CN1595916A - Special purpose mail system and method for preserving original state of digital file in network - Google Patents
Special purpose mail system and method for preserving original state of digital file in network Download PDFInfo
- Publication number
- CN1595916A CN1595916A CN 200410009322 CN200410009322A CN1595916A CN 1595916 A CN1595916 A CN 1595916A CN 200410009322 CN200410009322 CN 200410009322 CN 200410009322 A CN200410009322 A CN 200410009322A CN 1595916 A CN1595916 A CN 1595916A
- Authority
- CN
- China
- Prior art keywords
- server
- module
- time
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a special Email system and method preserving digital file original state on network. The method includes: the user logs in the Email system through the client terminal, receives the identification check of the system; the standard time system model carries on time synchronization correction through time server; the user generates target file to be sent, the system encodes the Email automatically and sends them to the server; when the server is decoded, and it is sent to another client terminal according to the attributes of the target file, and it is processed according to automatic return receipt mechanism, or memorizes the target file into reservation box directly.
Description
Technical field
The present invention relates to a kind of system and method for realizing by Network Transmission, particularly relate to the proprietary mail system and method that the original authenticity of the attribute of the digital document by Network Transmission and content is saved from damage the digital document keeping.
Background technology
Computer carries out exchanges data by network, reaches the purpose of long-range transmission information.But owing to network technology based on opening, purpose is set up freely, shortage is to the immobilized technical foundation of data, so, all information by network issue or exchange all have the mobile data message strong, that produced of data and only can transmit between the information exchange both sides in point-to-point information exchanging process, in case revised without authorization by either party, other people can't judge or confirm the reset condition and the content of this digital document, the authenticity that information is propagated, the problem that validity is under suspicion.
In the e-commerce development process, the unsteadiness of the contact Email factor word file of transaction each side, easily the property revised and digital document can't provide original paper that each side all approves for check, cross-examination, make its legal effect problem be difficult to be identified.
At present various countries take to confirm in the mode of Electronic Signature the authenticity of electronic message (mainly meaning the electronic message of data mode such as Email) more.
The network intellectual property rights works are taked the proof of the mode of copyright registration as the obligee more.
Take traditional notarization mode to collect evidence to online facts of infringement then more.
All can not satisfy the network user with upper type and carry out online evidence-obtaining requirements---
Existing solution such as ▲ Electronic Signature, authentication exists factor such as risk to be difficult to generally be accepted by network user institute because of the keeping of technical strong, complex operation, Electronic Signature.Problems such as ecommerce identification also are eager to seek a kind of simple and easy to do solution.
The unsteadiness of the legal protection factor word file of network intellectual property rights such as the network works copyright of ▲ all kinds of forms, trademark right, easily the property revised, reproduction technology are simple and easy to do; particularly formerly right is difficult to obtain characteristics such as valid certificates and makes obligee's right be difficult to be confirmed by law; thereby form the chronic illness that network intellectual property rights dispute infringement is easy, evidence obtaining is difficult, have a strong impact on the protection of law network intellectual property rights.
▲ online facts of infringement evidence obtaining is difficult.The own recording internet of the infringed, input target network address, open linked web pages step by step and under present tradition evidence obtaining mode of operation, can't preserve immediately, more be difficult to guarantee to obtain the affirmation of law court up to the fact of opening target web.
▲ frequent at present network virtual the property that produces because of online game that occurs protects problem by law; it at first is the problem that fact proved of virtual assets objective reality; seriously perplexing network game service merchant and netizen, perplexing the trial of law court too this type of case.
▲ traditional notarization system can't provide continual service in 24 hours, is difficult to obtain synchronously the corresponding evidence of network rights and dispute, is difficult to adapt to the contingent at any time network forensics current demand of the network user.
▲ traditional works power resignation system is in the face of copyright moment generation, and the realistic situation that moment is replicated can't effectively solve the proof problem of right formerly.
▲ judicial personnel is difficult to computer networking technology and network forensics professional knowledge on top of with rapid changepl. never-ending changes and improvements, can not effectively evade the problem of making up false network evidence, be difficult to guarantee to try the quality of network dispute case---the network forensics mode that judicial person's needs are simple and easy to do and the solution of trial network dispute.
Summary of the invention
Mobile strong at the digital document that takes place on the network, easily revise, the characteristics of transreplication, the present invention is devoted to solve the problem of saving the digital document primordial condition on the network from damage.For this reason, the technical problem to be solved in the present invention is to provide a kind of proprietary mail system of saving the digital document primordial condition on network from damage.Native system provides generation keeping digital document for the party and has refused anyone it is carried out any technical solution of revising behavior, can guarantee the authenticity that content and form through the in trust digital document of native system all can reliably keep its primordial condition effectively.
Adopt system of the present invention, can make the addressee when the actual reception mail, send receipt automatically synchronously and give sender and nominator thereof, with the fact that proves that the addressee gets the mail.
System of the present invention also is provided as the service that in trust file is added a cover the standard time postmark automatically, enters the correct time of native system to prove this document effectively.
The technical problem to be solved in the present invention also is to provide a kind of method of saving the digital document primordial condition on network from damage.Adopt this method, can provide for taking care of digital document and refusing anyone it is carried out any approach of revising behavior, can prevent to adopt the means of technology that it is carried out any behavior of revising effectively for the party.
