is stored in a file storage end completely, the file storage end needs to be subjected to file verification. Therefore, how to efficiently verify a document becomes an important research direction.

The traditional technology generally carries out file verification in a manual auditing mode; however, this method requires much time for manual processing, resulting in low efficiency of document verification.

Disclosure of Invention

In view of the foregoing, it is desirable to provide a file verification method, apparatus, system, computer device, computer readable storage medium, and computer program product that can improve the efficiency of file verification.

In a first aspect, the present application provides a file verification method, which is applied to a terminal. The method comprises the following steps:

watermark embedding processing is carried out on file blocks under a file to be verified, so that target file blocks of the file to be verified are obtained; the file to be verified belongs to a financial file;

carrying out hash calculation on the watermark in the target file block to obtain a real hash value corresponding to the watermark;

Uploading the target file block to a file storage end, and uploading the real hash value to a file verification request end; the file verification request end is used for sending a file verification request carrying the real hash value to the file storage end; the file storage end is used for responding to the file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

In one embodiment, before uploading the target file block to the file storage end, the method further includes:

Generating a signing key pair of the terminal; the signature key pair comprises a private key and a public key;

Sending the public key to the file storage end;

the uploading the target file block to the file storage end comprises the following steps:

Performing splicing processing on the file identifier of the file to be verified and the real hash value to obtain a first spliced hash value of the file to be verified;

Carrying out signature processing on the first spliced hash value by using the private key to obtain a digital signature of the file to be verified;

and uploading the target file block, the file identifier, the real hash value and the digital signature to the file storage end.

In one embodiment, the method further comprises:

acquiring a file block updating instruction aiming at the file to be verified;

The file block updating instruction is sent to the file storage end and the file verification request end; the file block updating instruction is used for indicating the file storage end to modify, insert or delete the stored target file block; the file block updating instruction is further used for indicating the file verification request end to carry out modification processing, insertion processing or deletion processing on the stored real hash value.

In a second aspect, the present application provides a method for verifying a file, which is applied to a file storage terminal. The method comprises the following steps:

Receiving a target file block of a file to be verified, which is uploaded by a terminal; the terminal is used for carrying out watermark embedding processing on the file blocks under the file to be verified to obtain the target file blocks, carrying out hash calculation on the watermarks in the target file blocks to obtain real hash values corresponding to the watermarks, and uploading the real hash values to a file verification request terminal; the file to be verified belongs to a financial file;

Responding to a file verification request carrying the real hash value sent by the file verification request terminal, and carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block;

carrying out hash calculation on the watermark to be tested to obtain a hash value to be tested corresponding to the watermark to be tested;

and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

In one embodiment, the receiving the target file block of the file to be verified, which is uploaded by the terminal, includes:

receiving a public key sent by the terminal, and receiving the target file block uploaded by the terminal, a file identifier of the file to be verified, the real hash value and a digital signature of the file to be verified;

Performing splicing processing on the file identifier and the real hash value to obtain a second spliced hash value of the file to be verified;

verifying the digital signature by using the public key and the second spliced hash value to obtain a verification result of the digital signature;

and storing the target file block in the case that the verification result of the digital signature indicates correct.

In a third aspect, the present application provides a file verification method, which is applied to a file verification request terminal. The method comprises the following steps:

Receiving a real hash value uploaded by a terminal; the terminal is used for carrying out watermark embedding processing on a file block under a file to be verified to obtain a target file block of the file to be verified, carrying out hash calculation on the watermark in the target file block to obtain the real hash value corresponding to the watermark, and uploading the target file block to a file storage end; the file to be verified belongs to a financial file;

Sending a file verification request carrying the real hash value to the file storage end; the file storage end is used for responding to the file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

In one embodiment, the sending the file verification request carrying the true hash value to the file storage terminal includes:

selecting part of real hash values from the real hash values;

and sending a file verification request carrying the file identifier of the file to be verified and the part of the real hash value to the file storage end.

In a fourth aspect, the application further provides a file verification device applied to the terminal. The device comprises:

The watermark embedding module is used for carrying out watermark embedding processing on the file blocks under the file to be verified to obtain target file blocks of the file to be verified; the file to be verified belongs to a financial file;

the first calculation module is used for carrying out hash calculation on the watermark in the target file block to obtain a real hash value corresponding to the watermark;

The target uploading module is used for uploading the target file block to a file storage end and uploading the real hash value to a file verification request end; the file verification request end is used for sending a file verification request carrying the real hash value to the file storage end; the file storage end is used for responding to the file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

In a fifth aspect, the present application further provides a file verification device, which is applied to a file storage end. The device comprises:

The first receiving module is used for receiving the target file block of the file to be verified, which is uploaded by the terminal; the terminal is used for carrying out watermark embedding processing on the file blocks under the file to be verified to obtain the target file blocks, carrying out hash calculation on the watermarks in the target file blocks to obtain real hash values corresponding to the watermarks, and uploading the real hash values to a file verification request terminal; the file to be verified belongs to a financial file;

The request response module is used for responding to the file verification request carrying the real hash value sent by the file verification request terminal, and extracting and processing the watermark of the target file block to obtain the watermark to be verified in the target file block;

The second calculation module is used for carrying out hash calculation on the watermark to be tested to obtain a hash value to be tested corresponding to the watermark to be tested;

And the hash verification module is used for verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

In a sixth aspect, the present application further provides a file verification device, which is applied to a file verification request end. The device comprises:

The second receiving module is used for receiving the real hash value uploaded by the terminal; the terminal is used for carrying out watermark embedding processing on a file block under a file to be verified to obtain a target file block of the file to be verified, carrying out hash calculation on the watermark in the target file block to obtain the real hash value corresponding to the watermark, and uploading the target file block to a file storage end; the file to be verified belongs to a financial file;

The request sending module is used for sending a file verification request carrying the real hash value to the file storage end; the file storage end is used for responding to the file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

In a seventh aspect, the present application further provides a file verification system. The system comprises: the system comprises a terminal, a file storage end and a file verification request end;

The terminal is used for carrying out watermark embedding processing on a file block under a file to be verified to obtain a target file block of the file to be verified, carrying out hash calculation on the watermark in the target file block to obtain a real hash value corresponding to the watermark, uploading the target file block to the file storage end, and uploading the real hash value to the file verification request end; the file to be verified belongs to a financial file;

The file verification request end is used for sending a file verification request carrying the real hash value to the file storage end;

The file storage end is used for responding to the file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

In an eighth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:

In a ninth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:

In a tenth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:

In an eleventh aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

In a twelfth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

In a thirteenth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

In a fourteenth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:

In a fifteenth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:

In a sixteenth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:

The file verification method, the device, the system, the computer equipment, the storage medium and the computer program product perform watermark embedding processing on the file blocks under the file to be verified to obtain target file blocks of the file to be verified; the file to be verified belongs to a financial file; carrying out hash calculation on the watermark in the target file block to obtain a real hash value corresponding to the watermark; uploading the target file block to a file storage end, and uploading the real hash value to a file verification request end; the file verification request end is used for sending a file verification request carrying the real hash value to the file storage end; the file storage end is used for responding to the file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified. According to the scheme, watermark embedding processing is carried out on a file block under a file to be verified through a terminal to obtain a target file block of the file to be verified, hash calculation is carried out on watermarks in the target file block to obtain real hash values corresponding to the watermarks, the target file block is uploaded to a file storage end, and the real hash values are uploaded to a file verification request end; the file verification request end sends a file verification request carrying a true hash value to the file storage end; the file storage end responds to a file verification request, watermark extraction processing is carried out on the target file block, watermark to be verified in the target file block is obtained, hash calculation is carried out on the watermark to be verified, a hash value to be verified corresponding to the watermark to be verified is obtained, verification is carried out on the hash value to be verified according to the real hash value, and a verification result of the file to be verified is obtained. In this way, when the file verification is performed, the automatic file verification is realized through watermark embedding, hash calculation, file uploading to file verification request response and verification processing, so that the efficiency and accuracy of the file verification are improved.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the related art, the drawings that are required to be used in the embodiments or the related technical descriptions will be briefly described, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.

FIG. 1 is an application environment diagram of a file verification method in one embodiment;

FIG. 2 is a flow diagram of a method of document authentication in one embodiment;

FIG. 3 is a flow chart of a method of verifying files in another embodiment;

FIG. 4 is a flow chart of a method of verifying files in yet another embodiment;

FIG. 5 is an application environment diagram of a file verification method in another embodiment;

FIG. 6 is a schematic diagram of the structure of a watermark dynamic hash chain in one embodiment;

FIG. 7 is a diagram of modifying hash values in one embodiment;

FIG. 8 is a diagram of inserting hash values in one embodiment;

FIG. 9 is a diagram of deleting hash values in one embodiment;

FIG. 10 is a block diagram of a file verification device according to one embodiment;

FIG. 11 is a block diagram of a file verification device according to another embodiment;

FIG. 12 is a block diagram of a file verification device according to yet another embodiment;

FIG. 13 is an internal block diagram of a computer device in one embodiment;

fig. 14 is an internal structural view of a computer device in another embodiment.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are both information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data are required to meet the related regulations. The collected information is information and data authorized by the user or fully authorized by each party, and the processing of the related data such as collection, storage, use, processing, transmission, provision, disclosure, application and the like all obeys the related regulations, necessary security measures are adopted without violating the public order colloquial, and corresponding operation entrance is provided for the user to select authorization or rejection.

The file verification method provided by the application can be applied to an application environment shown in figure 1. The application scenario may include: the terminal 110, the file verification request terminal 120 and the file storage terminal 130, wherein the terminal 110 and the file verification request terminal 120 can be in communication connection, the terminal 110 and the file storage terminal 130 can be in communication connection, and the file verification request terminal 120 and the file storage terminal 130 can be in communication connection. Specifically, the terminal 110 performs watermark embedding processing on a file block under a file to be verified to obtain a target file block of the file to be verified, performs hash calculation on the watermark in the target file block to obtain a real hash value corresponding to the watermark, uploads the target file block to the file storage end 130, and uploads the real hash value to the file verification request end 120; the file to be verified belongs to the financial file; the file verification request end 120 sends a file verification request carrying a true hash value to the file storage end 130; the file storage end 130 responds to the file verification request, carries out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carries out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, verifies the hash value to be verified according to the real hash value, and obtains a verification result of the file to be verified. The terminal 110 may be, but is not limited to, various personal computers, notebook computers, smart phones, and tablet computers; the file verification request end 120 may be implemented by an independent server or a server cluster formed by a plurality of servers; the file storage 130 may be implemented as a stand-alone server or as a server cluster comprising a plurality of servers.

In an exemplary embodiment, as shown in fig. 2, a file verification method is provided, and this embodiment is applied to a terminal for illustration by the method. In this embodiment, the method includes the steps of:

step S201, watermark embedding processing is carried out on file blocks under a file to be verified, and target file blocks of the file to be verified are obtained; the document to be verified belongs to the financial document.

The terminal may be one end, such as a user end, for performing file watermark embedding and hash calculation.

The file to be verified can be a file needing to be subjected to integrity verification.

The target file block can be a file block subjected to watermark embedding processing and can be used as a file block object to be verified.

The watermark may be a digital watermark embedded in a file block.

Optionally, the terminal acquires a file to be verified, divides the file to be verified into a plurality of file blocks according to blocks, selects different watermark information for each file block, embeds the watermark information corresponding to each file block into the file blocks to form the file blocks with watermarks, and takes the file blocks with watermarks as target file blocks of the file to be verified.

Step S202, hash calculation is carried out on the watermark in the target file block, and a real hash value corresponding to the watermark is obtained.

The real hash value may be an original hash value obtained by performing hash calculation on the watermark in the target file block by the terminal.

Optionally, the terminal performs hash computation on watermark information embedded in each target file block, for example, repeatedly performs hash computation on watermark information of all target file blocks, so as to obtain a hash value of each target file block, where the hash value is used as a true hash value corresponding to the watermark, and the true hash value corresponding to the watermark is used for subsequent file integrity verification.

Step S203, uploading the target file block to a file storage end, and uploading the real hash value to a file verification request end; the file verification request end is used for sending a file verification request carrying a real hash value to the file storage end; the file storage end is used for responding to a file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

The file storage end may be an end for storing the target file block, for example, a cloud end or a server end.

The file verification request end may be an end that sends a verification request and receives a verification result, for example, a third party auditor end.

The file verification request may be a verification request sent from the file verification request end to the file storage end with a real hash value.

The watermark to be tested can be a watermark extracted from the target file block by the file storage end.

The hash value to be tested can be a hash value obtained by performing hash calculation on the watermark to be tested by the file storage end.

The verification result of the file to be verified can be a file block integrity verification result obtained by comparing the true hash value with the hash value to be verified.

