CN1209710C - Digital watermark journal structural method - Google Patents
Digital watermark journal structural method Download PDFInfo
- Publication number
- CN1209710C CN1209710C CN 03117843 CN03117843A CN1209710C CN 1209710 C CN1209710 C CN 1209710C CN 03117843 CN03117843 CN 03117843 CN 03117843 A CN03117843 A CN 03117843A CN 1209710 C CN1209710 C CN 1209710C
- Authority
- CN
- China
- Prior art keywords
- file
- digital watermarking
- log
- record
- hashed value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Editing Of Facsimile Originals (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a construction method for digital watermark logs, which belongs to the field of information safety. The present invention is characterized in that a digital watermark technology and an encryption technology are applied to the operation of log files for preventing log contents from capturing, revising and reconstructing by a third party and ensuring the authority, the undeniableness and the integrity of the log files. The present invention can be widely used for the configuration of safety logs of computer operation systems, network systems, database systems, servers and various application systems, and the present invention has a wide application prospect.
Description
One, technical field
The present invention proposes a kind of building method of digital watermarking daily record, belongs to information security field, to realize authority, non-repudiation and the integrality of computer system daily record.
Two, background technology
At present, the journal file of computer system is stored in the server with clear-text way, and this mode is very dangerous, and log record is illegally distorted or destroyed by the people easily, can not be as court evidence, and this brings difficulty to daily record audit and computer forensics.
The Chinese patent publication number is the application case of CN1317745, is daily record data to be deposited in only allow that data are recorded in once the recording medium.Though this method can prevent illegal modifications, cost is too high and be unfavorable for safeguarding.The Chinese patent publication number is that the application case of CN1341902A is that daily record data is utilized special-purpose circuit and microprocessor, be stored in the jumbo not volatilizable storage array after daily record data encrypted, can verify the true and false of wall scroll log record data, can not verify the integrality of whole journal file, and must rely on specialized equipment, the cost height, range of application has significant limitation.
Three, summary of the invention
The present invention introduces digital watermark technology in the computer system journal file, by in log record, embedding secret information---and authority, non-repudiation and the integrality of log record guaranteed in watermark.This watermark that is embedded into can be passage, sign, sequence number and image etc., and this watermark is normally invisible maybe can not examine, it and original log record is combined closely and is hidden wherein, does not influence operations such as audit to log record, inquiry.
The digital watermarking daily record building method that the present invention proposes, this method construct journal file, it is characterized in that journal file is the digital watermarking journal file, the structure of this document comprises file header and digital watermarking log record, wherein file header comprises five partial contents: file identifier, digest algorithm identifier, rivest, shamir, adelman identifier, watermark, file signature data, the digital watermarking log record comprises two parts content: log content and record signed data
Structure may further comprise the steps:
The step of the generation of digital watermarking journal file head comprises the step of the identifier that fills up a document, digest algorithm identifier, rivest, shamir, adelman identifier, watermark; Make the file signature data be empty step; Log record of later every increase, the step of revised file signed data;
The step of the generation of digital watermarking log record comprises and uses digest algorithm that log content and watermark are carried out hash operations, generates the step of hashed value; Use encrypted private key hashed value and watermark, generate the secret value step; Create the step of a new digital watermarking log record; Secret value is write the step of the file signature data division of digital watermarking log record; Log content is write the step of the log content part of digital watermarking log record;
The step of the integrity verification of digital watermarking journal file comprises the step that reads the file signature data from file header; With PKI declassified document signed data, obtain the step of hashed value; Read the step of the log content part of each digital watermarking log record in the file; Use digest algorithm, all log content are carried out hash operations, the step of the hashed value that must make new advances; Relatively two hashed values draw the step of verifying the result;
The authority of digital watermarking log record and the step of undeniable checking comprise the signed data step partly that reads the digital watermarking log record; With the PKI deciphering, obtain the step of hashed value; Read the step of the log content part of digital watermarking log record; Use digest algorithm that log content and watermark are carried out hash operations, draw the step of another hashed value; Relatively two hashed values draw the step of verifying the result.
