TW201528038A - Cloud electronic notary service method and system thereof - Google Patents

Cloud electronic notary service method and system thereof Download PDF

Info

Publication number
TW201528038A
TW201528038A TW103100151A TW103100151A TW201528038A TW 201528038 A TW201528038 A TW 201528038A TW 103100151 A TW103100151 A TW 103100151A TW 103100151 A TW103100151 A TW 103100151A TW 201528038 A TW201528038 A TW 201528038A
Authority
TW
Taiwan
Prior art keywords
electronic
information
cloud
file
generate
Prior art date
Application number
TW103100151A
Other languages
Chinese (zh)
Other versions
TWI509459B (en
Inventor
Chun-Liang Chen
Chun-Kuang Chen
Original Assignee
Trade Van Information Services Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Trade Van Information Services Co filed Critical Trade Van Information Services Co
Priority to TW103100151A priority Critical patent/TWI509459B/en
Publication of TW201528038A publication Critical patent/TW201528038A/en
Application granted granted Critical
Publication of TWI509459B publication Critical patent/TWI509459B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

This invention provides a cloud electronic notary service method and a system thereof, running third party electronic notary service on a cloud platform, offering multi-user sequentially combining electronic documents with time-stamp information and signature information to create electronic receipt information, so as to achieve third-party electronic notary service, and ensure the electronic documents authenticity, integrality and nonrepudiation and security, and the document retrieval unique identification and verifiability.

Description

雲端電子公證服務方法及其系統 Cloud electronic notary service method and system thereof

本發明係關於一種電子公證技術,詳言之,係關於一種雲端電子公證服務方法及其系統。 The invention relates to an electronic notarization technology, in particular to a cloud electronic notarization service method and system thereof.

電子文件是利用電腦產生並在網路上傳輸的文字和圖形,例如交易契約,政府公文等,電子文件可視為電子政務和電子商務的基礎。電子簽章則是針對電子文件加蓋以電子印章的確認過程,且由於電子文件與電子簽章均是以電子形式存在,故保證電子文件的完整性以及電子簽章的不可否認性是電子簽章系統安全性的重要要素之一。 Electronic documents are words and graphics generated by computers and transmitted over the Internet, such as transaction contracts, government documents, etc. Electronic documents can be regarded as the basis of e-government and e-commerce. The electronic signature is a confirmation process for electronic documents with electronic seals. Since electronic documents and electronic signatures are in electronic form, the integrity of electronic documents and the non-repudiation of electronic signatures are electronic signatures. One of the important elements of system security.

然而,當前電子簽章系統大多僅具有電子文件的備份功能與利用電子簽章的存證功能,對於較複雜的第三方公證的功能,往往在技術上無法突破或效果不佳,導致無法確保電子文件的完整性以及電子簽章的不可否認性與安全性,進行電子文件調閱也無較有效率以及可驗證的調閱方式,造成目前無法對電子政務和電子商務有進一步的推廣使用之主要原因。 However, most of the current electronic signature systems only have the backup function of electronic files and the depositing function using electronic signatures. For the more complicated third-party notarization functions, technical breakthroughs or poor results are often impossible, resulting in failure to ensure electronic The integrity of the documents and the non-repudiation and security of electronic signatures, and the lack of efficient and verifiable access to electronic documents, resulting in the inability to further promote e-government and e-commerce. the reason.

本發明之一目的在於提供一種雲端電子公證服務方法及其系統,可提供第三方之電子公證服務,並可確保電子文件的真實性 與完整性以及電子簽章的不可否認性,以及電子收據的唯一識別與驗證性。 An object of the present invention is to provide a cloud electronic notarization service method and system thereof, which can provide electronic notarization services of third parties and ensure the authenticity of electronic documents. Non-repudiation with integrity and electronic signature, and unique identification and verification of electronic receipts.

本發明提供一種雲端電子公證服務方法,係應用於具有雲端平台與第一、第二、第三用戶裝置之雲端電子公證服務系統,該雲端電子公證服務方法包括下列步驟:(1)令第一用戶裝置將原始電子文件結合第一時戳資訊,以進行簽章運算而產生第一簽章資訊,再將原始電子文件結合第一簽章資訊,以產生第一電子文件,俾傳送第一電子文件至雲端平台;(2)令第二用戶裝置自雲端平台接收第一電子文件,將第一電子文件結合第二時戳資訊,以進行簽章運算而產生第二簽章資訊,再將第一電子文件結合第二簽章資訊,以產生第二電子文件,俾傳送第二電子文件至雲端平台;(3)令第三用戶裝置自雲端平台接收第二電子文件,將第二電子文件結合第三時戳資訊,以進行簽章運算而產生第三簽章資訊,再將第二電子文件結合第三簽章資訊,以產生第三電子文件,俾傳送第三電子文件至雲端平台;(4)令雲端平台結合運算特徵資訊及第三電子文件而進行處理,以產生中介資料;以及(5)令雲端平台將中介資料進行加密及雜湊運算,以產生電子收據資訊。 The invention provides a cloud electronic notarization service method, which is applied to a cloud electronic notarization service system having a cloud platform and first, second and third user devices, and the cloud electronic notarization service method comprises the following steps: (1) making the first The user device combines the original electronic file with the first time stamp information to perform the signature operation to generate the first signature information, and then combines the original electronic document with the first signature information to generate the first electronic file, and transmits the first electronic file. The file is sent to the cloud platform; (2) the second user device receives the first electronic file from the cloud platform, and combines the first electronic file with the second time stamp information to perform the signature operation to generate the second signature information, and then An electronic file is combined with the second signature information to generate a second electronic file, and the second electronic file is transmitted to the cloud platform; (3) the third user device receives the second electronic file from the cloud platform, and combines the second electronic file The third time stamp information is used to generate the third signature information by performing the signature operation, and then combining the second electronic document with the third signature information to generate the third electronic document. Transmitting the third electronic file to the cloud platform; (4) processing the cloud platform in combination with the computing feature information and the third electronic file to generate the intermediary data; and (5) enabling the cloud platform to encrypt and hash the intermediary data to Generate electronic receipt information.