Optionally, the terminal uploads the target file block to the file storage end, and uploads the real hash value to the file verification request end; the file verification request end sends a file verification request carrying the real hash value to the file storage end according to the obtained real hash value; after the file storage end receives the file verification request, watermark extraction is carried out from the target file block in response to the file verification request, watermark to be verified in the target file block is obtained, hash calculation is carried out on the watermark to be verified, a hash value to be verified of the watermark to be verified is obtained, verification is carried out on the hash value to be verified according to the real hash value provided by the file verification request end, if the hash value to be verified is consistent with the real hash value, the verification is passed, the integrity of the file to be verified is confirmed, if the hash value to be verified is inconsistent with the real hash value, the verification is not passed, damage of the file to be verified is confirmed, and the file storage end returns the verification result of the file to be verified to the file verification request end.

In the file verification method, watermark embedding processing is carried out on the file blocks under the file to be verified, so that target file blocks of the file to be verified are obtained; the file to be verified belongs to the financial file; carrying out hash calculation on the watermark in the target file block to obtain a real hash value corresponding to the watermark; uploading the target file block to a file storage end and uploading the real hash value to a file verification request end; the file verification request end is used for sending a file verification request carrying a real hash value to the file storage end; the file storage end is used for responding to a file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified. According to the scheme, watermark embedding processing is carried out on a file block under a file to be verified through a terminal to obtain a target file block of the file to be verified, hash calculation is carried out on watermarks in the target file block to obtain real hash values corresponding to the watermarks, the target file block is uploaded to a file storage end, and the real hash values are uploaded to a file verification request end; the file verification request end sends a file verification request carrying a true hash value to the file storage end; the file storage end responds to a file verification request, watermark extraction processing is carried out on the target file block, watermark to be verified in the target file block is obtained, hash calculation is carried out on the watermark to be verified, a hash value to be verified corresponding to the watermark to be verified is obtained, verification is carried out on the hash value to be verified according to the real hash value, and a verification result of the file to be verified is obtained. In this way, when the file verification is performed, the automatic file verification is realized through watermark embedding, hash calculation, file uploading to file verification request response and verification processing, so that the efficiency and accuracy of the file verification are improved.

In an exemplary embodiment, before uploading the target file block to the file storage, the method further comprises the following steps: generating a signature key pair of the terminal; the signature key pair comprises a private key and a public key; sending the public key to a file storage end; uploading the target file block to a file storage end, wherein the method specifically comprises the following steps: performing splicing processing on the file identifier of the file to be verified and the real hash value to obtain a first spliced hash value of the file to be verified; carrying out signature processing on the first spliced hash value by using a private key to obtain a digital signature of the file to be verified; and uploading the target file block, the file identifier, the real hash value and the digital signature to a file storage end.

The signing key pair may include a private key and a public key, and the signing key pair may be a key pair for digital signing.

The private key may be a private key in a signing key pair, which is only owned by the terminal itself and used for digital signature generation.

The public key can be a public key in a signature key pair, and the terminal issues the public key to a file storage end for digital signature verification.

Wherein the file identifier may be an identifier for uniquely identifying the file to be authenticated.

The first splicing hash value may be a hash value calculated after splicing the file identifier and the real hash value.

The digital signature may be a digital signature value obtained by signing the first spliced hash value by using a private key.

Optionally, the terminal generates a signing key pair comprising a private key and a public key; sending the public key to a file storage end; preprocessing a file to be verified to obtain a file identifier and a real hash value; splicing the file identifier and the real hash value, and calculating to obtain a first spliced hash value; carrying out digital signature on the first spliced hash value by using a private key to obtain a digital signature; and packing and uploading the target file block, the file identifier, the real hash value and the digital signature to a file storage end. After receiving the target file block, the file identifier, the real hash value and the digital signature, the file storage device uses the public key to verify whether the digital signature is correct; if the digital signature passes the verification, the data source is trusted, and the file storage end stores the received data; if the digital signature verification fails, the data may be tampered, and the file storage end requests the terminal to upload again.

According to the technical scheme provided by the embodiment, the integrity and the source credibility of the data uploading process are guaranteed by utilizing the digital signature, the purpose of verifying the file integrity is achieved, and therefore the accuracy of file verification is improved.

In an exemplary embodiment, the method further comprises the following: acquiring a file block updating instruction aiming at a file to be verified; transmitting a file block update instruction to a file storage end and a file verification request end; the file block updating instruction is used for indicating the file storage end to modify, insert or delete the stored target file block; the file block update instruction is further used for indicating the file verification request end to modify, insert or delete the stored true hash value.

The file block update instruction may be an instruction for modifying, inserting or deleting a file block of a file to be verified by a user, and is used for informing that the file storage end and the file verification request end need to perform corresponding update operations on the file block and the real hash value.

The modification process may be a process of modifying an original file block or a real hash value according to a file block update instruction.

The inserting process may be a process of inserting a new file block or hash value in a position corresponding to the file block or the real hash value according to the file block update instruction.

The deletion process may be a process of deleting a specified file block or a corresponding real hash value according to a file block update instruction.

Optionally, after modifying, inserting or deleting the file to be verified, the terminal generates a file block update instruction, and records information such as operation type and affected file block position; and the terminal sends the file block updating instruction to the file storage end and the file verification request end. And the file storage end carries out corresponding modification, insertion or deletion processing operation on the affected target file block according to the file block updating instruction. And the file verification request terminal carries out corresponding modification, insertion or deletion processing operation on the affected real hash value according to the file block updating instruction.

According to the technical scheme provided by the embodiment, the file storage end and the file verification request end are coordinated to update synchronously through the file block updating instruction, so that the integrity verification function of the dynamically updated file is realized, and the accuracy of file verification is improved.

In an exemplary embodiment, as shown in fig. 3, a file verification method is provided, and this embodiment is illustrated by applying the method to a file storage terminal. In this embodiment, the method includes the steps of:

Step S301, receiving a target file block of a file to be verified, which is uploaded by a terminal; the terminal is used for carrying out watermark embedding processing on the file blocks under the file to be verified to obtain target file blocks, carrying out hash calculation on the watermarks in the target file blocks to obtain real hash values corresponding to the watermarks, and uploading the real hash values to the file verification request terminal; the document to be verified belongs to the financial document.

Step S302, in response to a file verification request carrying a real hash value sent by a file verification request terminal, watermark extraction processing is carried out on a target file block, and a watermark to be verified in the target file block is obtained.

Step S303, hash calculation is carried out on the watermark to be tested, and a hash value to be tested corresponding to the watermark to be tested is obtained.