In the generation step of the digital watermarking journal file head of said method, the step of revised file signed data comprises the step that reads the file signature data from file header; With PKI declassified document signed data, obtain the step of hashed value; Use digest algorithm that hashed value and log content are carried out hash operations, obtain the step of new hashed value; Use private key that new hashed value is encrypted, obtain the step of secret value; Secret value is write back the step of the file signature data division of file header.
The digital watermarking daily record of the inventive method structure, can prevent that log content from being revised and reconstruct by the third party, guarantee authority, non-repudiation and the integrality of journal file, can be as court evidence, can be widely used in the structure of the security log file of computer operating system, network system, Database Systems, server and various application systems, have broad application prospects.
Four, description of drawings
Fig. 1 is the structural drawing of the digital watermarking journal file of the inventive method structure;
Fig. 2 is the generation model figure of digital watermarking log record of the present invention;
Fig. 3 is the generation model figure of digital watermarking journal file signed data of the present invention;
Fig. 4 is the verification model figure of digital watermarking journal file integrality of the present invention;
Fig. 5 is the verification model figure of digital watermarking log record authority of the present invention and non-repudiation.
Five, embodiment
Below in conjunction with accompanying drawing; principle of the present invention and feature are specifically described; be necessary to be pointed out that at this following description only is used for that the invention will be further described; can not be interpreted as limiting the scope of the invention; the person skilled in the art in this field content according to the present invention is made some nonessential improvement and adjustment to the present invention, still belongs to protection scope of the present invention.
In below describing, noun that uses among the figure and symbol definition are:
1) H: digest algorithm, specify by the digest algorithm identifier of digital watermarking journal file head.
2) K
PV: be the private key of digital watermarking journal file.
3) K
PB: be the PKI of digital watermarking journal file.
Remarks: K
PV, K
PBBe pair of secret keys, corresponding as RSA key with the rivest, shamir, adelman of file header appointment, K
PV, K
PBMust under the environment of safety, produce, and must properly preserve.Private key K
PVBe used for enciphered data, PKI K
PBBe used for data decryption.
4) P
KPV(D): expression utilizes private key K
PV, the cryptographic algorithm that adopts file header to indicate is carried out cryptographic calculation to information D, is similar to digital signature procedure.
5) P
KPB' (D): expression utilizes PKI K
PB, the cryptographic algorithm that adopts file header to indicate is decrypted computing to information D, is similar to the certifying signature process.
6) W: watermark, partly specify by the watermark of digital watermarking journal file head.
7)+: the character string concatenation operation.
In addition, what deserves to be explained is that in institute's drawings attached, hypographous block diagram shows that the data in the block diagram are ciphertexts.
The digital watermarking journal file of the inventive method structure is the file of an order, is different from common journal file on the structure, and it comprises file header and digital watermarking log record two parts, as shown in Figure 1.
Wherein file header comprises five partial contents:
1) file identifier
Character string, reference numbers watermark journal file.
2) digest algorithm identifier
Character string, the digest algorithm that expression digital watermarking journal file uses.Can adopt digest algorithm commonly used at present both at home and abroad, as: MD2, MD5 and SHA1 etc.
3) rivest, shamir, adelman identifier
Character string, the rivest, shamir, adelman that expression digital watermarking journal file uses.Can adopt rivest, shamir, adelman commonly used both at home and abroad, as: RSA, DSA, ECC and DH etc.
4) watermark
Binary string can be passage, sign, sequence number and image etc.
5) file signature data
Binary string is used to detect the integrality of journal file.Mainly comprise watermark, all log record summary infos etc., store after the algorithm for encryption of these information by the appointment of top rivest, shamir, adelman identifier.The digital watermarking log record comprises two parts content:
1) log content
Exist with clear-text way, be used for the log content, functions such as the user browses, inquiry are provided.
2) record signed data
Binary string exists with encrypted test mode, is used to detect the authority and the non-repudiation of log record.The record signed data is transparent to the user, and the user can not operate it.
When creating the digital watermarking journal file, at first fill up a document head for information about, as: file identifier, digest algorithm identifier, rivest, shamir, adelman identifier, watermark, file signature data.Wherein the file signature data field is empty, log record of later every increase, this field is all corresponding to change, the file signature data field comes down to the ciphertext form of the summary info of all daily records in the journal file, the trickle change of any log record all will cause the greatest differences of summary info, therefore, verify the signing messages of this field, can verify the integrality of whole journal file.