The proprietary mail system of saving the digital document primordial condition on network from damage of the present invention comprises server end and client; Both are by Internet connection; Wherein, described server comprises:
The encrypting and authenticating modules A is set up the encrypted transmission passage with the encrypting and authenticating module B of client between service end and client, the transmitting-receiving process of mail is not illegally listened;
User identification module is used to discern the identity information from the user of client login;
The mail treatment module is handled mail according to the type of mail, comprises the error mail answer, and mail is transmitted, and Email attachment is peeled off keeping and mail transferred to file keeping modules A realization mail take care of;
File keeping modules A deposits file in safety-deposit box and takes care of;
Safety-deposit box is stored file, and prevents revising processing, realizes the graded access control to file.
Described client comprises:
The identify label module is used to generate and preserve unique sign of user, when the user logins, carries out authentication;
The mail transmission/reception module is used for carrying out receiving and dispatching mail for the user;
File is module B certainly, and needs file certainly as annex, is generated corresponding mail and sends on the server;
The automated response piece module, the mail that is used for sending as the user specifies mailbox to send receipt from trend after the addressee of native system receives mail; For the addressee of non-native system, system will send the prompting notice to it, advise its application and will use native system, thereby realize sending automatically receipt;
Automatically synchronously supervision module: be used for being made into digital text, beam back the native system safety-deposit box and take care of through authorizing synchronous supervision and recording user's " from Website login to opening target web " overall process faithfully.
Encrypting and authenticating module B sets up an encrypted transmission passage with the encrypting and authenticating modules A of server end between server end and client, the transmitting-receiving process of mail is not illegally listened;
The time system module, be used for the standard time system carry out synchronously, obtain the time attribute that the standard time fixes digital document.
Method of saving the digital document primordial condition from damage by the proprietary mail system on network of the present invention comprises the steps:
Step 1, the user lands proprietary mail of the present invention system by client, accepts the authentication of system;
Step 2, the standard time system module carries out the time synchronized calibration by time server;
Step 3 after the user generates file destination, is packaged into email encryption with it and sends to server;
Step 4, server is decrypted mail, separates file destination;
Step 5, server carry out preventing accordingly revising processing according to the attribute of file destination, or send to another client and carry out the return receipts mechanism processing, or deposit file destination in safety-deposit box.
The present invention provides for the keeping digital document for the party on the whole and has refused anyone it is carried out any technical solution of revising behavior, can guarantee to keep through the in trust digital document of native system the authenticity of its primordial condition (content and form) effectively.Adopt system and method for the present invention, make the addressee when the actual reception mail, send receipt automatically synchronously and give sender and nominator thereof, with the fact that proves that the addressee gets the mail.The present invention also is provided as the service that in trust file is added a cover the standard time postmark automatically, enters the correct time of native system to prove this document effectively.
Description of drawings
Fig. 1 is the structural representation of special electronic mailing system of the present invention;
Fig. 2 is the process schematic diagram of sending and receiving e-mail between two clients;
Fig. 3 is the flow process of the once complete receiving and dispatching mail of system of the present invention;
Fig. 4 is the flow chart of the method for the invention;
Fig. 5 is the mail server side workflow diagram;
Fig. 6 is the schematic diagram about the safety-deposit box structure;
Fig. 7 is the schematic diagram about the service of network standard time synchronized;
Fig. 8 is the schematic diagram of three time synchronous modes.
Embodiment
What Fig. 1 provided is the proprietary mail system of saving the digital document primordial condition on network from damage of the present invention, and as can be seen from Figure 1, proprietary mail of the present invention system comprises server end and client; Both are by Internet connection;
Described client comprises: identity Sign module, mail transmission/reception module, file keeping module B, the automatic module of supervision synchronously, automated response piece module, time system module, encrypting and authenticating module B; Wherein:
Described identity Sign module is used to generate and preserve unique sign of user and is sent to mail transmission/reception module, file keeping module B, the automatic module of supervision synchronously;
Described mail transmission/reception module is exclusively used in the confession user by client and carries out the processing of receiving and dispatching mail;
Described automated response piece module between described mail transmission/reception module and described encrypting and authenticating module, is used for the mail that sends as the user after the addressee of native system receives and checks mail, specifies mailbox to send receipt from trend; For the addressee of non-native system, system will send notice to its suggestion, and suggestion wherein please and be used native system, thereby realize sending automatically receipt;
Described automatically synchronously supervision module, the standard time that provides with the time system module is shown in the user computer screen as temporal image; Automatically synchronously the supervision module is through authorizing synchronous supervision and recording user's " from Website login to opening target web " (online behavior) overall process faithfully;
Described encrypting and authenticating module B, be used between the server and client side, setting up the encrypted transmission passage, it can receive the data from described mail transmission/reception module, file keeping module B, the automatic module of supervision synchronously, after these data are encrypted transfer of data is arrived the encrypting and authenticating modules A; It also can receive the enciphered data that comes from the encrypting and authenticating modules A, and the data after will deciphering after data are decrypted are passed to the mail transmission/reception module.
Described server end comprises:
The encrypting and authenticating modules A is used for setting up the encrypted transmission passage between the server and client side; When from client reception data, encrypting and authenticating module B is decrypted the enciphered data that receives; And when client transmits data, encrypting and authenticating module B encrypts data, and sends data to the encrypting and authenticating modules A;
User identification module is used to discern the identity from the user of client login, and the user profile the when information of being obtained will be used for mail treatment and file keeping is judged;
The mail treatment module is used to receive and dispatch the mail between the user in the native system, according to the type of mail mail is handled, and comprises the error mail answer, and mail is transmitted, and Email attachment is peeled off or directly mail sent to file keeping modules A;
File keeping modules A passes the file of coming with the mail treatment module and deposits safety-deposit box in and take care of;
Safety-deposit box is stored the file that file keeping modules A transmits, and is prevented revising processing, realizes the graded access control to file.The safety-deposit box structure is seen Fig. 6.