Step S304, verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

Optionally, the terminal blocks the financial file to be verified, and watermark embedding is carried out on each file block to obtain a target file block; carrying out hash calculation on the watermark embedded in each target file block to obtain a real hash value of the watermark; uploading the real hash value of each file block to a file verification request end, and uploading the target file block of the file to be verified to a file storage end. After the file verification request terminal collects the real hash values of all the file blocks, a file verification request is sent to the file storage terminal, and the file verification request carries the real hash values. The file storage end receives a target file block of the file to be verified, which is uploaded by the terminal, and after receiving a file verification request sent by the file verification request end, responds to the file verification request carrying the real hash value sent by the file verification request end, and watermark extraction is carried out on the uploaded target file block to obtain a watermark to be verified in the file block; carrying out hash calculation on each watermark to be tested to obtain a corresponding hash value to be tested; according to the real hash value provided by the file verification request end, carrying out one-to-one matching comparison with the hash value to be verified obtained by calculation, and if all the hash values to be verified are matched with the real hash value, passing the file verification; if the files are not matched, confirming that the files are damaged, and verifying that the files are not passed; and returning the verification result of the file to be verified to the file verification request end to complete the whole file integrity verification process.

In the file verification method, receiving a target file block of a file to be verified, which is uploaded by a terminal; the terminal is used for carrying out watermark embedding processing on the file blocks under the file to be verified to obtain target file blocks, carrying out hash calculation on the watermarks in the target file blocks to obtain real hash values corresponding to the watermarks, and uploading the real hash values to the file verification request terminal; the file to be verified belongs to the financial file; responding to a file verification request carrying a real hash value sent by a file verification request end, and carrying out watermark extraction processing on a target file block to obtain a watermark to be verified in the target file block; carrying out hash calculation on the watermark to be tested to obtain a hash value to be tested corresponding to the watermark to be tested; and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified. According to the scheme, watermark embedding processing is carried out on a file block under a file to be verified through a terminal to obtain a target file block of the file to be verified, hash calculation is carried out on watermarks in the target file block to obtain real hash values corresponding to the watermarks, the target file block is uploaded to a file storage end, and the real hash values are uploaded to a file verification request end; the file verification request end sends a file verification request carrying a true hash value to the file storage end; the file storage end responds to a file verification request, watermark extraction processing is carried out on the target file block, watermark to be verified in the target file block is obtained, hash calculation is carried out on the watermark to be verified, a hash value to be verified corresponding to the watermark to be verified is obtained, verification is carried out on the hash value to be verified according to the real hash value, and a verification result of the file to be verified is obtained. In this way, when the file verification is performed, the automatic file verification is realized through watermark embedding, hash calculation, file uploading to file verification request response and verification processing, so that the efficiency and accuracy of the file verification are improved.

In an exemplary embodiment, the target file block of the file to be verified, which is uploaded by the receiving terminal, specifically includes the following contents: receiving a public key sent by a terminal, and receiving a target file block uploaded by the terminal, a file identifier of a file to be verified, a real hash value and a digital signature of the file to be verified; performing splicing processing on the file identifier and the real hash value to obtain a second spliced hash value of the file to be verified; verifying the digital signature by using the public key and the second spliced hash value to obtain a verification result of the digital signature; in the case where the verification result of the digital signature indicates correct, the target file block is stored.

The second splicing hash value may be a hash value obtained by splicing and calculating the file identifier and the real hash value by the file storage terminal.

The verification result of the digital signature can be obtained by verifying the digital signature by the file storage end through the public key and is used for indicating whether the digital signature verification is correct or not.

Optionally, the file storage terminal receives the public key sent by the terminal, and receives the target file block, the file identifier, the real hash value and the digital signature uploaded by the terminal; splicing the file identifier and the real hash value to obtain a second spliced hash value; verifying whether the digital signature is correct or not according to the public key and the second spliced hash value, if the digital signature passes verification, the digital signature verification result is correct, and if the digital signature does not pass verification, the digital signature verification result is incorrect; and if the verification result of the digital signature is correct, indicating that the verification of the target file block is passed, storing the target file block.

According to the technical scheme provided by the embodiment, the integrity of the target file block is verified by utilizing the digital signature, so that only the file block passing verification can be stored by the file storage end, the safety and the accuracy of file uploading are ensured, and the efficiency and the accuracy of file verification are improved.

In an exemplary embodiment, as shown in fig. 4, a file verification method is provided, and this embodiment is applied to a file verification request end for illustration by using the method. In this embodiment, the method includes the steps of:

Step S401, receiving a real hash value uploaded by a terminal; the terminal is used for carrying out watermark embedding processing on the file blocks under the file to be verified to obtain target file blocks of the file to be verified, carrying out hash calculation on the watermarks in the target file blocks to obtain real hash values corresponding to the watermarks, and uploading the target file blocks to the file storage end; the document to be verified belongs to the financial document.

Step S402, a file verification request carrying a real hash value is sent to a file storage end; the file storage end is used for responding to a file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

Optionally, the terminal performs watermark embedding processing on the file blocks under the file to be verified to obtain target file blocks of the file to be verified, performs hash calculation on the watermarks in the target file blocks to obtain real hash values corresponding to the watermarks, uploads the target file blocks to the file storage end, and uploads the real hash values to the file verification request end. The file verification request terminal receives the true hash value uploaded by the terminal; and sending a file verification request carrying the real hash value to a file storage end. The file storage end responds to a file verification request, watermark extraction processing is carried out on the target file block, watermark to be verified in the target file block is obtained, hash calculation is carried out on the watermark to be verified, a hash value to be verified corresponding to the watermark to be verified is obtained, verification is carried out on the hash value to be verified according to the real hash value, and a verification result of the file to be verified is obtained.

In the file verification method, a real hash value uploaded by a terminal is received; the terminal is used for carrying out watermark embedding processing on the file blocks under the file to be verified to obtain target file blocks of the file to be verified, carrying out hash calculation on the watermarks in the target file blocks to obtain real hash values corresponding to the watermarks, and uploading the target file blocks to the file storage end; the file to be verified belongs to the financial file; sending a file verification request carrying a real hash value to a file storage end; the file storage end is used for responding to a file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified. According to the scheme, watermark embedding processing is carried out on a file block under a file to be verified through a terminal to obtain a target file block of the file to be verified, hash calculation is carried out on watermarks in the target file block to obtain real hash values corresponding to the watermarks, the target file block is uploaded to a file storage end, and the real hash values are uploaded to a file verification request end; the file verification request end sends a file verification request carrying a true hash value to the file storage end; the file storage end responds to a file verification request, watermark extraction processing is carried out on the target file block, watermark to be verified in the target file block is obtained, hash calculation is carried out on the watermark to be verified, a hash value to be verified corresponding to the watermark to be verified is obtained, verification is carried out on the hash value to be verified according to the real hash value, and a verification result of the file to be verified is obtained. In this way, when the file verification is performed, the automatic file verification is realized through watermark embedding, hash calculation, file uploading to file verification request response and verification processing, so that the efficiency and accuracy of the file verification are improved.

