Summary of the invention
Mobile strong at the digital document that takes place on the network, easily revise, the characteristics of transreplication, the present invention is devoted to solve the problem of saving the digital document primordial condition on the network from damage.For this reason, the technical problem to be solved in the present invention is to provide a kind of proprietary mail system of saving the digital document primordial condition on network from damage.Native system provides generation keeping digital document for the party and has refused anyone it is carried out any technical solution of revising behavior, can guarantee the authenticity that content and form through the in trust digital document of native system all can reliably keep its primordial condition effectively.
Adopt system of the present invention, can make the addressee when the actual reception mail, send receipt automatically synchronously and give sender and nominator thereof, with the fact that proves that the addressee gets the mail.
System of the present invention also is provided as the service that in trust file is added a cover the standard time postmark automatically, enters the correct time of native system to prove this document effectively.
The technical problem to be solved in the present invention also is to provide a kind of method of saving the digital document primordial condition on network from damage.Adopt this method, can provide for taking care of digital document and refusing anyone it is carried out any approach of revising behavior, can prevent to adopt the means of technology that it is carried out any behavior of revising effectively for the party.
The proprietary mail system of saving the digital document primordial condition on network from damage of the present invention comprises server end and client; Both are by Internet connection; Wherein, described server comprises:
The encrypting and authenticating modules A is set up the encrypted transmission passage with the encrypting and authenticating module B of client between service end and client, the transmitting-receiving process of mail is not illegally listened;
User identification module is used to discern the identity information from the user of client login;
The mail treatment module is handled mail according to the type of mail, comprises the error mail answer, and mail is transmitted, and Email attachment is peeled off keeping and mail transferred to file keeping modules A realization mail take care of;
File keeping modules A deposits file in safety-deposit box and takes care of;
Safety-deposit box is stored file, and prevents revising processing, realizes the graded access control to file.
Described client comprises:
The identify label module is used to generate and preserve unique sign of user, when the user logins, carries out authentication;
The mail transmission/reception module is used for carrying out receiving and dispatching mail for the user;
File is module B certainly, and needs file certainly as annex, is generated corresponding mail and sends on the server;
The automated response piece module, the mail that is used for sending as the user specifies mailbox to send receipt from trend after the addressee of native system receives mail; For the addressee of non-native system, system will send the prompting notice to it, advise its application and will use native system, thereby realize sending automatically receipt;
Automatically synchronously supervision module: be used for being made into digital text, beam back the native system safety-deposit box and take care of through authorizing synchronous supervision and recording user's " from Website login to opening target web " overall process faithfully.
Encrypting and authenticating module B sets up an encrypted transmission passage with the encrypting and authenticating modules A of server end between server end and client, the transmitting-receiving process of mail is not illegally listened;
The time system module, be used for the standard time system carry out synchronously, obtain the time attribute that the standard time fixes digital document.
Method of saving the digital document primordial condition from damage by the proprietary mail system on network of the present invention comprises the steps:
Step 1, the user lands proprietary mail of the present invention system by client, accepts the authentication of system;
Step 2, the standard time system module carries out the time synchronized calibration by time server;
Step 3 after the user generates file destination, is packaged into email encryption with it and sends to server;
Step 4, server is decrypted mail, separates file destination;
Step 5, server carry out preventing accordingly revising processing according to the attribute of file destination, or send to another client and carry out the return receipts mechanism processing, or deposit file destination in safety-deposit box.
The present invention provides for the keeping digital document for the party on the whole and has refused anyone it is carried out any technical solution of revising behavior, can guarantee to keep through the in trust digital document of native system the authenticity of its primordial condition (content and form) effectively.Adopt system and method for the present invention, make the addressee when the actual reception mail, send receipt automatically synchronously and give sender and nominator thereof, with the fact that proves that the addressee gets the mail.The present invention also is provided as the service that in trust file is added a cover the standard time postmark automatically, enters the correct time of native system to prove this document effectively.