此外,本發明復提供一種雲端電子公證服務系統,係包括:複數個用戶裝置;雲端平台,包括有儲存模組與處理模組,該儲存模組係用於儲存由複數個用戶裝置所傳送之複數個電子文件、複數個簽章資訊、複數個時戳資訊,而該處理模組係用於將複數個電子文件中之一電子文件(如第三電子文件)結合運算特徵資訊而進行處理,以產生中介資料,再對該中介資料進行加密及雜湊運算,以產生電子收據資訊。之後,電子收據資訊可透過調閱模 組驗證之後,調閱複數個電子文件(如第一、第二、第三電子文件等)。 In addition, the present invention further provides a cloud electronic notarization service system, which comprises: a plurality of user devices; a cloud platform, comprising a storage module and a processing module, wherein the storage module is used for storing and transmitting by a plurality of user devices. a plurality of electronic files, a plurality of signature information, and a plurality of time stamp information, and the processing module is configured to process one of the plurality of electronic files (such as the third electronic file) by combining the operation feature information. To generate mediation data, and then encrypt and hash the mediation data to generate electronic receipt information. After that, the electronic receipt information can be accessed through the mode. After the group is verified, a plurality of electronic files (such as first, second, third electronic files, etc.) are accessed.

相較於先前技術,本發明係結合簽章資訊與時戳資訊並提供電子收據資訊,以提供公正的第三方電子公證服務,而克服當前電子簽章系統普遍存在的公正性欠缺的問題,並可確保電子文件的真實性與完整性與存證的不可否認性,以及透過電子收據調閱原始文件的可驗證性及唯一識別性。 Compared with the prior art, the present invention combines signature information and time stamp information and provides electronic receipt information to provide an impartial third party electronic notarization service, and overcomes the problem of the lack of impartiality prevailing in the current electronic signature system. It ensures the authenticity and integrity of electronic documents and the non-repudiation of deposits, as well as the verifiability and uniqueness of accessing original documents through electronic receipts.

1‧‧‧雲端電子公證服務系統 1‧‧‧Cloud Electronic Notary Service System

10‧‧‧雲端平台 10‧‧‧Cloud Platform

12‧‧‧儲存模組 12‧‧‧ Storage Module

14‧‧‧處理模組 14‧‧‧Processing module

16‧‧‧調閱模組 16‧‧‧Review module

20‧‧‧第一用戶裝置 20‧‧‧First user device

30‧‧‧第二用戶裝置 30‧‧‧Second user device

40‧‧‧第三用戶裝置 40‧‧‧ third user device

S201至S213、S401至S411‧‧‧步驟 Steps S201 to S213, S401 to S411‧‧

第1圖係為本發明之雲端電子公證服務系統之架構示意圖;第2圖係為本發明之雲端電子公證服務方法中產生電子收據資訊的步驟流程圖;第3圖係為本發明之中介資料的組成欄位;以及第4圖係為本發明之雲端電子公證服務方法中調閱電子文件的步驟流程圖。 1 is a schematic diagram of the architecture of the cloud electronic notarization service system of the present invention; FIG. 2 is a flow chart of steps for generating electronic receipt information in the cloud electronic notarization service method of the present invention; and FIG. 3 is an intermediary material of the present invention. The composition field; and the fourth figure is a flow chart of the steps of accessing the electronic file in the cloud electronic notarization service method of the present invention.

以下藉由特定的具體實施例說明本發明之技術內容,熟悉此技藝之人士可由本說明書所揭示之內容輕易地瞭解本發明之其他優點及功效,亦可藉由其他不同的具體實施例加以施行或應用。 The other embodiments of the present invention will be readily understood by those skilled in the art from this disclosure. Or application.

請參閱第1圖,係為本發明之雲端電子公證服務系統1之架構示意圖,包括有雲端平台10與複數個用戶裝置(如第一用戶裝置20、第二用戶裝置30、第三用戶裝置40),其中,該第一、第二、第三用戶裝置20、30、40係可例如為個人電腦、平板電腦、或智慧型手機等各類具有通訊功能之電子產品,並可以有線或無線之通訊方式登入該雲端平台10執行相關操作,而本發明之雲端 平台10則主要包括有儲存模組12、處理模組14、調閱模組16,且該雲端平台10可例如使用HDFS(Hadoop Distributed File System)實作,其中,由於分散式系統架構之特性,上述各模組可依據實際需求而分別部署於不同之實體設備上,然而上述各模組亦可合併部署於同一實體設備上。此外,第一用戶裝置20、第二用戶裝置30、第三用戶裝置40的數量僅為例示說明,實際數量可分別為一個或一個以上。 Please refer to FIG. 1 , which is a schematic diagram of the architecture of the cloud electronic notarization service system 1 of the present invention, including a cloud platform 10 and a plurality of user devices (eg, first user device 20, second user device 30, and third user device 40). The first, second, and third user devices 20, 30, and 40 can be, for example, a personal computer, a tablet computer, or a smart phone, and the like, and can be wired or wireless. The communication mode is logged into the cloud platform 10 to perform related operations, and the cloud of the present invention The platform 10 mainly includes a storage module 12, a processing module 14, and a review module 16, and the cloud platform 10 can be implemented, for example, using a HDFS (Hadoop Distributed File System), wherein due to the characteristics of the distributed system architecture, The above modules can be deployed on different physical devices according to actual needs. However, the above modules can also be deployed on the same physical device. In addition, the number of the first user device 20, the second user device 30, and the third user device 40 is merely an illustration, and the actual number may be one or more.