In an exemplary embodiment, the file verification request carrying the true hash value is sent to the file storage end, which specifically includes the following contents: selecting part of real hash values from the real hash values; and sending a file verification request carrying the file identifier and part of the true hash value of the file to be verified to a file storage end.

The partial real hash value may be a part of real hash values randomly selected from all received real hash values by the file verification request terminal.

Optionally, the file verification request terminal selects part of the real hash values from the real hash values; and sending a file verification request carrying the file identifier of the file to be verified and the part of the real hash value to a file storage end.

For example, the terminal performs watermark embedding processing on a group of file blocks (such as 10 file blocks) under the file to be verified to obtain the 10 target file blocks respectively; carrying out hash calculation on the watermarks in the 10 target file blocks to respectively obtain real hash values corresponding to the 10 watermarks; and uploading the 10 target file blocks to a file storage end, and simultaneously uploading the 10 real hash values to a file verification request end. The file verification request terminal receives 10 real hash values. The file verification request terminal randomly selects a part (such as 3) hash values from the 10 real hash values; and forming a file verification request by the file identifier of the file to be verified and the 3 real hash values, and sending the file verification request to a file storage end. The file storage end acquires corresponding 3 target file blocks from the storage according to the file identifier; watermark extraction is carried out on the 3 target file blocks, so that hash values of 3 watermarks to be tested are respectively obtained; and comparing the 3 hash values to be verified with 3 real hash values in the file verification request, and if the 3 hash values are matched, verifying that the 3 file blocks pass, and confirming that the verification result of the file to be verified indicates correct or pass.

According to the technical scheme provided by the embodiment, the random verification is carried out on the part of the file blocks of the file to be verified, so that whether the file to be verified is tampered or not can be effectively detected, and the efficiency of file verification is improved.

In one exemplary embodiment, referring to FIG. 1, a document authentication system is provided, the system comprising: the system comprises a terminal, a file storage end and a file verification request end;

The terminal is used for carrying out watermark embedding processing on the file blocks under the file to be verified to obtain target file blocks of the file to be verified, carrying out hash calculation on the watermarks in the target file blocks to obtain real hash values corresponding to the watermarks, uploading the target file blocks to the file storage end, and uploading the real hash values to the file verification request end; the file to be verified belongs to the financial file;

The file verification request end is used for sending a file verification request carrying a real hash value to the file storage end;

the file storage end is used for responding to a file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

Optionally, the terminal performs watermark embedding processing on a file block under the file to be verified to obtain a target file block of the file to be verified, performs hash calculation on the watermark in the target file block to obtain a real hash value corresponding to the watermark, uploads the target file block to the file storage end, and uploads the real hash value to the file verification request end. The file verification request end sends a file verification request carrying a real hash value to the file storage end. The file storage end responds to a file verification request, watermark extraction processing is carried out on the target file block, watermark to be verified in the target file block is obtained, hash calculation is carried out on the watermark to be verified, a hash value to be verified corresponding to the watermark to be verified is obtained, verification is carried out on the hash value to be verified according to the real hash value, and a verification result of the file to be verified is obtained.

In the file verification system, the terminal performs watermark embedding processing on the file blocks under the file to be verified to obtain target file blocks of the file to be verified; the file to be verified belongs to the financial file; carrying out hash calculation on the watermark in the target file block to obtain a real hash value corresponding to the watermark; uploading the target file block to a file storage end and uploading the real hash value to a file verification request end; the file verification request end is used for sending a file verification request carrying a real hash value to the file storage end; the file storage end is used for responding to a file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified. According to the scheme, watermark embedding processing is carried out on a file block under a file to be verified through a terminal to obtain a target file block of the file to be verified, hash calculation is carried out on watermarks in the target file block to obtain real hash values corresponding to the watermarks, the target file block is uploaded to a file storage end, and the real hash values are uploaded to a file verification request end; the file verification request end sends a file verification request carrying a true hash value to the file storage end; the file storage end responds to a file verification request, watermark extraction processing is carried out on the target file block, watermark to be verified in the target file block is obtained, hash calculation is carried out on the watermark to be verified, a hash value to be verified corresponding to the watermark to be verified is obtained, verification is carried out on the hash value to be verified according to the real hash value, and a verification result of the file to be verified is obtained. In this way, when the file verification is performed, the automatic file verification is realized through watermark embedding, hash calculation, file uploading to file verification request response and verification processing, so that the efficiency and accuracy of the file verification are improved.

The file verification method provided by the application is described in the following embodiment, and the embodiment is applied to a terminal, a file storage end and a file verification request end for illustration by using the method, and the main steps include:

The method comprises the steps that a terminal performs watermark embedding processing on file blocks under a file to be verified to obtain target file blocks of the file to be verified; the file to be verified belongs to the financial file; and carrying out hash calculation on the watermark in the target file block to obtain a real hash value corresponding to the watermark.

Step two, the terminal generates a signature key pair of the terminal; the signature key pair comprises a private key and a public key; sending the public key to a file storage end; performing splicing processing on the file identifier of the file to be verified and the real hash value to obtain a first spliced hash value of the file to be verified; carrying out signature processing on the first spliced hash value by using a private key to obtain a digital signature of the file to be verified; and uploading the target file block, the file identifier, the real hash value and the digital signature to a file storage end.

Thirdly, receiving a real hash value uploaded by the terminal by the file verification request terminal; selecting part of real hash values from the real hash values; and sending a file verification request carrying the file identifier and part of the true hash value of the file to be verified to a file storage end.

A fourth step, a file storage terminal receives a public key sent by a terminal, and a target file block uploaded by the terminal, a file identifier of a file to be verified, a real hash value and a digital signature of the file to be verified; performing splicing processing on the file identifier and the real hash value to obtain a second spliced hash value of the file to be verified; verifying the digital signature by using the public key and the second spliced hash value to obtain a verification result of the digital signature; in the case where the verification result of the digital signature indicates correct, the target file block is stored.

Fifthly, the terminal responds to a file verification request carrying a real hash value sent by a file verification request terminal, and watermark extraction processing is carried out on a target file block to obtain a watermark to be verified in the target file block; carrying out hash calculation on the watermark to be tested to obtain a hash value to be tested corresponding to the watermark to be tested; and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

Sixthly, the terminal acquires a file block updating instruction aiming at the file to be verified; transmitting a file block update instruction to a file storage end and a file verification request end; the file block updating instruction is used for indicating the file storage end to modify, insert or delete the stored target file block; the file block update instruction is further used for indicating the file verification request end to modify, insert or delete the stored true hash value.