Fig. 2 has shown a schematic diagram with TCP/IP exchange Email.What system of the present invention paid close attention to is to use TCP exchange mail between client and the server, and prevents that mail transmission/reception side from denying the behavior and the Mail Contents of receiving and dispatching mail afterwards.
" user agent " shown in Fig. 2 is actual to be exactly the partial function module that client provided in the system of the present invention.
In conjunction with Fig. 1 and Fig. 2, system of the present invention can realize following function.
One, the keeping of Email content
Supposing has A, and B two people need conclude the business by Email.If they are the users of system of the present invention, and the client software bag with unique sign has been installed all, they just can use the email client in the client software to send and receive Email.When the addressee is got the mail checking, send receipt automatically, can allow both sides confirm that all mail receives, dispute takes place after preventing.
When A when B sends mail, if B receives and watched mail, the client software of B can send receipt from trend A, thereby confirms that B has received mail.This receipt has comprised user's unique sign and time stamp, so can confirm addressee and sender's identity.
If only a side is the user of system of the present invention, the opposing party was not the user of system of the present invention at that time, then had following two kinds of situations:
---Ruo sender is the native system user, and the addressee is not the native system user, and system will only authorize by the sender sending out mail is taken care of, and prompting suggestion addressee's application and use native system;
---Ruo sender is not the native system user; and the addressee is the native system user; during mail arrives addressee's mailbox that the mailbox that then any sender sets up at native system to the addressee sends; all will point out during server mail treatment module from the trend sender; show the mail received user from non-native system; advise its application and use native system, with its legitimate rights and interests of practical protection.
Native system is received and dispatched the overall process of an envelope mail, as shown in Figure 3, customer end A to customer end B (hereinafter to be referred as A, B) send an envelope mail, receive the mail of A when server after, judge at first whether B is user in the system, if not, then this B of receipt prompting A is user outside the system, then this mail is mail to the mailbox of B ", this time the mail transmission/reception process is finished;
If B is user in the system, server is sent out mailbox into B with mail, B receives by the mail of mail transmission/reception module to A, when B checks Mail Contents, the mail transmission/reception module of B can trigger the automated response piece module, thereby send " having read receipt " from trend A, this receipt is received and is dealt into the mailbox of A by server.The mail transmission/reception module of A receives this receipt, and when A checked this receipt, the mail transmission/reception module of A triggered the automated response piece module, sent " receipt affirmation " to server, and server deposits safety-deposit box in " receipt affirmation " automatically.So far, once complete mail transmission/reception process is finished.
Two, the keeping of digital document
Suppose that certain user A has just created a copyright, is stored in these works on user's oneself the hard disk with the BMP picture format.In order to prove oneself and the content of works creation time of these works, prevent others the illegal works that use oneself, user A can use proprietary mail of the present invention system to save the digital document primordial condition from damage---
User A request for utilization to account number cipher land client, after carrying out authentication by the identify label module, start-up time system module, carry out the time synchronized calibration by time server, the module of startup file keeping simultaneously B, the file that will take care of generates mail as annex, and mail is encapsulated, and adds a cover time stamp; The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server; The email disposal module of server end is handled mail, and annex is peeled off; File keeping modules A deposits the attachment files of separating in safety-deposit box.
Three, synchronous automatically supervision and record
If the works that user A finds oneself by bootlegging on certain website, be replicated in evidence on certain website (because this digital document can be deleted from its website in a short period of time) in order to obtain its works, he can use system of the present invention to record these works faithfully and be replicated in the fact on certain webpage---
User A request for utilization to account number cipher land client, carry out authentication by the identify label module after, start-up time, system module carried out time synchronized calibration by time server, started automatically supervision module synchronously simultaneously.Automatically synchronously after the supervision module starts, current all windows client this moment minimize on use all, system enters the track record state.Then, user A open any browser, input target network address along entering, up to the target approach webpage with linking the one-level one-level.Press the Ctrl+C end record at last.System is made into read-only file with whole flow processs of institute's track record automatically, and this file is generated mail as annex, and mail is encapsulated, and adds a cover time stamp; The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server; Server electronic mail treatment module is handled mail, and annex is peeled off; File keeping modules A deposits the attachment files of separating in safety-deposit box.
So just write down and preserved A from logining, can also use client software that the record of said process is browsed, but can not revise up to the whole process and the time of opening target web.
Fig. 4 is the flow chart of the method for the invention, and this flow chart can reduce following steps:
Step 1, the user lands the proprietary mail system by client, accepts the authentication of system;
Step 2, the standard time system module carries out the time synchronized calibration by time server;
Step 3, the user generates file destination, then it is packaged into email encryption and sends to server;
Step 4, server is decrypted mail, separates file destination;
Step 5, server are carried out the anti-accordingly processing of revising, or are sent out according to the attribute of file destination
Give another client and carry out the return receipts mechanism processing, or deposit file destination in safety-deposit box.
File destination wherein can be divided into three kinds of situations, is divided into three embodiment below and illustrates.
Adopt the method for the invention, one of them specific embodiment is by the upload file of proprietary mail system, file is sent into prevented the preservation primordial condition revised in the safety-deposit box of system of the present invention, the flow process in conjunction with the left side branch of Fig. 4 comprises the steps: particularly
The file that will take care of generates mail as annex, and mail is encapsulated, and adds a cover time stamp;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server;
Server electronic mail treatment module is handled mail, and annex is peeled off;
The keeping module deposits the attachment files of separating in safety-deposit box.