儲存模組12係用於儲存由複數個用戶裝置所傳送之複數個電子文件、複數個時戳資訊、複數個簽章資訊等。 The storage module 12 is configured to store a plurality of electronic files transmitted by a plurality of user devices, a plurality of time stamp information, a plurality of signature information, and the like.

處理模組14係用於將複數個電子文件中之一電子文件(如第三電子文件)結合運算特徵資訊而進行處理,以產生中介資料,再對該中介資料進行加密及雜湊運算,俾產生電子收據資訊。此外,該處理模組14進一步將該電子收據資訊寫入該中介資料,以將該經寫入之中介資料進行簽章運算,俾產生收據簽章資訊,可確認中介資料是否有被異動。 The processing module 14 is configured to process an electronic file (such as a third electronic file) of the plurality of electronic files by combining the operation feature information to generate the intermediate data, and then encrypt and hash the intermediate data to generate Electronic receipt information. In addition, the processing module 14 further writes the electronic receipt information into the intermediary data to perform the signature operation on the written intermediary data, and generates the receipt signature information to confirm whether the intermediary data has been changed.

調閱模組16係用於將該經寫入之中介資料進行處理,以自該儲存模組調閱該複數個電子文件,也可透過使用電子收據資訊,經驗證該電子收據資訊無誤後,調閱該電子收據資訊相對應的該複數個電子文件(如第一、第二、第三電子文件等)。 The reading module 16 is configured to process the written intermediaries for reading the plurality of electronic files from the storage module, and by using the electronic receipt information, after verifying that the electronic receipt information is correct, The plurality of electronic files (such as the first, second, third electronic files, etc.) corresponding to the electronic receipt information are accessed.

請參閱第2圖,係為本發明之雲端電子公證服務方法中產生電子收據資訊的步驟流程圖,其中,本發明之雲端電子公證服務方法係應用於如第1圖所述之具有雲端平台與第一、第二、第三用戶裝置之雲端電子公證服務系統。 Please refer to FIG. 2 , which is a flow chart of steps for generating electronic receipt information in the cloud electronic notarization service method of the present invention, wherein the cloud electronic notarization service method of the present invention is applied to the cloud platform and the cloud platform as described in FIG. 1 . Cloud electronic notarization service system for first, second and third user devices.

首先進行步驟S201,令第一用戶裝置將原始電子文件M結合 第一時戳資訊,其中,該第一時戳資訊是第一用戶於第一用戶裝置確認原始電子文件M無誤後要進行簽章時由雲端平台所提供的時間資訊,接著進至步驟S202。 First, step S201 is performed to enable the first user device to combine the original electronic file M. The first timestamp information, wherein the first timestamp information is time information provided by the cloud platform when the first user device confirms that the original electronic file M is correct, and then the time information is provided by the cloud platform, and then proceeds to step S202.

於步驟S202中,令第一用戶裝置將經結合第一時戳資訊之原始電子文件M進行雜湊(hash)運算,再加上第一私鑰進行簽章運算(如PKI技術)後,產生第一簽章資訊,接著進至步驟S203。 In step S202, the first user device performs a hash operation on the original electronic file M combined with the first time stamp information, and adds a first private key to perform a signature operation (such as PKI technology). A signature information is passed, and then proceeds to step S203.

於步驟S203中,令第一用戶裝置將該原始電子文件M結合該第一簽章資訊,以產生第一電子文件M1,並將該第一時戳資訊、該第一簽章資訊、該原始電子文件M與該第一電子文件M1儲存於該雲端平台,藉以作為備份與存證,接著進至步驟S204。 In step S203, the first user device is caused to combine the original electronic file M with the first signature information to generate a first electronic file M1, and the first time stamp information, the first signature information, the original The electronic file M and the first electronic file M1 are stored in the cloud platform, thereby serving as a backup and deposit certificate, and then proceeding to step S204.

此外,複數個第一用戶裝置可重複上述步驟以依序產生各電子文件,及最終之第一電子文件M1。 In addition, the plurality of first user devices may repeat the above steps to sequentially generate each electronic file, and finally the first electronic file M1.

於步驟S204中,令第二用戶裝置自該雲端平台接收該第一電子文件M1,將該第一電子文件M1結合第二時戳資訊,其中,該第二時戳資訊是第二用戶於第二用戶裝置確認第一電子文件M1(包括原始電子文件M與第一簽章資訊)無誤後要進行簽章時由雲端平台所提供的時間資訊,接著進至步驟S205。 In step S204, the second user device receives the first electronic file M1 from the cloud platform, and combines the first electronic file M1 with the second time stamp information, wherein the second time stamp information is the second user. After the second user device confirms that the first electronic file M1 (including the original electronic file M and the first signature information) is correct, the time information provided by the cloud platform at the time of signing is performed, and then proceeds to step S205.