According to the technical scheme provided by the embodiment, watermark embedding processing is carried out on the file blocks under the file to be verified through the terminal, so that target file blocks of the file to be verified are obtained, hash calculation is carried out on watermarks in the target file blocks, real hash values corresponding to the watermarks are obtained, the target file blocks are uploaded to the file storage end, and the real hash values are uploaded to the file verification request end; the file verification request end sends a file verification request carrying a true hash value to the file storage end; the file storage end responds to a file verification request, watermark extraction processing is carried out on the target file block, watermark to be verified in the target file block is obtained, hash calculation is carried out on the watermark to be verified, a hash value to be verified corresponding to the watermark to be verified is obtained, verification is carried out on the hash value to be verified according to the real hash value, and a verification result of the file to be verified is obtained. In this way, when the file verification is performed, the automatic file verification is realized through watermark embedding, hash calculation, file uploading to file verification request response and verification processing, so that the efficiency and accuracy of the file verification are improved.

In cloud storage security, in order to ensure that data is stored in a cloud server completely, cloud data security audit is proposed. The cloud data security audit requires that the audited file is not required to be downloaded to be locally verified when the data on the cloud server is audited, namely, small communication overhead is ensured as much as possible. Meanwhile, when the integrity check is performed on the data, the high efficiency of calculation needs to be ensured. The cloud data security audit requires the smallest possible calculation overhead for integrity verification, in particular to the calculation overhead of a user side and a third party auditor side. The document verification method provided by the present application is described below with an application example. By means of the digital watermarking, the integrity audit of cloud storage data can be achieved through light calculation cost of a user. The third party auditor can realize the data integrity audit without downloading the data of the user in the cloud server through the software protection extension technology, namely, the third party auditor can complete the integrity verification of the cloud data of the user through a small amount of calculation cost and communication cost. This not only avoids the serious overhead of computation and communication of third party auditors, but also ensures the privacy security of user data. In addition, the scheme provides dynamic updating of the dynamic watermark hash chain supporting data and solves the problem of data preservation. The application example is exemplified by the application of the method to a terminal (such as a user side), a file storage side (such as a cloud server side) and a file verification request side (such as a third party auditor side), and refer to fig. 5.

Referring to fig. 5, the client includes the following modules: a file preprocessing module: the module is used for dividing a file to be uploaded into a plurality of file blocks by a user side, respectively embedding different fragile watermarks into each file block, storing all watermark information and calculating hash values of all watermark information. The user side sends the hash value of the information embedded with the watermark to a third party auditor side, and sends the file block embedded with the watermark and the generated metadata to a cloud server side (transmitting the file and the related metadata).

Referring to fig. 5, the computing scheduler in the third party auditor side includes the following modules: and a pretreatment module: the module is used for a third party auditor to initiate trusted environment authentication and establish a trusted channel to a cloud server. Challenge module: the module is used for a third party auditor to send audit challenge information to a cloud server. And a result processing module: the module is used for a third party auditor to process the verification result generated by the cloud server and acquire result information.

Referring to fig. 5, the cloud server deploys an untrusted software area, and also deploys a trusted software area, i.e., an SGX (software protection extension) environment. The cloud server side comprises the following modules:

File verification and storage module: the module is in an area (trusted container) of non-trusted software and is used for receiving the file uploaded by the user side and the metadata related to the verification thereof and storing the file passing the verification. Wherein, the trusted environment attestation module: in the module, the cloud server side establishes a trusted container according to the authentication request and establishes a trusted channel with the third party auditor side. Audit verification module: and loading the corresponding file and the metadata thereof into a trusted container by the cloud server side in the module according to the challenge information, and verifying the integrity of the file.

The specific flow of the application example is as follows:

The audit model (audit system) comprises a user end, a third party auditor end and a cloud server end. Cryptographic parameters and variables are set based on the system. Let the system security parameter be l, and the large prime number p satisfies |p|=l; g is a multiplication cyclic group with a large prime number p, and G is a generator of the group G; h (∙) is a cryptographic hash function; h (∙) is a secure hash function and is defined as H (∙): {0,1} → G.

The process comprises a file preprocessing stage, a trusted environment construction stage, a verification stage and a data dynamic update stage.

A file preprocessing stage: the user side generates a signature key pair (sk, pk), wherein sk is a private key, pk is a public key, and the user side issues own public key pk to the cloud server side and the third party auditor side; an identifier F _id is generated for the file F, which is divided by the user into n file blocks f= { m ₁,m₂……m_n }, where m ₁,m₂……m_n respectively represents different file blocks and n represents the number of file blocks. The example adopts a Y-M (Yeung-Mintzer) algorithm (fragile watermark algorithm), wherein a key corresponding to the algorithm is a, a corresponding watermark is generated for each file block to obtain a watermark set W= { W ₁,w₂……w_n }, W ₁,w₂……w_n respectively represents different watermarks, and different fragile watermarks are respectively embedded into each file block to obtain a watermarked file F' = { b ₁,b₂……b_n }, b ₁,b₂……b_n respectively represents different watermarked files, and the calculation formula of the file block b _i (i=1, 2 … … n) is as follows:

Wherein the method comprises the steps of The embedding of the binary watermark w _i (i=1, 2 … … n) into the file block m _i is shown. Next, a watermark hash value set/>, is generated= { H (wi) |i=1, 2 … … n }, and the hash value μ is calculated after the file identifier F _id and the watermark hash value are spliced one by one:

，

Where w ₁、w₂……w_n each represent a different binary watermark.

Generating a digital signature for a hash value mu with a private key sk：

，

Wherein,Representing the generation of a digital signature on the hash value mu with the private key sk. The user then watermarks the file F' = { b1, b2 … … bn }, the file identifier F _id, the watermark hash value set/>= { H (wi) |i=1, 2 … … n } and signature/>And sending the cloud server to a cloud server. And after the cloud server receives the data of the user terminal, the data are subjected to validity verification. The cloud server calculates hash value/>, after calculating file identifier F _id and watermark hash value to splice one by oneThe method is characterized by comprising the following steps:

，

Then using the public key pk and the hash value To signature/>The verification is carried out as follows:

；

Wherein the method comprises the steps of Representing the hash value/>, with the public key pkTo signature/>And (5) performing verification. Finally, if/>True, then saving the uploaded data; if/>The value of False (False) requires the client to re-upload.