Embodiment
What Fig. 1 provided is the proprietary mail system of saving the digital document primordial condition on network from damage of the present invention, and as can be seen from Figure 1, proprietary mail of the present invention system comprises server end and client; Both are by Internet connection;
Described client comprises: identity Sign module, mail transmission/reception module, file keeping module B, the automatic module of supervision synchronously, automated response piece module, time system module, encrypting and authenticating module B; Wherein:
Described identity Sign module is used to generate and preserve unique sign of user and is sent to mail transmission/reception module, file keeping module B, the automatic module of supervision synchronously;
Described mail transmission/reception module is exclusively used in the confession user by client and carries out the processing of receiving and dispatching mail;
Described automated response piece module between described mail transmission/reception module and described encrypting and authenticating module, is used for the mail that sends as the user after the addressee of native system receives and checks mail, specifies mailbox to send receipt from trend; For the addressee of non-native system, system will send notice to its suggestion, and suggestion wherein please and be used native system, thereby realize sending automatically receipt;
Described automatically synchronously supervision module, the standard time that provides with the time system module is shown in the user computer screen as temporal image; Automatically synchronously the supervision module is through authorizing synchronous supervision and recording user's " from Website login to opening target web " (online behavior) overall process faithfully;
Described encrypting and authenticating module B, be used between the server and client side, setting up the encrypted transmission passage, it can receive the data from described mail transmission/reception module, file keeping module B, the automatic module of supervision synchronously, after these data are encrypted transfer of data is arrived the encrypting and authenticating modules A; It also can receive the enciphered data that comes from the encrypting and authenticating modules A, and the data after will deciphering after data are decrypted are passed to the mail transmission/reception module.
Described server end comprises:
The encrypting and authenticating modules A is used for setting up the encrypted transmission passage between the server and client side; When from client reception data, encrypting and authenticating module B is decrypted the enciphered data that receives; And when client transmits data, encrypting and authenticating module B encrypts data, and sends data to the encrypting and authenticating modules A;
User identification module is used to discern the identity from the user of client login, and the user profile the when information of being obtained will be used for mail treatment and file keeping is judged;
The mail treatment module is used to receive and dispatch the mail between the user in the native system, according to the type of mail mail is handled, and comprises the error mail answer, and mail is transmitted, and Email attachment is peeled off or directly mail sent to file keeping modules A;
File keeping modules A passes the file of coming with the mail treatment module and deposits safety-deposit box in and take care of;
Safety-deposit box is stored the file that file keeping modules A transmits, and is prevented revising processing, realizes the graded access control to file.The safety-deposit box structure is seen Fig. 6.
Fig. 2 has shown a schematic diagram with TCP/IP exchange Email.What system of the present invention paid close attention to is to use TCP exchange mail between client and the server, and prevents that mail transmission/reception side from denying the behavior and the Mail Contents of receiving and dispatching mail afterwards.
" user agent " shown in Fig. 2 is actual to be exactly the partial function module that client provided in the system of the present invention.
In conjunction with Fig. 1 and Fig. 2, system of the present invention can realize following function.
One, the keeping of Email content
Supposing has A, and B two people need conclude the business by Email.If they are the users of system of the present invention, and the client software bag with unique sign has been installed all, they just can use the email client in the client software to send and receive Email.When the addressee is got the mail checking, send receipt automatically, can allow both sides confirm that all mail receives, dispute takes place after preventing.
When A when B sends mail, if B receives and watched mail, the client software of B can send receipt from trend A, thereby confirms that B has received mail.This receipt has comprised user's unique sign and time stamp, so can confirm addressee and sender's identity.
If only a side is the user of system of the present invention, the opposing party was not the user of system of the present invention at that time, then had following two kinds of situations:
---Ruo sender is the native system user, and the addressee is not the native system user, and system will only authorize by the sender sending out mail is taken care of, and prompting suggestion addressee's application and use native system;
---Ruo sender is not the native system user; and the addressee is the native system user; during mail arrives addressee's mailbox that the mailbox that then any sender sets up at native system to the addressee sends; all will point out during server mail treatment module from the trend sender; show the mail received user from non-native system; advise its application and use native system, with its legitimate rights and interests of practical protection.