於步驟S205中,令第二用戶裝置將經結合第二時戳資訊之第一電子文件M1進行雜湊(hash)運算,再加上第二私鑰進行簽章運算(如PKI技術)後,產生第二簽章資訊,接著進至步驟S206。 In step S205, the second user device performs a hash operation on the first electronic file M1 combined with the second time stamp information, and adds a second private key to perform a signature operation (such as PKI technology). The second signature information is passed to step S206.

於步驟S206中,令第二用戶裝置將該第一電子文件M1結合該第二簽章資訊,以產生第二電子文件M2,並將該第二時戳資訊、該第二簽章資訊、該第二電子文件M2儲存於該雲端平台,接著進至步驟S207。 In step S206, the second user device combines the first electronic file M1 with the second signature information to generate a second electronic file M2, and the second time stamp information, the second signature information, the The second electronic file M2 is stored in the cloud platform, and then proceeds to step S207.

此外,複數個第二用戶裝置可重複上述步驟以依序產生各電子文件,及最終之第二電子文件M2。 In addition, the plurality of second user devices may repeat the above steps to sequentially generate each electronic file, and finally the second electronic file M2.

於步驟S207中,令第三用戶裝置自該雲端平台接收該第二電子文件M2,將該第二電子文件M2結合第三時戳資訊,其中,該第三時戳資訊是第三用戶(公證方)於第三用戶裝置確認第二電子文件M2(包括原始電子文件M、第一簽章資訊與第二簽章資訊)無誤後要進行簽章時由雲端平台所提供的時間資訊,接著進至步驟S208。 In step S207, the third user device receives the second electronic file M2 from the cloud platform, and combines the second electronic file M2 with the third timestamp information, wherein the third timestamp information is the third user (notarization) After the third user device confirms that the second electronic file M2 (including the original electronic document M, the first signature information, and the second signature information) is correct, the time information provided by the cloud platform at the time of signing is performed, and then proceeds. Go to step S208.

於步驟S208中,令第三用戶裝置將經結合第三時戳資訊之第二電子文件M2進行雜湊(hash)運算,再加上第三私鑰進行簽章運算(如PKI技術)後,產生第三簽章資訊,接著進至步驟S209。 In step S208, the third user device performs a hash operation on the second electronic file M2 combined with the third time stamp information, and adds a third private key to perform a signature operation (such as PKI technology). The third signature information is passed to step S209.

於步驟S209中,令第三用戶裝置將第二電子文件M2結合該第三簽章資訊,以產生第三電子文件M3,並將該第三時戳資訊、該第三簽章資訊、該第三電子文件M3儲存於該雲端平台,藉以作為公證,接著進至步驟S210。 In step S209, the third user device combines the second electronic file M2 with the third signature information to generate a third electronic file M3, and the third time stamp information, the third signature information, the first The three electronic file M3 is stored in the cloud platform for notarization, and then proceeds to step S210.

此外,複數個第三用戶裝置可重複上述步驟以依序產生各電子文件,及最終之第三電子文件M3。 In addition, the plurality of third user devices may repeat the above steps to sequentially generate each electronic file, and finally the third electronic file M3.

於步驟S210中,令該雲端平台結合運算特徵資訊及該第三電子文件M3而進行處理,以產生中介資料(Metadata),接著進至步驟S211。 In step S210, the cloud platform is processed in combination with the operation feature information and the third electronic file M3 to generate mediation data (Metadata), and then proceeds to step S211.

於步驟S211中,令該雲端平台將該中介資料進行加密及雜湊運算,以產生電子收據資訊,俾傳送該電子收據資訊至該第一、該第二、該第三用戶裝置,接著進至步驟S212。 In step S211, the cloud platform encrypts and hashes the mediation data to generate electronic receipt information, and transmits the electronic receipt information to the first, second, and third user devices, and then proceeds to the step. S212.

於步驟S212中,令該雲端平台將該電子收據資訊寫入該中介 資料,接著進至步驟S213。 In step S212, the cloud platform is caused to write the electronic receipt information into the intermediary. The data proceeds to step S213.

於步驟S213中,令該雲端平台將該經寫入之中介資料進行簽章運算(如PKI技術),以產生收據簽章資訊。 In step S213, the cloud platform causes the written intermediary data to perform a signature operation (such as PKI technology) to generate receipt signature information.

請參閱第3圖,係為本發明之中介資料的組成欄位,其中,文件識別碼(Doc ID)欄位係為由雲端平台所產生的文件編號;原始檔案名稱(Original FileName)欄位係為原始電子文件M的檔案名稱;檔案區塊識別碼清單(File block Id list)欄位係為第三電子文件M3所依序儲存在之區塊的識別碼清單表,由於在分散式環境中,第三電子文件M3可分割成多個區塊,並儲存在不同的伺服器上,因此雲端平台必須紀錄儲存第三電子文件M3之各個區塊的識別碼(也就是上述的運算特徵資訊),得以在未來可重組回第三電子文件M3;選擇檔案內容偏移位元組(Selected file content offset byte)欄位係為所選之檔案內容的偏移位元組值;文件雜湊值(Doc Hash Value)欄位係為文件的雜湊值;時戳值清單(Timestamp Value list)欄位係依序為第一時戳資訊(TS1)/第二時戳資訊(TS2)/第三時戳資訊(TS3);亂數(Random Number)欄位係為亂數值;電子收據值(Electronic Receipt Value)欄位係為電子收據資訊(詳細說明如下)。 Please refer to FIG. 3, which is a component field of the intermediary material of the present invention, wherein the Doc ID field is a file number generated by the cloud platform; the original file name field is The file name of the original electronic file M; the file block Id list field is the identification code list table of the block in which the third electronic file M3 is sequentially stored, because in a distributed environment The third electronic file M3 can be divided into a plurality of blocks and stored on different servers, so the cloud platform must record the identification code of each block of the third electronic file M3 (that is, the above-mentioned operation feature information). In the future, it can be reorganized back to the third electronic file M3; the selected file content offset byte field is the offset byte value of the selected file content; the file hash value (Doc The Hash Value field is the hash value of the file; the Timestamp Value list field is the first timestamp information (TS1)/second timestamp information (TS2)/third timestamp information. (TS3); Random Number column Value is based disorder; electronic receipt value (Electronic Receipt Value) is a field-based electronic receipt information (described in detail below).