Adopt the method for the invention, wherein another specific embodiment is to supervise and record faithfully user's " from Website login to opening target web " (online behavior) overall process synchronously by automatic synchronously supervisory role proprietary mail system, comes the online infringement page is collected evidence with this.Specifically comprise the steps:
Activate and supervise module automatically synchronously, record is carried out in the operation that the user demonstrates on computer screen, generate image file;
The image file that will take care of generates mail as annex, and mail is encapsulated, and adds a cover time stamp;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server;
Server electronic mail treatment module is handled mail, and annex is peeled off;
The keeping module deposits the image file of separating in safety-deposit box.
Adopting another specific embodiment of the method for the invention, is the affirmation that has the proprietary mail of automated response piece function system to realize two mail transmission/reception behaviors between the client by possessing.Branch's flow process in conjunction with the right of Fig. 4 comprises the steps: as can be seen
Generate mail in the client that sends, mail is encapsulated, add a cover time stamp;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server;
Server electronic mail treatment module is carried out distribution processor to mail;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail is sent to client from server;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server;
Server electronic mail treatment module is carried out distribution processor to " having read receipt " mail;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail is sent to client from server will " to have read receipt ";
When client was checked " having read receipt " mail, program activated the automated response piece module, generated " receipt affirmation " mail, added a cover time stamp simultaneously;
Server electronic mail treatment module is preserved into client's safety-deposit box to " receipt affirmation " mail, no longer transmits.
The foregoing description can be realized by client utility.
The user starts the corresponding function in the client utility in the time need supervising synchronously and write down the online behavior of oneself.It at first minimizes all interfaces of current operation, restarts synchronous supervision and writing function.Then the content on the screen is carried out " omnidistance image ".Its effect is just as a video camera, and use is grabbed screen mechanism and obtained the current screen message of user to the bitmap image, and stamps timestamp; Obtain mouse message again and mouse message is pasted on the bitmap images; After having generated a two field picture, system can automatically generate image verification and; At last, use the multimedia making technology of Microsoft Windows, bitmap images is added to create the AVI animation in the AVI animation frame, simultaneously with the verification of image with join in the verification and sequence of animation.Can note all the elements on the screen like this, comprise that mouse slides the login network address of input, new web page of opening step by step or the like.After opening target web and finishing synchronous recording, the screen state before the automatic recovery record of client.Image adopts special-purpose form, mails to safety-deposit box synchronously and takes care of; This image can only just can be opened broadcast in private client software, but can not revise.Any behavior that this image is made amendment can be come out by verification and the sequence checking by check image when integrity checking.
The most important characteristic of supervision module just is synchronously: the timestamp of image file is to beat on each frame picture, and the every frame picture on the image that the feasible module of supervision synchronously generates all has the time uniqueness.
In order to allow system of the present invention realize needed function, the present invention has expanded smtp protocol, has increased new header field type by the encrypting and authenticating module in the client in original mail head--and " e-mail messages identification code " helps judge email type.The definition of " e-mail messages identification code " is as shown in table 1.
Table 1
| The operation name | The mail identification code | Operation actuating station |
| Client sends surface mail | ??WB-NormalMail | Client |
| Server sends the mail receipt of makeing mistakes | ??WB-Wrong-Mail | Server |
| Mail has been read receipt | ??WB-BeReadMail | Client |
| Receipt is confirmed | ??WB-Confirming | Client |
| Upload file | ??WB-UploadFile | Client |
| Upload image | ??WB-Upload-Avi | Client |
| The keeping mail | ??WB-SecureMail | Client |
Among the present invention, the flow chart of server end work such as Fig. 5: after server end receives and behind the mail that client sends and by the encrypting and authenticating module mail is decrypted, mail head to each envelope mail partly deciphers, and isolates the identification code that comprises among the mail head.The present invention does not support other Mail Clients and the mail that sends over of Web mailing system, so every do not have e-mail messages identification code or the incorrect mail of e-mail messages identification code will be considered as " outside the system " mail by system, to its otherwise processed.Server end is done different processing to " outside the system " mail according to different e-mail messages identification codes respectively according to following processing mode:
If do not have e-mail messages identification code or e-mail messages identification code incorrect, then server sends the mail that has e-mail messages identification code " WB-Wrong-Mail " and gives the sender, and simultaneity factor is sent the prompting mail that adds native system from the trend sender;
If the e-mail messages identification code is " WB-Normal-Mail ", represent that then this mail is a surface mail, server directly is transmitted to the addressee with mail;
If the e-mail messages identification code is " WB-BeReadMail ", represent that then this mail is " mail has been read receipt ", server is transmitted to the addressee with this mail;
If the e-mail messages identification code is " WB-Confirming ", represent that then this mail is " receipt affirmation ", server is preserved mail, simultaneously with the mail complete decoding, following information in the mail is deposited the safety-deposit box into system: the content of addresser, receiver, transmitting time (adopting for three times here, is respectively client host time, client time, Internet time in when posting a letter), server time of reception, mail matter topics, Mail Contents mail;
If the e-mail messages identification code is " WB-UploadFile ", the annex of then representing this mail is for depositing the file of safety-deposit box in, server is with the mail complete decoding, Email attachment is being separated, server can arrive the application and the use information of inquiring user safety-deposit box in the User Information Database, if the user does not apply for that safety-deposit box or the last space of safety-deposit box have been not enough to storage attachments, then server is sent out mail and is confirmed to the user, requires the enough spaces of application; If the space of user's safety-deposit box is enough, then server deposits attachment files in assigned catalogue, and deposits the following information in the mail in database: safety-deposit box owner's name, this safety box operation time started, server time of reception, keeping File Info, keeping file name, keeping file size, the relative path of keeping file on server;
If the e-mail messages identification code is " WB-Upload-Avi ", the annex of then representing this mail is for depositing the synchronous supervision image of safety-deposit box in.Server is that the processing method of mail of " WB-UploadFile " is identical to the concrete processing method of this mail and e-mail messages identification code;
If the e-mail messages identification code is " WB-SecureMail ", then expression need deposit this mail integral body in user's safety-deposit box.Server is similar to the processing method of the mail that the concrete processing method and the e-mail messages identification code of this mail is " WB-UploadFile ", and unique difference is that the content that deposits safety-deposit box in is whole mail, and is not only attachment files.