Meanwhile, the user side hashes the parameter key a of the file identifier F _id and the parameter key a of the Y-M algorithm with the watermark hash value set= { H (w _i) |i=1, 2 … … n } and signature/>And sending to a third party auditor side. After the third party auditor receives the data of the user terminal, the data are validated, and the validation step is consistent with the cloud service terminal: the third party auditor calculates the hash value/>, after calculating the file identifier F _id and the watermark hash value to splice one by oneThe method is characterized by comprising the following steps:

，

；

Wherein the method comprises the steps of Representing the hash value/>, with the public key pkTo signature/>And (5) performing verification. If/>If the value of (1) is True, saving the uploaded data; if/>The value of (2) is False, and the user terminal is required to upload again. After successful verification, the third party auditor terminal hashes the watermark value set/>= { H (w _i) |i=1, 2 … … n } constructs a watermark dynamic hash (containing hash values as shown in fig. 6), and pads for subsequent supporting data dynamic updates.

Trusted environment construction phase: and the third party auditor initiates SGX trusted environment authentication to the server, and a trusted container is created in the server and a trusted channel is established with the trusted container.

Audit verification stage: third party auditor terminal randomly selects file block sequence numbers to obtain setAnd corresponding watermark hash value sets/>Where c is the number of data blocks selected as challenges; then the third party auditor side uploads the file identifier F _id and the file block sequence number to obtain a set/>, through a trusted channelParameter key a and watermark hash value set/>, of Y-M algorithmTo the cloud server side.

The cloud server obtains a set according to the file identifier F _id and the file block sequence numberLoading corresponding file block sets/>, from outside of trusted containerInto a trusted container and for each file block/>Extracting the watermark to obtain a watermark set/>The method is characterized by comprising the following steps:

，

Wherein the method comprises the steps of Representation of file block/>And extracting the watermark. Then for watermark collection/>Calculates a hash value set/>, for each watermark of the watermarkAnd hash the values of the watermarks respectively/>And/>A comparison is made. If all the watermark hash values are the same, the audit is passed, otherwise, file damage exists. And finally, the auditing result is returned to the third party auditor through a trusted channel.

A data dynamic updating stage:

Dynamic updating includes file block modification, file block insertion, and file block deletion, and the above three updating operations will be described in detail below.

File block modification: suppose that the user needs to update the i-th file block m _i of the file to. For file block/>Watermark/>Obtaining a file block/>, containing a watermark. Next, the user generates a watermark hash value/>And hash the file identifier F _id and the watermark value/>Calculating hash value/>, after splicing：/>。

Hash value pair with private key skGenerating a digital signature/>：/>。

The user side then watermarks the file blocksModification identity, file block location i, file identifier F _id, watermark hash value/>And signature/>And sending the cloud server to a cloud server.

And after the cloud server receives the data of the user terminal, the data are subjected to validity verification. Cloud server side calculates file identifier F _id and watermark hash valueCalculating hash value/>, after splicingThe method is characterized by comprising the following steps: /(I)。

Then using the public key pk and the hash valueTo signature/>The verification is carried out as follows:

；

finally if The value of (2) is False, and the user terminal is required to upload again; if/>If the value of (1) is True, then the file block b _i and the corresponding watermark hash value/>Modified as file block/>, respectivelyAnd watermark hash value/>。

At the same time, the user side modifies the file identifier F _id, the modification identifier, the file block position i and the watermark hash valueSignatureAnd sending the third party auditor terminal. And after the third party auditor receives the data of the user terminal, carrying out validity verification on the data, wherein the verification step is consistent with the cloud service terminal. If the verification fails, the third party auditor terminal requests the user terminal to upload again; if the verification is passed, modifying the watermark hash value/>, in the watermark dynamic hash chainFor/>(As shown in fig. 7, the hash value is modified).

File block insertion: suppose a user needs to insert a new data blockAfter the ith file block m _i. For file block/>Embedding watermark/>Obtaining a file block/>, containing a watermark. Then, the user terminal generates a watermark hash valueAnd hash the file identifier F _id and the watermark value/>Calculating hash value/>, after splicing：/>。

Hash value pair with private key skGenerating a digital signature/>：/>。/>

The user side then watermarks the file blocksInsert identification, file block location i, file identifier F _id, watermark hash value/>And signature/>And sending the cloud server to a cloud server.

Then using the public key pk and the hash valueTo signature/>The verification is carried out as follows: /(I)。

Finally ifThe value of (2) is False, and the user terminal is required to upload again; if/>The value of (1) is True, the server side hashes the value/>, on the ith file block b _i and the watermark of (i) >Then insert file blocks/>, respectivelyAnd watermark hash value/>。

At the same time, the user terminal inserts the file identifier F _id, the identifier, the file block position i and the watermark hash valueSignatureAnd sending the third party auditor terminal. And after the third party auditor receives the data of the user terminal, carrying out validity verification on the data, wherein the verification step is consistent with the cloud service terminal. If the verification fails, the third party auditor terminal requests the user terminal to upload again; if the verification is passed, the i-th watermark hash value/>, of the watermark dynamic hash chainAfter insertion/>(As shown in fig. 8, hash values are inserted).

Deleting data blocks: suppose that the user requests that the i-th data block m _i of the file be deleted. The user side sends a deletion request to the cloud server side, and the deletion request comprises information: the file identifier F _id, the identifier, the file block location i, is deleted. When the cloud service end receives the deletion request, the ith file block b _i and the corresponding watermark hash value are deleted. Meanwhile, the user side sends a deleting request to a third party auditor side, and the deleting request comprises information: file identifier F _id, delete identifier, file block location i. When the third party auditor receives the deletion request, deleting the ith watermark hash value/>, in the watermark dynamic hash chain(As shown in fig. 9, the hash value is deleted).

And 1, no need to download the original data on the cloud server. 2. And the lightweight audit avoids serious cryptography calculation and communication overhead. 3. The method supports dynamic updating of the file and solves the problem of data preservation. 4. And supporting public auditing, namely supporting a third party auditor to audit. 5. In public auditing, user privacy is supported without increasing computing and communication overhead. 6. The method supports the integrity cloud audit of digital multimedia files such as video, audio and the like, and can also be extended to the audit of any file.

The technical scheme provided by the application example realizes the improvement of the efficiency and the accuracy of file verification.

It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

Based on the same inventive concept, the embodiment of the application also provides a file verification device for realizing the above related file verification method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in one or more embodiments of the document verification device provided below may refer to the limitation of the document verification method hereinabove, and will not be repeated herein.