在上述步驟S211中,該雲端平台係將中介資料的組成欄位中之檔案區塊識別碼清單欄位的內容(也就是上述的運算特徵資訊)進行雜湊運算以產生雜湊值、並將時戳值清單欄位的內容進行雜湊運算以產生雜湊值、再將選擇檔案內容偏移位元組欄位的內容與亂數欄位的內容進行組合以產生一組合資訊,藉此確保中介資料的識別性與安全性。 In the above step S211, the cloud platform hashes the content of the file block identifier list field (that is, the above-mentioned operation feature information) in the composition field of the mediation data to generate a hash value and time stamp. The content of the value list field is hashed to generate a hash value, and then the content of the selected file content offset byte field is combined with the content of the random field to generate a combined information, thereby ensuring identification of the intermediary data. Sex and safety.

之後,將該組合資訊進行加密運算(如Base64 Encoding),以 產生電子收據資訊,接著於步驟S212中,把電子收據資訊寫入中介資料中的電子收據值欄位,最後於步驟S213中,將該經寫入的中介資料進行簽章運算(如PKI技術),以產生收據簽章資訊,並將該收據簽章資訊傳送至遠端伺服器以儲存該收據簽章資訊,俾確保中介資料的完整性且不會被更改。 After that, the combined information is encrypted (such as Base64 Encoding) to The electronic receipt information is generated, and then in step S212, the electronic receipt information is written into the electronic receipt value field in the intermediary data, and finally, in step S213, the written intermediate data is signed (eg, PKI technology). To generate the receipt signature information, and transmit the receipt signature information to the remote server to store the receipt signature information, to ensure the integrity of the intermediary information and will not be changed.

請參閱第4圖,係為本發明之雲端電子公證服務方法中調閱電子文件的步驟流程圖,也就是將上述經寫入的中介資料進行下列步驟處理,以自雲端平台依序調閱第三、第二、第一及原始電子文件。 Please refer to FIG. 4 , which is a flow chart of steps for accessing an electronic file in the cloud electronic notarization service method of the present invention, that is, the above-mentioned written intermediate data is processed in the following steps, and is sequentially accessed from the cloud platform. Third, second, first and original electronic documents.

首先進行步驟S401,當要調閱電子文件時,先對該第一、該第二、該第三用戶裝置之任一者所提供的電子收據資訊進行解密,並傳送至雲端平台進行搜尋中介資料,若搜尋到具有該電子收據資訊的中介資料,則表示存在有該中介資料,接著進至步驟S403;若搜尋不到具有該電子收據資訊的中介資料,則表示該電子收據資訊有可能是偽造的,因此不進行下列步驟。由於電子收據資訊組成成分包括用戶端文件特徵資訊及平台端的運算特徵資訊及亂數等,內容相當複雜,因此很難偽造出正確的電子收據資訊,故可作為雲端平台內權限控管下的彈性安控機制。 First, in step S401, when the electronic file is to be accessed, the electronic receipt information provided by any of the first, the second, and the third user devices is first decrypted and transmitted to the cloud platform for searching for the intermediary data. If the intermediary information having the electronic receipt information is found, it means that the intermediary information exists, and then proceeds to step S403; if the intermediary information having the electronic receipt information is not found, the electronic receipt information may be forged. Therefore, the following steps are not performed. Since the electronic receipt information component includes user terminal file feature information and platform-side computing feature information and random numbers, the content is quite complicated, so it is difficult to forge the correct electronic receipt information, so it can be used as the flexibility under the authority control of the cloud platform. Security control mechanism.

於步驟S403中,雲端平台會將該中介資料進行簽章運算(如PKI技術),以與儲存在遠端伺服器之該收據簽章資訊進行比對,以確定該中介資料是否被更改過,若沒有被更改則進至步驟S405,反之不進行下列步驟。 In step S403, the cloud platform performs a signature operation (such as PKI technology) on the intermediary data to compare with the receipt signature information stored in the remote server to determine whether the intermediary data has been changed. If it has not been changed, it proceeds to step S405, whereas the following steps are not performed.

於步驟S405中,雲端平台將該中介資料中之檔案區塊識別碼清單欄位的內容進行雜湊運算以產生雜湊值、並將時戳值清單欄 位的內容進行雜湊運算以產生雜湊值、再將選擇檔案內容偏移位元組欄位的內容與亂數欄位的內容進行組合以產生一組合資訊,再與該電子收據資訊進行解密後的組合資訊進行比對,若內容無誤則雲端平台就會提供第三電子文件M3給第三用戶,接著進至步驟S407,反之不進行下列步驟。 In step S405, the cloud platform hashes the content of the file block identifier list field in the mediation data to generate a hash value, and the time stamp value list column The content of the bit is hashed to generate a hash value, and then the content of the selected file content offset byte field is combined with the content of the random field to generate a combined information, and then decrypted with the electronic receipt information. The combination information is compared. If the content is correct, the cloud platform provides the third electronic file M3 to the third user, and then proceeds to step S407, otherwise the following steps are not performed.