After the digital watermarking journal file was created, log content of every interpolation according to the relevant information of file header, can produce a record signed data, then log content and record signed data is merged into a digital watermarking log record, writes end of file.Wherein, log content partly is expressly, and is disclosed to the user, can browse it, operation such as inquiry; And the record signed data partly is a ciphertext, is transparent to the user.The record signed data comes down to the ciphertext form of this log content summary info, any slight change of this daily record all will cause the greatest differences of summary info, therefore, verify the signing messages of this field, can verify integrality, primitiveness and the non-repudiation etc. of this record.
Add the generation model of a daily record L in the digital watermarking journal file, as shown in Figure 2, concrete steps are as follows:
1. use digest algorithm H, (L+W) carried out hash operations, obtain a hashed value D, that is: D=H (L+W).
2. use private key K
PVEncrypt (D+W), obtain writing down signed data E, that is:
3. create a new digital watermarking log record R at the digital watermarking end-of-file.
4. daily record L is write the daily record part of R.
5. record signed data E is write the record signed data part of R.
After the digital watermarking journal file adds a daily record L, must revise the file signature data division of digital watermarking journal file head.The generation model of file signature data as shown in Figure 3, concrete steps are as follows:
1. read file signature data S from file header.
If when 2. the file signature data are empty (and if only if create the digital watermarking file time), make its hashed value for empty, i.e. M=NULL; Otherwise, use PKI K
PBDeciphering S obtains hashed value part M (another part is watermark W) wherein, that is:
3. utilize digest algorithm H that (M+L) carried out hash operations, obtain hashed value M
New, that is:
M
new=H(M+L)。
4. use private key K
PVKeyed hash value M
NewWith watermark W, obtain S
New, that is:
With S
NewWrite back the file signature data division of file header.
As seen from Figure 3, all digital watermarking log records are closely related in the file signature data division of digital watermarking journal file head and the file.Therefore, by integrity verification, can prevent illegal increase, deletion or modification to all log records.
When needs are verified the integrality of whole file, take out the file signature data of file header, verify the correctness of its signature, verification model is seen Fig. 4, the checking concrete steps are as follows:
1. read file signature data S from file header.
If I. S is empty, and the file logging number is not 0, and then authentication failed withdraws from.
If II. S is empty, and the file logging number is 0, then is proved to be successful, and withdraws from.
If III. S is not empty, and the file logging number is 0, and then authentication failed withdraws from.
If IV. S is not empty, and the file logging number is not 0, then uses PKI K
PBDeciphering S obtains its hashed value part, that is:
2. read the log content L of each digital watermarking log record in the file
i(i=1,2 ..., n, n is the record number).
3. utilize digest algorithm H to calculate M ', computing method are as follows:
M'=M
n
4. compare M and M ', if both are identical, illustrate that then all log records are not destroyed, daily record is complete,
By signature verification, show watermark W; If inequality, show that journal file is destroyed, authentication failed.
By above process as can be seen, if any log record all can be caused the failure of digital watermarking daily record checking by illegal deletion, increase or modification, thereby guarantee the integrality of whole journal file.
As seen from Figure 2, every digital watermarking log record is made up of log record and record signed data two parts, and these two parts are closely related and indivisible.Therefore, by authoritative and non-repudiation checking, can prevent illegal modifications or reconstruct to a digital watermarking log record.
When needs are verified the authority of certain bar log record and non-repudiation, take out the record signed data of this record, verify the correctness of its signature.The verification model of digital watermarking log record authority and non-repudiation is seen Fig. 5, and the concrete steps of its operation are as follows:
1. read the signed data part E of digital watermarking log record.
2. use PKI K
PBDeciphering E obtains hashed value D part (another part is watermark W), that is:
3. read the log content partial L of digital watermarking log record.
4. use digest algorithm H, L and watermark W are carried out hash operations H, obtain hashed value D ', that is:
D′=H(L+W)
5. relatively whether D is identical with D '.If identical, can judge that then log record is legal, illustrate that this log record does not suffer destruction, credible, be proved to be successful, show watermark; If inequality, judge that then log record is illegal, illustrate that this daily record is destroyed or forgery, insincere, authentication failed.