Native system is received and dispatched the overall process of an envelope mail, as shown in Figure 3, customer end A to customer end B (hereinafter to be referred as A, B) send an envelope mail, receive the mail of A when server after, judge at first whether B is user in the system, if not, then this B of receipt prompting A is user outside the system, then this mail is mail to the mailbox of B ", this time the mail transmission/reception process is finished;
If B is user in the system, server is sent out mailbox into B with mail, B receives by the mail of mail transmission/reception module to A, when B checks Mail Contents, the mail transmission/reception module of B can trigger the automated response piece module, thereby send " having read receipt " from trend A, this receipt is received and is dealt into the mailbox of A by server.The mail transmission/reception module of A receives this receipt, and when A checked this receipt, the mail transmission/reception module of A triggered the automated response piece module, sent " receipt affirmation " to server, and server deposits safety-deposit box in " receipt affirmation " automatically.So far, once complete mail transmission/reception process is finished.
Two, the keeping of digital document
Suppose that certain user A has just created a copyright, is stored in these works on user's oneself the hard disk with the BMP picture format.In order to prove oneself and the content of works creation time of these works, prevent others the illegal works that use oneself, user A can use proprietary mail of the present invention system to save the digital document primordial condition from damage---
User A request for utilization to account number cipher land client, after carrying out authentication by the identify label module, start-up time system module, carry out the time synchronized calibration by time server, the module of startup file keeping simultaneously B, the file that will take care of generates mail as annex, and mail is encapsulated, and adds a cover time stamp; The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server; The email disposal module of server end is handled mail, and annex is peeled off; File keeping modules A deposits the attachment files of separating in safety-deposit box.
Three, synchronous automatically supervision and record
If the works that user A finds oneself by bootlegging on certain website, be replicated in evidence on certain website (because this digital document can be deleted from its website in a short period of time) in order to obtain its works, he can use system of the present invention to record these works faithfully and be replicated in the fact on certain webpage---
User A request for utilization to account number cipher land client, carry out authentication by the identify label module after, start-up time, system module carried out time synchronized calibration by time server, started automatically supervision module synchronously simultaneously.Automatically synchronously after the supervision module starts, current all windows client this moment minimize on use all, system enters the track record state.Then, user A open any browser, input target network address along entering, up to the target approach webpage with linking the one-level one-level.Press the Ctrl+C end record at last.System is made into read-only file with whole flow processs of institute's track record automatically, and this file is generated mail as annex, and mail is encapsulated, and adds a cover time stamp; The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server; Server electronic mail treatment module is handled mail, and annex is peeled off; File keeping modules A deposits the attachment files of separating in safety-deposit box.
So just write down and preserved A from logining, can also use client software that the record of said process is browsed, but can not revise up to the whole process and the time of opening target web.
Fig. 4 is the flow chart of the method for the invention, and this flow chart can reduce following steps:
Step 1, the user lands the proprietary mail system by client, accepts the authentication of system;
Step 2, the standard time system module carries out the time synchronized calibration by time server;
Step 3, the user generates file destination, then it is packaged into email encryption and sends to server;
Step 4, server is decrypted mail, separates file destination;
Step 5, server are carried out the anti-accordingly processing of revising, or are sent out according to the attribute of file destination
Give another client and carry out the return receipts mechanism processing, or deposit file destination in safety-deposit box.
File destination wherein can be divided into three kinds of situations, is divided into three embodiment below and illustrates.
Adopt the method for the invention, one of them specific embodiment is by the upload file of proprietary mail system, file is sent into prevented the preservation primordial condition revised in the safety-deposit box of system of the present invention, the flow process in conjunction with the left side branch of Fig. 4 comprises the steps: particularly
The file that will take care of generates mail as annex, and mail is encapsulated, and adds a cover time stamp;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server;
Server electronic mail treatment module is handled mail, and annex is peeled off;
The keeping module deposits the attachment files of separating in safety-deposit box.
Adopt the method for the invention, wherein another specific embodiment is to supervise and record faithfully user's " from Website login to opening target web " (online behavior) overall process synchronously by automatic synchronously supervisory role proprietary mail system, comes the online infringement page is collected evidence with this.Specifically comprise the steps:
Activate and supervise module automatically synchronously, record is carried out in the operation that the user demonstrates on computer screen, generate image file;
The image file that will take care of generates mail as annex, and mail is encapsulated, and adds a cover time stamp;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server;
Server electronic mail treatment module is handled mail, and annex is peeled off;
The keeping module deposits the image file of separating in safety-deposit box.