於步驟S407中,利用第三公鑰解密第三電子文件M3,再將第三用戶裝置所提供的第二電子文件M2結合第三時戳資訊,進行雜湊運算,以確定經雜湊運算後的內容是否相符。由於第二電子文件M2並未更改過,且也經過第三時戳資訊的運算,故可確認第二電子文件M2的完整性與不可否認性,接著進至步驟S409。 In step S407, the third electronic file M3 is decrypted by using the third public key, and the second electronic file M2 provided by the third user device is combined with the third time stamp information to perform a hash operation to determine the content after the hash operation. Whether it matches. Since the second electronic file M2 has not been changed and the operation of the third time stamp information is also performed, the integrity and non-repudiation of the second electronic file M2 can be confirmed, and then the process proceeds to step S409.

此外,在具有複數個第三用戶裝置的情況中,可重複上述步驟以依序確定相關內容與電子文件。 Further, in the case of having a plurality of third user devices, the above steps may be repeated to sequentially determine related content and electronic files.

於步驟S409中,利用第二公鑰解密第二電子文件M2,再將第二用戶裝置所提供的第一電子文件M1結合第二時戳資訊,進行雜湊運算,以確定經雜湊運算後的內容是否相符。由於第一電子文件M1並未更改過,且也經過第二時戳資訊的運算,故可確認第一電子文件M1的完整性與不可否認性,接著進至步驟S411。 In step S409, the second electronic file M2 is decrypted by using the second public key, and the first electronic file M1 provided by the second user device is combined with the second time stamp information to perform a hash operation to determine the content after the hash operation. Whether it matches. Since the first electronic file M1 has not been changed and the operation of the second time stamp information is also performed, the integrity and non-repudiation of the first electronic file M1 can be confirmed, and then the process proceeds to step S411.

此外,在具有複數個第二用戶裝置的情況中,可重複上述步驟以依序確定相關內容與電子文件。 Further, in the case of having a plurality of second user devices, the above steps may be repeated to sequentially determine related content and electronic files.

於步驟S411中,利用第一公鑰解密第一電子文件M1,再將第一用戶裝置所提供的原始電子文件M結合第一時戳資訊,進行雜湊運算,以確定經雜湊運算後的內容是否相符。由於原始電子文件M並未更改過,且也經過第一時戳資訊的運算,故可確認原始電子文件M的完整性與不可否認性。 In step S411, the first electronic file M1 is decrypted by using the first public key, and the original electronic file M provided by the first user device is combined with the first time stamp information to perform a hash operation to determine whether the content after the hash operation is performed. Match. Since the original electronic file M has not been changed and the operation of the first time stamp information is also performed, the integrity and non-repudiation of the original electronic file M can be confirmed.

此外,在具有複數個第一用戶裝置的情況中,可重複上述步驟以依序確定相關內容與電子文件。 Further, in the case of having a plurality of first user devices, the above steps may be repeated to sequentially determine related content and electronic files.

綜上所述,本發明的雲端電子公證服務方法及其系統係藉由雲端平台儲存並管理公證之電子文件,故用戶無需自備儲存空間,此外,本發明的公證機制係採用多方(用戶雙方及公證第三方)電子簽章及其時戳資訊與公證電子文件內容相結合的技術,以提供第三方電子公證服務,故可確保電子文件的真實性與完整性以及電子簽章的不可否認性,以解決當前電子簽章系統所存在的公正性欠缺的問題;此外,電子收據也提供一個唯一識別性與可驗證的調閱方法,也解決了當前存證系統缺乏有效率且安全的調閱問題。 In summary, the cloud electronic notarization service method and system thereof of the present invention store and manage notarized electronic files by using the cloud platform, so the user does not need to provide storage space. In addition, the notarization mechanism of the present invention adopts multiple parties (both sides of the user) And the third party of notarization) the combination of electronic signature and time stamp information with the contents of notarized electronic documents to provide third party electronic notary services, thus ensuring the authenticity and integrity of electronic documents and the non-repudiation of electronic signatures To solve the problem of the lack of impartiality in the current electronic signature system; in addition, the electronic receipt also provides a unique identification and verifiable access method, and also solves the current lack of efficient and secure access to the depository system. problem.

然而,上述實施例係用以例示性說明本發明之原理及其功效,而非用於限制本發明。任何熟習此項技藝之人士均可在不違背本發明之精神及範疇下,對上述實施例進行修改。因此本發明之權利保護範圍,應如申請專利範圍所列。 However, the above-described embodiments are intended to exemplify the principles of the invention and its effects, and are not intended to limit the invention. Any of the above-described embodiments may be modified by those skilled in the art without departing from the spirit and scope of the invention. Therefore, the scope of protection of the present invention should be as set forth in the scope of the patent application.