More than be mail server to the processing procedure of the mail that has the different mail message identification code.Ben is that in the said process, " receipt " function is opaque to the user, promptly triggers the receipt module automatically by system when the user checks mail and finishes.Though some present mailing systems also can provide a kind of function that automatically replies, be similar to automated response piece of the present invention, but the automated response piece function is different with " answer ", " answer " function is equal to " posting a letter ", functions such as " forwardings " from native system mail transmission/reception entire flow viewpoint of measures.
Automated response piece function and " answer " specifically have following different:
One, automated response piece mechanism of the present invention adopts the proprietary mail system, is not the proprietary mail system and automatically reply.
The present invention adopts special-purpose mail server and Mail Clients.System all distributes a unique sign for each user, and user's Mail Clients is also relevant with this unique sign---and each user can only be with its oneself proprietary mail client receiving and dispatching mail, thereby prevents that another user of user counterfeit from sending mail.
Two, be automated response piece content with automatically reply different.
The content that automatically replies only is to have acknowledged receipt of certain Email, can't confirm mail reception person's true identity.The content of automated response piece of the present invention has comprised unique sign of mail reception person, thereby can prevent that the other side from denying the fact of mail Delivered.
Three, automatically reply and be sent to the Email Sender, and the final tache of automated response piece is to send " receipt affirmation ", and " receipt affirmation " can deposit system's safety-deposit box in by serviced device, for the mail transmission/reception both sides, has same non repudiation, the addressee's fact of having checked mail of promptly can having confirmed mail that the addressee has received that the sender sends and Sender Confirmation.
As shown in Figure 6, the present invention is provided with system's safety-deposit box at server end, and the system safety-deposit box of making possesses the method that refusing user's is deleted voluntarily, revised, and can prevent to forge, revise the generation of situation.
The data file that safety-deposit box is taken care of can not be had only the user to open in read-only mode by Any user and other any software modification; The user can deleted file.
The present invention adopts the technology of the bottom, and system kernel realization file is anti-revises function thereby on-the-fly modify, and has realized framework as shown in Figure 6.Comprise three-decker, i.e. system's separator, keeping layer and inner nuclear layer.
The outermost layer of safety-deposit box is system's separator, it provides safety-deposit box external whole access interfaces, system's separator has the encrypting and authenticating module, can carry out authentication to visit to safety-deposit box, and guarantee that authentication information can not monitored, system's separator can provide corresponding service according to visitor's type (user, keeper, mail server).
Middle one deck of safety-deposit box is the keeping layer, the safety-deposit box that provides each user to use, the Miscellaneous Documents that safety-deposit box keeping user will take care of.
The bottom of safety-deposit box is an inner nuclear layer, and it provides all system calls of system's separator, and in order to satisfy the function needs of safety-deposit box, system calls bottom and done modification.Promptly adopt the method for load-on module to revise all system calls relevant with system safety.For file protect, in the system call that is modified or when being called, check the file operation authority of login user earlier, if do not protect or belong to non-protection type, then return original system call.Otherwise, select to open pattern according to the pattern that the protection type and the user of file opens file, or return type of error.For example, for being listed in only read-protected file,, then return original system call if the user opens file with a reading mode; If read-protected file is only attempted to open with the pattern of writing, then returns mistake.As seen, above-mentioned principle has guaranteed that file can not be revised.
The present invention also has the function with standard time system's stationary digital document time attribute.
In the intellectual property law protection system, time attribute is a very important attribute of intellectual property guarantee of rights.The all free attribute of the digital document of online transmission, but owing to reasons such as system's setting and artificial change are very simple and easy to do, the time attribute of each terminal can not accurately reflect the accuracy of this document initial release time usually.The present invention adopts the time attribute of the method stationary digital file of three time systems, and its principle is as follows:
Have the time of an operating system itself in the General System, be referred to as the subscriber's local time, this time can directly revise, and is inaccurate usually.
The present invention is except the local zone time that uses operating system, also has a cover time mechanism in internal system, the present invention is referred to as regularly lock in time, it obtains the standard time from the universal time server, and the subscriber's local time and the universal time of native system compared, if there are deviation the subscriber's local time and the standard time of native system, then automatically the subscriber's local time of native system is proofreaied and correct, guarantee the subscriber's local time of native system and the consistency of universal time by this method.
In design, adopt NTP (Network Time Protocol) agreement to realize.Network Time Protocol is except can estimating the round-trip delay of package on network, also can estimate the computer clock deviation independently, thereby when being implemented in the high accurancy and precision computer school on the network, it is that design is used for making on Internet different machines can keep a kind of communications protocol of identical time.Time server (time server) is a kind of server that utilizes NTP, by it the machine in the network is held time synchronously.In most place, NTP can provide the source and network work path lock in time of the trustworthiness of 1-50ms.