Adopting another specific embodiment of the method for the invention, is the affirmation that has the proprietary mail of automated response piece function system to realize two mail transmission/reception behaviors between the client by possessing.Branch's flow process in conjunction with the right of Fig. 4 comprises the steps: as can be seen
Generate mail in the client that sends, mail is encapsulated, add a cover time stamp;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server;
Server electronic mail treatment module is carried out distribution processor to mail;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail is sent to client from server;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail transmission is arrived server;
Server electronic mail treatment module is carried out distribution processor to " having read receipt " mail;
The encrypting and authenticating module is set up the encrypted transmission passage between client and server, mail is sent to client from server will " to have read receipt ";
When client was checked " having read receipt " mail, program activated the automated response piece module, generated " receipt affirmation " mail, added a cover time stamp simultaneously;
Server electronic mail treatment module is preserved into client's safety-deposit box to " receipt affirmation " mail, no longer transmits.
The foregoing description can be realized by client utility.
The user starts the corresponding function in the client utility in the time need supervising synchronously and write down the online behavior of oneself.It at first minimizes all interfaces of current operation, restarts synchronous supervision and writing function.Then the content on the screen is carried out " omnidistance image ".Its effect is just as a video camera, and use is grabbed screen mechanism and obtained the current screen message of user to the bitmap image, and stamps timestamp; Obtain mouse message again and mouse message is pasted on the bitmap images; After having generated a two field picture, system can automatically generate image verification and; At last, use the multimedia making technology of Microsoft Windows, bitmap images is added to create the AVI animation in the AVI animation frame, simultaneously with the verification of image with join in the verification and sequence of animation.Can note all the elements on the screen like this, comprise that mouse slides the login network address of input, new web page of opening step by step or the like.After opening target web and finishing synchronous recording, the screen state before the automatic recovery record of client.Image adopts special-purpose form, mails to safety-deposit box synchronously and takes care of; This image can only just can be opened broadcast in private client software, but can not revise.Any behavior that this image is made amendment can be come out by verification and the sequence checking by check image when integrity checking.
The most important characteristic of supervision module just is synchronously: the timestamp of image file is to beat on each frame picture, and the every frame picture on the image that the feasible module of supervision synchronously generates all has the time uniqueness.
In order to allow system of the present invention realize needed function, the present invention has expanded smtp protocol, has increased new header field type by the encrypting and authenticating module in the client in original mail head--and " e-mail messages identification code " helps judge email type.The definition of " e-mail messages identification code " is as shown in table 1.
Table 1
The operation name | The mail identification code | Operation actuating station |
Client sends surface mail | ??WB-NormalMail | Client |
Server sends the mail receipt of makeing mistakes | ??WB-Wrong-Mail | Server |
Mail has been read receipt | ??WB-BeReadMail | Client |
Receipt is confirmed | ??WB-Confirming | Client |
Upload file | ??WB-UploadFile | Client |
Upload image | ??WB-Upload-Avi | Client |
The keeping mail | ??WB-SecureMail | Client |
Among the present invention, the flow chart of server end work such as Fig. 5: after server end receives and behind the mail that client sends and by the encrypting and authenticating module mail is decrypted, mail head to each envelope mail partly deciphers, and isolates the identification code that comprises among the mail head.The present invention does not support other Mail Clients and the mail that sends over of Web mailing system, so every do not have e-mail messages identification code or the incorrect mail of e-mail messages identification code will be considered as " outside the system " mail by system, to its otherwise processed.Server end is done different processing to " outside the system " mail according to different e-mail messages identification codes respectively according to following processing mode:
If do not have e-mail messages identification code or e-mail messages identification code incorrect, then server sends the mail that has e-mail messages identification code " WB-Wrong-Mail " and gives the sender, and simultaneity factor is sent the prompting mail that adds native system from the trend sender;
If the e-mail messages identification code is " WB-Normal-Mail ", represent that then this mail is a surface mail, server directly is transmitted to the addressee with mail;