At last, also need to prove: the model of Fig. 4 is the integrality of the whole journal file of checking, if be proved to be successful, then all log records in the positive file all have legitimacy; But if authentication failed, may have then in the journal file that partly or entirely log record is destroyed, need utilize the record verification model of Fig. 5 this moment, every log record is verified, if certain bar log record is by checking, even whole journal file authentication failed, this log record also are believable.
Claims (4)
1, a kind of digital watermarking daily record building method, this method construct journal file is characterized in that:
Journal file is the digital watermarking journal file, the structure of this document comprises file header and digital watermarking log record, wherein file header comprises five partial contents: file identifier, digest algorithm identifier, rivest, shamir, adelman identifier, watermark, file signature data, the digital watermarking log record comprises two parts content: log content and record signed data
Structure may further comprise the steps:
The step of the generation of digital watermarking journal file head comprises the step of the identifier that fills up a document, digest algorithm identifier, rivest, shamir, adelman identifier, watermark; Make the file signature data be empty step; Log record of later every increase, the step of revised file signed data;
The step of the generation of digital watermarking log record comprises and uses digest algorithm that log content and watermark are carried out hash operations, generates the step of hashed value; Use encrypted private key hashed value and watermark, generate the secret value step; Create the step of a new digital watermarking log record; Secret value is write the step of the file signature data division of digital watermarking log record; Log content is write the step of the log content part of digital watermarking log record;
The step of the integrity verification of digital watermarking journal file comprises the step that reads the file signature data from file header; With PKI declassified document signed data, obtain the step of hashed value; Read the step of the log content part of each digital watermarking log record in the file; Use digest algorithm, all log content are carried out hash operations, the step of the hashed value that must make new advances; Relatively two hashed values draw the step of verifying the result;
The authority of digital watermarking log record and the step of undeniable checking comprise the signed data step partly that reads the digital watermarking log record; With the PKI deciphering, obtain the step of hashed value; Read the step of the log content part of digital watermarking log record; Use digest algorithm that log content and watermark are carried out hash operations, draw the step of another hashed value; Relatively two hashed values draw the step of verifying the result.
2, digital watermarking daily record building method according to claim 1 is characterized in that the step of revised file signed data comprises the step that reads the file signature data from file header in the generation step of digital watermarking journal file head; With PKI declassified document signed data, obtain the step of hashed value; Use digest algorithm that hashed value and log content are carried out hash operations, obtain the step of new hashed value; Use private key that new hashed value is encrypted, obtain the step of secret value; Secret value is write back the step of the file signature data division of file header.
3, digital watermarking daily record building method according to claim 1 and 2 is characterized in that cryptographic algorithm is the cryptographic algorithm of RSA, DSA, ECC, DH or its improved form.
4, digital watermarking daily record building method according to claim 1 and 2 is characterized in that digest algorithm is the digest algorithm of MD2, MD5, SHA1 or its improved form.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03117843 CN1209710C (en) | 2003-05-12 | 2003-05-12 | Digital watermark journal structural method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03117843 CN1209710C (en) | 2003-05-12 | 2003-05-12 | Digital watermark journal structural method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1549135A CN1549135A (en) | 2004-11-24 |
| CN1209710C true CN1209710C (en) | 2005-07-06 |
Family
ID=34320671
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03117843 Expired - Fee Related CN1209710C (en) | 2003-05-12 | 2003-05-12 | Digital watermark journal structural method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1209710C (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100369039C (en) * | 2005-06-15 | 2008-02-13 | 武汉大学 | Method for protecting data base data copyright by digital watermark technology and application thereof |
| CN101187936B (en) * | 2007-12-07 | 2011-06-29 | 圣诺网络技术(上海)有限公司 | A log data storage method and device |