NTP is agreement lock in time of crossing over the complexity of wide area network or local area network (LAN), and it can obtain the precision of Millisecond usually.RFC2030[Mills 1996] SNTP (Simple Network TimeProtocol) has been described, it is the subclass of NTP.Purpose is for those do not need main frames that complete NTP realizes complexity by internet and other NTP main frame synchronised clock, follows that other clients provide the time synchronized service in local area network (LAN) again.As shown in Figure 7.
In addition, when sending file, the network standard time when the file transmission can be got by system, be called instant lock in time.
For each file, by subscriber's local time, instant lock in time of this three time system when regularly lock in time and file send are provided, both guaranteed the primitive attribute of time, also guaranteed the accuracy of time, thereby can describe the time attribute of digital document more comprehensively and accurately, and guarantee digital intellectual property works copyright people's right formerly.
Three time systems:
The front has specifically described the principle of network standard time system.The present invention adopts three time systems to realize the operation of the time of getting, and it is preserved with particular form.Three time systems as shown in Figure 8, that is:
Client is set up the subscriber's local time.
When client is carried out specific operation,,, be consistent with the instant time and the network standard time of guaranteeing this specific operation once more by obtaining the network standard time on the Internet as sending, receive, check operations such as mail, file, receipt.
The time attribute that the present invention uses these three time description incidents to take place can remedy the error of using the single time to cause.Using Internet during the time, also can revise with reference to Ineternet time deviation amount theory.
Claims (13)
1, a kind of proprietary mail system of saving the digital document primordial condition on network from damage comprises server end and client; Both are by Internet connection; It is characterized in that described server comprises:
The encrypting and authenticating modules A is set up the encrypted transmission passage with the encrypting and authenticating module B of client between service end and client, the transmitting-receiving process of mail is not illegally listened;
User identification module is used to discern the identity information from the user of client login;
The mail treatment module is handled mail according to the type of mail, comprises the error mail answer, and mail is transmitted, and Email attachment is peeled off keeping and mail transferred to file keeping modules A realization mail take care of;
File keeping modules A deposits file in safety-deposit box and takes care of;
Safety-deposit box is stored file, and prevents revising processing, realizes the graded access control to file;
Described client comprises:
The identify label module is used to generate and preserve unique sign of user, when the user logins, carries out authentication;
The mail transmission/reception module is used for carrying out receiving and dispatching mail for the user;
File is module B certainly, and needs file certainly as annex, is generated corresponding mail and sends on the server;
Encrypting and authenticating module B sets up the encrypted transmission passage with the encrypting and authenticating modules A of server end between server end and client, the transmitting-receiving process of mail is not illegally listened;
The time system module adopts the standard time system to fix the time attribute of digital document to add a cover time stamp.
2, proprietary mail according to claim 1 system, it is characterized in that, between described mail treatment module and encrypting and authenticating module B, also be connected with the automated response piece module, the mail that is used for sending as the user specifies mailbox to send receipt from trend after the addressee of native system receives mail;
For the addressee of non-native system, server mail treatment module will send the prompting suggestion to it.
3, proprietary mail according to claim 1 and 2 system, it is characterized in that, between described identify label module and encrypting and authenticating module B, also be connected with and supervise module automatically synchronously, under the cooperation of time system module, be used for through subscriber authorisation supervision synchronously and record user's " from Website login to opening target web " overall process faithfully, be made into digital document, beam back the native system safety-deposit box and take care of.
4, proprietary mail according to claim 3 system is characterized in that described safety-deposit box comprises three-decker, i.e. system's separator, keeping layer and inner nuclear layer; Wherein, outermost layer is the system's separator that has the encrypting and authenticating module, and it provides safety-deposit box external whole access interfaces, can carry out authentication to the visit of safety-deposit box, and guarantee that authentication information can not monitored, system's separator then provides corresponding service according to visitor dissimilar;
The intermediate layer of safety-deposit box, the safety-deposit box that provides each user to use, the Miscellaneous Documents that the keeping user will take care of are provided described keeping layer;
The bottom of described inner nuclear layer safety-deposit box is used to provide all system calls of system's separator.
According to claim 1,2 or 4 described proprietary mail systems, it is characterized in that 5, described standard time, system was three time systems, comprising:
FTP client FTP local zone time system;
Client regularly goes up timing system's lock in time that obtains synchronously with international time server from Internet;
During specific operation, obtain the system of instant lock in time from Internet when client sends, receives, checks mail, file, receipt etc.;
Described standard time system by automatically to transmit or in trust digital document is added a cover the standard time postmark, enter the correct time of native system with proof this document.
6, according to claim 1,2 or 4 described proprietary mail systems, it is characterized in that, encrypting and authenticating module in the described client has increased new header field type in original mail head, described server is judged by " e-mail messages identification code " and handled dissimilar mails.
7, a kind of method of saving the digital document primordial condition on network from damage is characterized in that, comprises the steps:
Step 1, the user lands the proprietary mail system by client, accepts the authentication of system;
Step 2, the standard time system module carries out the time synchronized calibration by time server;
Step 3 after the user generates file destination, is packaged into email encryption with it and sends to server;
Step 4, server is decrypted mail, separates file destination;
Step 5, server carry out preventing accordingly revising processing according to the attribute of file destination, or send to another client and carry out the return receipts mechanism processing, or deposit file destination in safety-deposit box.
8, method of on network, saving the digital document primordial condition from damage according to claim 7,, it is characterized in that, generate file destination in the described step 3, comprising: generate mail; Or generation image file; Or generate the file that to take care of.