If the e-mail messages identification code is " WB-BeReadMail ", represent that then this mail is " mail has been read receipt ", server is transmitted to the addressee with this mail;
If the e-mail messages identification code is " WB-Confirming ", represent that then this mail is " receipt affirmation ", server is preserved mail, simultaneously with the mail complete decoding, following information in the mail is deposited the safety-deposit box into system: the content of addresser, receiver, transmitting time (adopting for three times here, is respectively client host time, client time, Internet time in when posting a letter), server time of reception, mail matter topics, Mail Contents mail;
If the e-mail messages identification code is " WB-UploadFile ", the annex of then representing this mail is for depositing the file of safety-deposit box in, server is with the mail complete decoding, Email attachment is being separated, server can arrive the application and the use information of inquiring user safety-deposit box in the User Information Database, if the user does not apply for that safety-deposit box or the last space of safety-deposit box have been not enough to storage attachments, then server is sent out mail and is confirmed to the user, requires the enough spaces of application; If the space of user's safety-deposit box is enough, then server deposits attachment files in assigned catalogue, and deposits the following information in the mail in database: safety-deposit box owner's name, this safety box operation time started, server time of reception, keeping File Info, keeping file name, keeping file size, the relative path of keeping file on server;
If the e-mail messages identification code is " WB-Upload-Avi ", the annex of then representing this mail is for depositing the synchronous supervision image of safety-deposit box in.Server is that the processing method of mail of " WB-UploadFile " is identical to the concrete processing method of this mail and e-mail messages identification code;
If the e-mail messages identification code is " WB-SecureMail ", then expression need deposit this mail integral body in user's safety-deposit box.Server is similar to the processing method of the mail that the concrete processing method and the e-mail messages identification code of this mail is " WB-UploadFile ", and unique difference is that the content that deposits safety-deposit box in is whole mail, and is not only attachment files.
More than be mail server to the processing procedure of the mail that has the different mail message identification code.Ben is that in the said process, " receipt " function is opaque to the user, promptly triggers the receipt module automatically by system when the user checks mail and finishes.Though some present mailing systems also can provide a kind of function that automatically replies, be similar to automated response piece of the present invention, but the automated response piece function is different with " answer ", " answer " function is equal to " posting a letter ", functions such as " forwardings " from native system mail transmission/reception entire flow viewpoint of measures.
Automated response piece function and " answer " specifically have following different:
One, automated response piece mechanism of the present invention adopts the proprietary mail system, is not the proprietary mail system and automatically reply.
The present invention adopts special-purpose mail server and Mail Clients.System all distributes a unique sign for each user, and user's Mail Clients is also relevant with this unique sign---and each user can only be with its oneself proprietary mail client receiving and dispatching mail, thereby prevents that another user of user counterfeit from sending mail.
Two, be automated response piece content with automatically reply different.
The content that automatically replies only is to have acknowledged receipt of certain Email, can't confirm mail reception person's true identity.The content of automated response piece of the present invention has comprised unique sign of mail reception person, thereby can prevent that the other side from denying the fact of mail Delivered.
Three, automatically reply and be sent to the Email Sender, and the final tache of automated response piece is to send " receipt affirmation ", and " receipt affirmation " can deposit system's safety-deposit box in by serviced device, for the mail transmission/reception both sides, has same non repudiation, the addressee's fact of having checked mail of promptly can having confirmed mail that the addressee has received that the sender sends and Sender Confirmation.
As shown in Figure 6, the present invention is provided with system's safety-deposit box at server end, and the system safety-deposit box of making possesses the method that refusing user's is deleted voluntarily, revised, and can prevent to forge, revise the generation of situation.
The data file that safety-deposit box is taken care of can not be had only the user to open in read-only mode by Any user and other any software modification; The user can deleted file.
The present invention adopts the technology of the bottom, and system kernel realization file is anti-revises function thereby on-the-fly modify, and has realized framework as shown in Figure 6.Comprise three-decker, i.e. system's separator, keeping layer and inner nuclear layer.