S201至S213‧‧‧步驟 S201 to S213‧‧‧ steps

Claims (13)

一種雲端電子公證服務方法,係應用於具有雲端平台與第一、第二、第三用戶裝置之雲端電子公證服務系統,該雲端電子公證服務方法包括下列步驟:(1)令該第一用戶裝置將原始電子文件結合第一時戳資訊,以進行簽章運算而產生第一簽章資訊,再將該原始電子文件結合該第一簽章資訊,以產生第一電子文件,俾傳送該第一電子文件至該雲端平台;(2)令該第二用戶裝置自該雲端平台接收該第一電子文件,將該第一電子文件結合第二時戳資訊,以進行簽章運算而產生第二簽章資訊,再將該第一電子文件結合該第二簽章資訊,以產生第二電子文件,俾傳送該第二電子文件至該雲端平台;(3)令該第三用戶裝置自該雲端平台接收該第二電子文件,將該第二電子文件結合第三時戳資訊,以進行簽章運算而產生第三簽章資訊,再將該第二電子文件結合該第三簽章資訊,以產生第三電子文件,俾傳送該第三電子文件至該雲端平台;(4)令該雲端平台結合運算特徵資訊及該第三電子文件而進行處理,以產生中介資料。 (5)令該雲端平台將該中介資料進行加密及雜湊運算,以產生電子收據資訊。 A cloud electronic notarization service method is applied to a cloud electronic notarization service system having a cloud platform and first, second, and third user devices, and the cloud electronic notarization service method includes the following steps: (1) making the first user device Combining the original electronic file with the first time stamp information, performing the signature operation to generate the first signature information, and then combining the original electronic document with the first signature information to generate the first electronic file, and transmitting the first The electronic file is sent to the cloud platform; (2) the second user device receives the first electronic file from the cloud platform, and combines the first electronic file with the second time stamp information to perform a signature operation to generate a second signature Chapter information, combining the first electronic file with the second signature information to generate a second electronic file, and transmitting the second electronic file to the cloud platform; (3) making the third user device from the cloud platform Receiving the second electronic file, combining the second electronic file with the third time stamp information, performing a signature operation to generate a third signature information, and combining the second electronic file with the third signature Information to generate a third electronic file, serve to transmit the electronic document to the third internet cloud; (4) enabling the binding cloud computing platform wherein the third information and the electronic document is processed to generate an intermediary information. (5) causing the cloud platform to encrypt and hash the mediation data to generate electronic receipt information. 如申請專利範圍第1項所述之雲端電子公證服務方法,復包括下列步驟: (6)令該雲端平台將該電子收據資訊寫入該中介資料;(7)令該雲端平台將該經寫入之中介資料進行簽章運算,以產生收據簽章資訊。 For example, the cloud electronic notarization service method described in claim 1 includes the following steps: (6) causing the cloud platform to write the electronic receipt information into the intermediary data; (7) causing the cloud platform to perform the signature operation on the written intermediary data to generate the receipt signature information. 如申請專利範圍第2項所述之雲端電子公證服務方法,復包括下列步驟:(8)將該經寫入之中介資料進行處理,以自該雲端平台依序調閱該第三、第二、第一、原始電子文件。 For example, the cloud electronic notarization service method described in claim 2 includes the following steps: (8) processing the written intermediary data to sequentially access the third and second from the cloud platform. First, the original electronic file. 如申請專利範圍第2項所述之雲端電子公證服務方法,其中,該收據簽章資訊係傳送至遠端伺服器以儲存該收據簽章資訊。 The cloud electronic notarization service method of claim 2, wherein the receipt signature information is transmitted to a remote server to store the receipt signature information. 如申請專利範圍第1項所述之雲端電子公證服務方法,其中,該簽章運算係為PKI技術。 For example, the cloud electronic notarization service method described in claim 1 is characterized in that the signature operation is a PKI technology. 如申請專利範圍第1項所述之雲端電子公證服務方法,其中,該中介資料的組成欄位係包括檔案區塊識別清單欄位、選擇檔案內容偏移位元組欄位、時戳值清單欄位、亂數欄位及電子收據值欄位,而該電子收據資訊係包括該檔案區塊識別清單欄位之內容的雜湊值、該時戳值清單欄位之內容的雜湊值、該選擇檔案內容偏移位元組欄位之內容及該亂數欄位之內容的組合。 The cloud electronic notarization service method as described in claim 1, wherein the composition field of the intermediary data includes a file block identification list field, a selected file content offset byte group field, and a time stamp value list. a field, a random number field, and an electronic receipt value field, and the electronic receipt information includes a hash value of the content of the file block identification list field, a hash value of the content of the time stamp value list field, and the selection The combination of the content of the file content offset byte field and the content of the random number field. 如申請專利範圍第1項所述之雲端電子公證服務方法,其中,該第一用戶裝置為複數個第一用戶裝置,且重複步驟(1)以依序產生各電子文件,及最終之該第一電子文件。 The cloud electronic notarization service method according to claim 1, wherein the first user device is a plurality of first user devices, and step (1) is repeated to sequentially generate each electronic file, and finally the first An electronic file. 如申請專利範圍第1項所述之雲端電子公證服務方法,其中,該第二用戶裝置為複數個第二用戶裝置,且重複步驟(2)以依序產生各電子文件,及最終之該第二電子文件。 The cloud electronic notarization service method according to claim 1, wherein the second user device is a plurality of second user devices, and step (2) is repeated to sequentially generate each electronic file, and finally the first Two electronic files. 如申請專利範圍第1項所述之雲端電子公證服務方法,其中, 該第三用戶裝置為複數個第三用戶裝置,且重複步驟(3)以依序產生各電子文件,及最終之該第三電子文件。 For example, the cloud electronic notarization service method described in claim 1 of the patent scope, wherein The third user device is a plurality of third user devices, and step (3) is repeated to sequentially generate each electronic file, and finally the third electronic file. 一種雲端電子公證服務系統,係包括:複數個用戶裝置;雲端平台,係包括:儲存模組,係用於儲存由該複數個用戶裝置所傳送之複數個電子文件、複數個簽章資訊、複數個時戳資訊;處理模組,係用於將該複數個電子文件中之一電子文件結合運算特徵資訊而進行處理,以產生中介資料,再對該中介資料進行加密及雜湊運算,俾產生電子收據資訊。 A cloud electronic notarization service system includes: a plurality of user devices; and a cloud platform, comprising: a storage module, configured to store a plurality of electronic files, a plurality of signature information, and plural numbers transmitted by the plurality of user devices; The time stamp information; the processing module is configured to process one of the plurality of electronic files by combining the feature information to generate the intermediary data, and then encrypt and hash the media data to generate the electronic Receipt information. 如申請專利範圍第10項所述之雲端電子公證服務系統,其中,該處理模組係將該電子收據資訊寫入該中介資料,以將該經寫入之中介資料進行簽章運算,俾產生收據簽章資訊。 The cloud electronic notarization service system according to claim 10, wherein the processing module writes the electronic receipt information into the intermediary data, and performs the signature operation on the written intermediary data, and generates Receipt signature information. 如申請專利範圍第11項所述之雲端電子公證服務系統,其中,該雲端平台復包括調閱模組,係用於將該經寫入之中介資料進行處理,以自該儲存模組調閱該複數個電子文件,或使用該電子收據資訊,經驗證該電子收據資訊無誤後,以調閱該複數個電子文件。 The cloud electronic notarization service system of claim 11, wherein the cloud platform comprises a review module for processing the written intermediate data for reading from the storage module. The plurality of electronic files, or the electronic receipt information, are used to read the plurality of electronic files after verifying that the electronic receipt information is correct. 如申請專利範圍第10項所述之雲端電子公證服務系統,其中,該雲端平台係使用HDFS實作。 For example, the cloud electronic notarization service system described in claim 10, wherein the cloud platform is implemented using HDFS.
TW103100151A 2014-01-03 2014-01-03 Colud electronic notary service method and system thereof TWI509459B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW103100151A TWI509459B (en) 2014-01-03 2014-01-03 Colud electronic notary service method and system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW103100151A TWI509459B (en) 2014-01-03 2014-01-03 Colud electronic notary service method and system thereof