9, method of on network, saving the digital document primordial condition from damage according to claim 8,, it is characterized in that described generation mail comprises:
The file that will take care of generates mail as annex, and mail is encapsulated, and adds a cover time stamp;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server.
10, method of on network, saving the digital document primordial condition from damage according to claim 8,, it is characterized in that described generation image file comprises:
Activate and supervise module automatically synchronously, the operation overall process that the user demonstrates on computer screen is carried out synchronous recording, generate image file;
The image file that will take care of generates mail as annex, and mail is encapsulated, and adds a cover time stamp;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server.
11, method of on network, saving the digital document primordial condition from damage according to claim 8,, it is characterized in that the standard time system module carries out the time synchronized calibration by time server in the described step 2, comprising:
Set up the subscriber's local time in client;
Client regularly obtains the network standard time from Internet, is used for the correcting user local zone time, makes it to be consistent with the network standard time;
When client is carried out specific operation,, be consistent with the instant time and the network standard time of guaranteeing this specific operation once more by obtaining the network standard time on the Internet.
12, according to Claim 8 arbitrary-11 described method of on network, saving the digital document primordial condition from damage, it is characterized in that, in the described step 5, server carries out the anti-accordingly processing of revising according to the attribute of file destination, comprise: after server end receives and behind the mail that client sends and by the encrypting and authenticating module mail is decrypted, mail head to each envelope mail partly deciphers, isolate the identification code that comprises among the mail head, according to the attribute of identification code, carry out respective handling then.
13, according to Claim 8 arbitrary-11 described method of saving the digital document primordial condition on network from damage is characterized in that,
If do not have e-mail messages identification code or e-mail messages identification code incorrect, then server sends the e-mail messages identification code for " WB-Wrong-Mail " " mail or " system's receipt " give the sender;
If the e-mail messages identification code is " WB-Normal-Mail ", represent that then this mail is a surface mail, server directly is transmitted to the addressee with mail;
If the e-mail messages identification code is " WB-BeReadMail ", represent that then this mail is " mail has been read receipt ", server is transmitted to the sender with this mail;
If the e-mail messages identification code is " WB-Confirming ", represent that then this mail is " receipt affirmation ", server is preserved mail, simultaneously with the mail complete decoding, deposits the safety-deposit box into system;
If the e-mail messages identification code is " WB-UploadFile ", the annex of then representing this mail is for depositing the file of safety-deposit box in, and server is being separated the mail complete decoding with Email attachment, deposit safety-deposit box in;
If the e-mail messages identification code is " WB-Upload-Avi ", the annex of then representing this mail is for depositing the synchronous supervision image of safety-deposit box in; Server is being separated the mail complete decoding with Email attachment, deposit safety-deposit box in;
If the e-mail messages identification code is " WB-SecureMail ", then expression need deposit this mail integral body in user's safety-deposit box.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100093229A CN1297121C (en) | 2004-07-12 | 2004-07-12 | Special purpose mail system and method for preserving original state of digital file in network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100093229A CN1297121C (en) | 2004-07-12 | 2004-07-12 | Special purpose mail system and method for preserving original state of digital file in network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1595916A true CN1595916A (en) | 2005-03-16 |
| CN1297121C CN1297121C (en) | 2007-01-24 |
Family
ID=34662440
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100093229A Expired - Fee Related CN1297121C (en) | 2004-07-12 | 2004-07-12 | Special purpose mail system and method for preserving original state of digital file in network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1297121C (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150533B (en) * | 2006-09-18 | 2010-05-12 | 联想(北京)有限公司 | A secure system and method for multi-point mail push |
| CN101931626A (en) * | 2010-08-25 | 2010-12-29 | 深圳市傲冠软件股份有限公司 | Service terminal realizing safe auditing function in remote control process |
| CN101163138B (en) * | 2006-10-13 | 2012-02-08 | 阿里巴巴集团控股有限公司 | Method and system for uploading document |
| CN102571627A (en) * | 2010-12-08 | 2012-07-11 | 中国电信股份有限公司 | E-mail transmitting method and system thereof |
| CN101098343B (en) * | 2007-06-12 | 2012-08-01 | 深圳市融创天下科技股份有限公司 | Information interchange method for handset and network server |
| CN103460651A (en) * | 2011-03-22 | 2013-12-18 | 国际商业机器公司 | Automatic correction of contact list errors in a collaboration system |
| CN102118399B (en) * | 2009-12-31 | 2014-07-30 | 深圳市傲冠软件股份有限公司 | Noninvasive network service remote realization method and system |
| CN104065558A (en) * | 2013-03-20 | 2014-09-24 | 东方斯泰克信息技术研究院(北京)有限公司 | Sending and accepting methods and sending and accepting devices for email |
| WO2015078376A1 (en) * | 2013-11-26 | 2015-06-04 | Powa Technologies (Hong Kong) Ltd. | Method and system for secure email |
| CN106375184A (en) * | 2016-08-25 | 2017-02-01 | 广州智存网络科技有限公司 | Electronic service method based on intra-domain electronic mailbox server |