| CN102158890B (en) * | 2011-02-16 | 2015-06-03 | 中国联合网络通信集团有限公司 | Methods, equipment and systems for sending and receiving test data |
| CN106484484B (en) * | 2016-10-20 | 2019-09-17 | Oppo广东移动通信有限公司 | Application program installs management method and terminal device |
| EP4131034B1 (en) * | 2020-05-20 | 2024-07-17 | New H3C Technologies Co., Ltd. | Method and apparatus for monitoring software license information, and server and storage medium |
| CN116305290A (en) * | 2023-05-16 | 2023-06-23 | 北京安天网络安全技术有限公司 | System log security detection method and device, electronic equipment and storage medium |
-
2003
- 2003-05-12 CN CN 03117843 patent/CN1209710C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1549135A (en) | 2004-11-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20190042794A1 (en) | Systems and methods for authenticating and protecting the integrity of data streams and other data | |
| CN100346249C (en) | Method for generating digital certificate and applying the generated digital certificate | |
| US7287164B2 (en) | Method and system for encoding signatures to authenticate files | |
| CN1219260C (en) | Method for controlling storage and access of security file system | |
| JP4827468B2 (en) | Information processing apparatus, information processing apparatus control method, computer program, and computer-readable storage medium | |
| CA2555322C (en) | One way authentication | |
| CN1741449A (en) | Data-processing system and method for controlling same, computer program, and computer-readable recording medium | |
| US7643637B2 (en) | Efficient code constructions via cryptographic assumptions | |
| CN112866990A (en) | Conditional identity anonymous privacy protection public auditing method with incentive mechanism | |
| CN1741443A (en) | Key transplanting method based on safety environment | |
| CN1707450A (en) | Method and apparatus for protecting data confidentiality and integrity in memory equipment | |
| EP1678677A1 (en) | Method and system for protecting and authenticating a digital image | |
| CN1209710C (en) | Digital watermark journal structural method | |
| CN1790988A (en) | Anti-theft electronic signature making and checking method | |
| CN112583772A (en) | Data acquisition and storage platform | |
| WO2014196850A1 (en) | Non-repudiable log entries for file retrieval with semi-trusted server | |
| CN1226691C (en) | Method for multiple encryption of file and simultaneous sealing/unsealing | |
| CN2847708Y (en) | Enciphering and deciphering safety system for key data using feature code | |
| CN108595920A (en) | Network video listens management support rights service subsystem | |
| CN1607511A (en) | Data protection method and system | |
| CN1547136A (en) | Data once writing method and database safety management method based on the same method | |
| CN101043334A (en) | Method and device of encryption and data certification and decryption and data authenticity validating | |
| Wu | Tamper-localization watermarking with systematic error correcting code | |
| CN1481108A (en) | Method related to obtainning asymmetry type cipher key from network system | |
| Salih et al. | Integrated Digital Signature Based Watermarking Technology for Securing Online Electronic Documents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SICHUAN GREAT TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: SICHUAN UNIVERSITY Effective date: 20100513 |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 610065 NO.24, SOUTH 1ST SECTION, 1ST RING ROAD, CHENGDU CITY, SICHUAN PROVINCE TO: 610041 2/F, COMPLEX BUILDING (FACING THE STREET), CHENGDU KEHUA MIDDLE ROAD PRIMARY SCHOOL, NO.2, CHANGSHOU ROAD, WUHOU DISTRICT, CHENGDU CITY |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20100513 Address after: 610041, Wuhou District, Changshou Road, Chengdu No. 2 Chengdu KELONG Road Primary School Street building two floor Patentee after: Sichuan Gerite Technology Co., Ltd. Address before: 610065 Sichuan, Chengdu, South Ring Road, No. 1, No. 24 Patentee before: Sichuan University |
|
| ASS | Succession or assignment of patent right |
Owner name: CHENGDU GLOBAL CAPSHEAF TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: SICHUAN GREAT TECHNOLOGY CO., LTD. Effective date: 20130401 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20130401 Address after: 610000 C-411 Asia Pacific Plaza, KELONG North Road, Sichuan, Chengdu Patentee after: Chengdu century summit Technology Co., Ltd. Address before: 610000, Sichuan, Wuhou District, Changshou Road, Chengdu No. 2 Chengdu KELONG Road Primary School Street building two floor Patentee before: Sichuan Gerite Technology Co., Ltd. |
|
| DD01 | Delivery of document by public notice |
Addressee: Wang Zhengtao Document name: Notification of Passing Examination on Formalities |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20050706 Termination date: 20150512 |
|
| EXPY | Termination of patent right or utility model |