The outermost layer of safety-deposit box is system's separator, it provides safety-deposit box external whole access interfaces, system's separator has the encrypting and authenticating module, can carry out authentication to visit to safety-deposit box, and guarantee that authentication information can not monitored, system's separator can provide corresponding service according to visitor's type (user, keeper, mail server).
Middle one deck of safety-deposit box is the keeping layer, the safety-deposit box that provides each user to use, the Miscellaneous Documents that safety-deposit box keeping user will take care of.
The bottom of safety-deposit box is an inner nuclear layer, and it provides all system calls of system's separator, and in order to satisfy the function needs of safety-deposit box, system calls bottom and done modification.Promptly adopt the method for load-on module to revise all system calls relevant with system safety.For file protect, in the system call that is modified or when being called, check the file operation authority of login user earlier, if do not protect or belong to non-protection type, then return original system call.Otherwise, select to open pattern according to the pattern that the protection type and the user of file opens file, or return type of error.For example, for being listed in only read-protected file,, then return original system call if the user opens file with a reading mode; If read-protected file is only attempted to open with the pattern of writing, then returns mistake.As seen, above-mentioned principle has guaranteed that file can not be revised.
The present invention also has the function with standard time system's stationary digital document time attribute.
In the intellectual property law protection system, time attribute is a very important attribute of intellectual property guarantee of rights.The all free attribute of the digital document of online transmission, but owing to reasons such as system's setting and artificial change are very simple and easy to do, the time attribute of each terminal can not accurately reflect the accuracy of this document initial release time usually.The present invention adopts the time attribute of the method stationary digital file of three time systems, and its principle is as follows:
Have the time of an operating system itself in the General System, be referred to as the subscriber's local time, this time can directly revise, and is inaccurate usually.
The present invention is except the local zone time that uses operating system, also has a cover time mechanism in internal system, the present invention is referred to as regularly lock in time, it obtains the standard time from the universal time server, and the subscriber's local time and the universal time of native system compared, if there are deviation the subscriber's local time and the standard time of native system, then automatically the subscriber's local time of native system is proofreaied and correct, guarantee the subscriber's local time of native system and the consistency of universal time by this method.
In design, adopt NTP (Network Time Protocol) agreement to realize.Network Time Protocol is except can estimating the round-trip delay of package on network, also can estimate the computer clock deviation independently, thereby when being implemented in the high accurancy and precision computer school on the network, it is that design is used for making on Internet different machines can keep a kind of communications protocol of identical time.Time server (time server) is a kind of server that utilizes NTP, by it the machine in the network is held time synchronously.In most place, NTP can provide the source and network work path lock in time of the trustworthiness of 1-50ms.
NTP is agreement lock in time of crossing over the complexity of wide area network or local area network (LAN), and it can obtain the precision of Millisecond usually.RFC2030[Mills 1996] SNTP (Simple Network TimeProtocol) has been described, it is the subclass of NTP.Purpose is for those do not need main frames that complete NTP realizes complexity by internet and other NTP main frame synchronised clock, follows that other clients provide the time synchronized service in local area network (LAN) again.As shown in Figure 7.
In addition, when sending file, the network standard time when the file transmission can be got by system, be called instant lock in time.
For each file, by subscriber's local time, instant lock in time of this three time system when regularly lock in time and file send are provided, both guaranteed the primitive attribute of time, also guaranteed the accuracy of time, thereby can describe the time attribute of digital document more comprehensively and accurately, and guarantee digital intellectual property works copyright people's right formerly.
Three time systems:
The front has specifically described the principle of network standard time system.The present invention adopts three time systems to realize the operation of the time of getting, and it is preserved with particular form.Three time systems as shown in Figure 8, that is:
Client is set up the subscriber's local time.
Client regularly obtains the network standard time from Internet, is used for the correcting user local zone time, makes it to be consistent with the network standard time.
When client is carried out specific operation,,, be consistent with the instant time and the network standard time of guaranteeing this specific operation once more by obtaining the network standard time on the Internet as sending, receive, check operations such as mail, file, receipt.
The time attribute that the present invention uses these three time description incidents to take place can remedy the error of using the single time to cause.Using Internet during the time, also can revise with reference to Ineternet time deviation amount theory.