| CN108540528A (en) * | 2018-03-07 | 2018-09-14 | 胡金钱 | Confirm electronic document be sent to method and system, computer storage media |
| CN109118671A (en) * | 2018-08-22 | 2019-01-01 | 海发(宁波)办公设备有限公司 | A kind of Full-automatic safe deposit box management of leasing method and system |
| CN115378904A (en) * | 2022-10-26 | 2022-11-22 | 泰豪信息技术有限公司 | Mail receipt sending method, system, storage medium and equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2155606A1 (en) * | 1994-08-12 | 1996-02-13 | Inayat Ian Darveshali | Electronic certified document |
| US6367013B1 (en) * | 1995-01-17 | 2002-04-02 | Eoriginal Inc. | System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents |
-
2004
- 2004-07-12 CN CNB2004100093229A patent/CN1297121C/en not_active Expired - Fee Related
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150533B (en) * | 2006-09-18 | 2010-05-12 | 联想(北京)有限公司 | A secure system and method for multi-point mail push |
| CN101163138B (en) * | 2006-10-13 | 2012-02-08 | 阿里巴巴集团控股有限公司 | Method and system for uploading document |
| CN101098343B (en) * | 2007-06-12 | 2012-08-01 | 深圳市融创天下科技股份有限公司 | Information interchange method for handset and network server |
| CN102118399B (en) * | 2009-12-31 | 2014-07-30 | 深圳市傲冠软件股份有限公司 | Noninvasive network service remote realization method and system |
| CN101931626A (en) * | 2010-08-25 | 2010-12-29 | 深圳市傲冠软件股份有限公司 | Service terminal realizing safe auditing function in remote control process |
| CN101931626B (en) * | 2010-08-25 | 2012-10-10 | 深圳市傲冠软件股份有限公司 | Service terminal realizing safe auditing function in remote control process |
| CN102571627B (en) * | 2010-12-08 | 2015-04-01 | 中国电信股份有限公司 | E-mail transmitting method and system thereof |
| CN102571627A (en) * | 2010-12-08 | 2012-07-11 | 中国电信股份有限公司 | E-mail transmitting method and system thereof |
| CN103460651A (en) * | 2011-03-22 | 2013-12-18 | 国际商业机器公司 | Automatic correction of contact list errors in a collaboration system |
| CN104065558A (en) * | 2013-03-20 | 2014-09-24 | 东方斯泰克信息技术研究院(北京)有限公司 | Sending and accepting methods and sending and accepting devices for email |
| WO2015078376A1 (en) * | 2013-11-26 | 2015-06-04 | Powa Technologies (Hong Kong) Ltd. | Method and system for secure email |
| CN106375184A (en) * | 2016-08-25 | 2017-02-01 | 广州智存网络科技有限公司 | Electronic service method based on intra-domain electronic mailbox server |
| CN108540528A (en) * | 2018-03-07 | 2018-09-14 | 胡金钱 | Confirm electronic document be sent to method and system, computer storage media |
| CN109118671A (en) * | 2018-08-22 | 2019-01-01 | 海发(宁波)办公设备有限公司 | A kind of Full-automatic safe deposit box management of leasing method and system |
| CN115378904A (en) * | 2022-10-26 | 2022-11-22 | 泰豪信息技术有限公司 | Mail receipt sending method, system, storage medium and equipment |
| CN115378904B (en) * | 2022-10-26 | 2023-03-10 | 泰豪信息技术有限公司 | Mail receipt sending method, system, storage medium and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1297121C (en) | 2007-01-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1297121C (en) | Special purpose mail system and method for preserving original state of digital file in network | |
| EP3804220B1 (en) | Blockchain-based trusted platform | |
| CN1271485C (en) | Device and method for proceeding encryption and identification of network bank data | |
| CN1303554C (en) | Value added tax invoice making, confirming and checking method and its information management system | |
| US8782422B2 (en) | System and method for authenticating documents | |
| US20100008481A1 (en) | System and method for certifying and authenticating correspondence (ii) | |
| US9141823B2 (en) | Abstraction layer for default encryption with orthogonal encryption logic session object; and automated authentication, with a method for online litigation | |
| WO2021026737A1 (en) | Blockchain-based paperless documentation | |
| WO2019228549A2 (en) | Blockchain-based service of process | |
| CN1151630C (en) | Digital sign or electron seal identification system and identification mark management sequence | |
| CN1647442A (en) | Secure electonic messqging system requiring key retrieval for deriving decryption keys | |
| CN1682490A (en) | System and method for electronic transmission, storage and retrieval of authenticated documents | |
| CN1781119A (en) | Method and apparatus for identifying,managing and controlling communications | |
| CN1818961A (en) | Electronic billing system | |
| EP2484077B1 (en) | System and method for planning and performing secure electronic correspondence operations | |
| CN1700641A (en) | Digital signature assurance system, method, program and apparatus | |
| US10348783B2 (en) | Controlling visibility and distribution of shared conferencing data | |
| CN1731726A (en) | Safety infrastructure and value-added project composed by mobile phone association server | |
| CN1794294A (en) | Network protocol payment method | |
| EP3673618A2 (en) | Blockchain-based dispute resolution | |
| US10673636B1 (en) | System and apparatus for providing authenticable electronic communication | |
| WO2008149328A2 (en) | Verifying authenticity of e-mail messages | |
| CN1808490A (en) | Business operating method and system for digital seals | |
| US20170134326A1 (en) | Method and system for secure transmission and receipt of an electronic message | |
| TWI338486B (en) | Operation system and method of workflow integrated with a mail platform and web applications, and related mail platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Free format text: FORMER OWNER: XU RONGSHENG Effective date: 20120111 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20120111 Address after: 100086 Beijing city Haidian District Shuangyushu East Village No. 20 room 1405 Patentee after: Bai Erqiang Address before: 100086 Beijing city Haidian District Shuangyushu East Village No. 20 Conan center 1405 Co-patentee before: Xu Rongsheng Patentee before: Bai Erqiang |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070124 Termination date: 20180712 |