Publications (2)

Publication Number Publication Date
TW201528038A true TW201528038A (en) 2015-07-16
TWI509459B TWI509459B (en) 2015-11-21

Family

ID=54198285

Family Applications (1)

Application Number Title Priority Date Filing Date
TW103100151A TWI509459B (en) 2014-01-03 2014-01-03 Colud electronic notary service method and system thereof

Country Status (1)

Country Link
TW (1) TWI509459B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI553504B (en) * 2015-09-24 2016-10-11 鴻海精密工業股份有限公司 A cloud encryption system and method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI234976B (en) * 2002-12-25 2005-06-21 Universal Exchange Inc Remote electronic seal system and method thereof
CN101593324B (en) * 2009-06-17 2012-05-23 浙江师范大学 Method and system for network multi-level approval based on dependable computing application technique
CN102075928A (en) * 2011-01-13 2011-05-25 中兴通讯股份有限公司 Intelligent terminal, receiving end and method for countersigning by using intelligent terminal
CN103457733B (en) * 2013-08-15 2016-12-07 中电长城网际系统应用有限公司 A kind of cloud computing environment data sharing method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI553504B (en) * 2015-09-24 2016-10-11 鴻海精密工業股份有限公司 A cloud encryption system and method

Also Published As

Publication number Publication date
TWI509459B (en) 2015-11-21

Similar Documents

Publication Publication Date Title
US20200374126A1 (en) Method for storing an object on a plurality of storage nodes
CN111355705B (en) Data auditing and safety duplicate removal cloud storage system and method based on block chain
JP6306077B2 (en) Community-based deduplication of encrypted data
US9602280B2 (en) System and method for content encryption in a key/value store
EP3889869B1 (en) Managing blockchain-based centralized ledger systems
Thompson The preservation of digital signatures on the blockchain
CN112532650A (en) Block chain-based multi-backup safe deletion method and system
JP2019079280A (en) File verification device, file transfer system and program
Periasamy et al. Efficient hash function–based duplication detection algorithm for data Deduplication deduction and reduction
Yoosuf Lightweight fog‐centric auditing scheme to verify integrity of IoT healthcare data in the cloud environment
Ghoshal et al. Exploiting block-chain data structure for auditorless auditing on cloud data
Mishra et al. Enabling efficient deduplication and secure decentralized public auditing for cloud storage: A redactable blockchain approach
KR102501004B1 (en) Method and apparatus for managing data based on blockchain
CN110493011B (en) Block chain-based certificate issuing management method and device
TWI509459B (en) Colud electronic notary service method and system thereof
CN113342802A (en) Method and device for storing block chain data
US20230168825A1 (en) Trusted systems for decentralized data storage
Martin et al. Data Preservation System using BoCA: Blockchain-of-Custody Application
TWI569166B (en) Data verification method
Abraham et al. Proving possession and retrievability within a cloud environment: A comparative survey
KR101790757B1 (en) Cloud system for storing secure data and method thereof
Motegaonkar et al. To develop secure deduplication of data using hybrid cloud methodology
Devi et al. Efficient Privacy-Preserving Cloud Data Auditing Protocol
Sasikala et al. Techniques To Ensure Data Integrity In Cloud Survey
CN117371055A (en) Electronic contract multi-region signing method, device, computer equipment and storage medium