In an exemplary embodiment, as shown in fig. 10, there is provided a file verification apparatus, which is applied to a terminal, the file verification apparatus 1000 may include:

The watermark embedding module 1001 is configured to perform watermark embedding processing on a file block under a file to be verified, so as to obtain a target file block of the file to be verified; the file to be verified belongs to the financial file;

The first calculation module 1002 is configured to perform hash calculation on the watermark in the target file block, so as to obtain a real hash value corresponding to the watermark;

A target uploading module 1003, configured to upload the target file block to the file storage terminal, and upload the real hash value to the file verification request terminal; the file verification request end is used for sending a file verification request carrying a real hash value to the file storage end; the file storage end is used for responding to a file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

In an exemplary embodiment, the apparatus 1000 further includes: the public key sending module is used for generating a signature key pair of the terminal; the signature key pair comprises a private key and a public key; sending the public key to a file storage end; the target uploading module 1003 is further configured to perform a splicing process on the file identifier of the file to be verified and the real hash value, so as to obtain a first spliced hash value of the file to be verified; carrying out signature processing on the first spliced hash value by using a private key to obtain a digital signature of the file to be verified; and uploading the target file block, the file identifier, the real hash value and the digital signature to a file storage end.

In an exemplary embodiment, the apparatus 1000 further includes: the instruction sending module is used for obtaining a file block updating instruction aiming at the file to be verified; transmitting a file block update instruction to a file storage end and a file verification request end; the file block updating instruction is used for indicating the file storage end to modify, insert or delete the stored target file block; the file block update instruction is further used for indicating the file verification request end to modify, insert or delete the stored true hash value.

In an exemplary embodiment, as shown in fig. 11, a file verification apparatus is provided, applied to a file storage terminal, and the file verification apparatus 1100 may include:

A first receiving module 1101, configured to receive a target file block of a file to be verified uploaded by a terminal; the terminal is used for carrying out watermark embedding processing on the file blocks under the file to be verified to obtain target file blocks, carrying out hash calculation on the watermarks in the target file blocks to obtain real hash values corresponding to the watermarks, and uploading the real hash values to the file verification request terminal; the file to be verified belongs to the financial file;

The request response module 1102 is configured to respond to a file verification request carrying a real hash value sent by a file verification request end, and perform watermark extraction processing on a target file block to obtain a watermark to be verified in the target file block;

a second calculating module 1103, configured to perform hash calculation on the watermark to be tested to obtain a hash value to be tested corresponding to the watermark to be tested;

The hash verification module 1104 is configured to verify the hash value to be verified according to the real hash value, and obtain a verification result of the file to be verified.

In an exemplary embodiment, the first receiving module 1101 is further configured to receive a public key sent by the terminal, and receive a target file block uploaded by the terminal, a file identifier of a file to be verified, a real hash value, and a digital signature of the file to be verified; performing splicing processing on the file identifier and the real hash value to obtain a second spliced hash value of the file to be verified; verifying the digital signature by using the public key and the second spliced hash value to obtain a verification result of the digital signature; in the case where the verification result of the digital signature indicates correct, the target file block is stored.

In an exemplary embodiment, as shown in fig. 12, a file verification apparatus is provided, which is applied to a file verification request terminal, the file verification apparatus 1200 may include:

A second receiving module 1201, configured to receive the actual hash value uploaded by the terminal; the terminal is used for carrying out watermark embedding processing on the file blocks under the file to be verified to obtain target file blocks of the file to be verified, carrying out hash calculation on the watermarks in the target file blocks to obtain real hash values corresponding to the watermarks, and uploading the target file blocks to the file storage end; the file to be verified belongs to the financial file;

A request sending module 1202, configured to send a file verification request carrying a real hash value to a file storage end; the file storage end is used for responding to a file verification request, carrying out watermark extraction processing on the target file block to obtain a watermark to be verified in the target file block, carrying out hash calculation on the watermark to be verified to obtain a hash value to be verified corresponding to the watermark to be verified, and verifying the hash value to be verified according to the real hash value to obtain a verification result of the file to be verified.

In an exemplary embodiment, the request sending module 1202 is further configured to select a part of the true hash value from the true hash values; and sending a file verification request carrying the file identifier and part of the true hash value of the file to be verified to a file storage end.

The respective modules in the above-described document authentication apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

It should be noted that the method and apparatus for file verification provided by the present application may be used in the application field related to file verification in the field of financial technology, and may also be used in the process related to file verification in any field other than the field of financial technology.

In an exemplary embodiment, a computer device, which may be a terminal, is provided, and an internal structure thereof may be as shown in fig. 13. The computer device includes a processor, a memory, an input/output interface, a communication interface, a display unit, and an input means. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface, the display unit and the input device are connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a method of document authentication. The display unit of the computer device is used for forming a visual picture, and can be a display screen, a projection device or a virtual reality imaging device. The display screen can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be a key, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.

In one exemplary embodiment, a computer device is provided, which may be a server, and the internal structure thereof may be as shown in fig. 14. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used to store data related to file verification, such as target file blocks or actual hash values. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of document authentication.

It will be appreciated by those skilled in the art that the structures shown in fig. 13 and 14 are merely block diagrams of portions of structures associated with aspects of the present application and are not intended to limit the computer device to which aspects of the present application may be applied, and that a particular computer device may include more or less components than those shown, or may combine some of the components, or have a different arrangement of components.

In an exemplary embodiment, a computer device is also provided, comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.

In one exemplary embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method embodiments described above.

In an exemplary embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magneto-resistive random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (PHASE CHANGE Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims

1. A method for verifying a file, the method being applied to a terminal, the method comprising:

2. The method of claim 1, further comprising, prior to uploading the target file block to a file store:

Sending the public key to the file storage end;

3. The method according to claim 1, wherein the method further comprises:

acquiring a file block updating instruction aiming at the file to be verified;

4. A method for verifying a file, the method being applied to a file storage terminal, the method comprising:

5. The method of claim 4, wherein the receiving the target file block of the file to be verified uploaded by the terminal includes:

6. A method for verifying a file, applied to a file verification request terminal, the method comprising:

7. The method of claim 6, wherein the sending the file verification request carrying the true hash value to the file storage comprises:

selecting part of real hash values from the real hash values;

8. A document authentication apparatus, characterized by being applied to a terminal, the apparatus comprising:

9. A document authentication apparatus, for use on a document storage side, the apparatus comprising:

10. A document authentication apparatus, for use with a document authentication requester, the apparatus comprising:

11. A document authentication system, the system comprising: the system comprises a terminal, a file storage end and a file verification request end;

12. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 7 when the computer program is executed.

13. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 7.

14. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 7.