TWI778448B - Verification data processing system and verification data processing method - Google Patents

Verification data processing system and verification data processing method Download PDF

Info

Publication number
TWI778448B
TWI778448B TW109139623A TW109139623A TWI778448B TW I778448 B TWI778448 B TW I778448B TW 109139623 A TW109139623 A TW 109139623A TW 109139623 A TW109139623 A TW 109139623A TW I778448 B TWI778448 B TW I778448B
Authority
TW
Taiwan
Prior art keywords
data processing
electronic
processing system
certificate
electronic signatures
Prior art date
Application number
TW109139623A
Other languages
Chinese (zh)
Other versions
TW202219799A (en
Inventor
蔡貞觀
吳李祺
Original Assignee
財團法人資訊工業策進會
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 財團法人資訊工業策進會 filed Critical 財團法人資訊工業策進會
Priority to TW109139623A priority Critical patent/TWI778448B/en
Priority to CN202110076164.2A priority patent/CN114499914A/en
Publication of TW202219799A publication Critical patent/TW202219799A/en
Application granted granted Critical
Publication of TWI778448B publication Critical patent/TWI778448B/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)
  • Hardware Redundancy (AREA)
  • Debugging And Monitoring (AREA)

Abstract

A verification data processing system and method are disclosed. In the verification data processing method, a plurality of electronic signatures are received within a time interval, wherein each of the electronic signatures is generated by encrypting a piece of original data according to a private key of an electronic certificate. In the verification data processing method, after the time interval, a Merkle tree is generated based on the plurality of electronic signatures, and a token for each of the electronic signatures is generated. Each of the tokens records a Merkle root of the Merkle tree, a corresponding electronic signature, an electronic certificate corresponding to the electronic signature, a Merkle proof corresponding to the electronic signature, and a timestamp set.

Description

證明資料處理系統與證明資料處理方法Proof data processing system and proof data processing method

本發明的實施例是關於一種資料處理系統與資料處理方法。更具體而言,本發明的實施例是關於一種證明資料處理系統與證明資料處理方法。 Embodiments of the present invention relate to a data processing system and a data processing method. More specifically, embodiments of the present invention relate to a certification data processing system and a certification data processing method.

習知的電子證據保全或是電子存證服務是一種為電子原始資料提供保全或是協助將原始資料加上時戳以進行存證的服務。原始資料可以是一般使用者要進行存證的資料,例如研發記錄、程式開發過程中的歷年版本、原始稿件等,電子式的原始資料可以是將紙本或物體的原始資料轉換電子檔案,例如照片、圖片、文件檔案等。證明資料則是用來證明前述原始資料所產生或是進行保全的時間、擁有者等,以在訴訟中可明確的證明前述原始資料的時間、擁有者。故一使用者(例如:個體戶或企業)若可將特定的證明資料儲存在一證明資料處理系統中,將對日後在訴訟中證明相應原始資料的產生/保全時間及擁有者,是非常重要的事。現有的技術主要是針對每一筆原始資料即時地進行證據保全作業,例如將原始資料上傳到區塊鏈並取得區塊鏈的時戳,由於原始資料的資料量較大,且每一次上傳到區塊鏈的作業都需要成本,導致這樣的作業方式不但成本高,且效率低。 The conventional electronic evidence preservation or electronic deposit service is a service that provides preservation for electronic original data or assists in adding time stamps to the original data for deposit. The original data can be the data that ordinary users need to keep evidence, such as research and development records, the previous version in the process of program development, the original manuscript, etc. The electronic original data can be the original data of paper or objects converted into electronic files, such as Photos, pictures, document files, etc. Proof materials are used to prove the time and owner of the aforementioned original materials when they were produced or preserved, so that the time and owner of the aforementioned original materials can be clearly proved in litigation. Therefore, if a user (such as a self-employed or an enterprise) can store specific certification data in a certification data processing system, it will be very important to prove the time and owner of the corresponding original data in litigation in the future. thing. The existing technology mainly performs evidence preservation operations for each original data in real time, such as uploading the original data to the blockchain and obtaining the timestamp of the blockchain. The operation of the blockchain requires costs, resulting in such a method of operation not only expensive but also inefficient.

另外,現有的技術只針對每一筆原始資料紀錄單一時間戳,而在單一原始資料僅對應至單一時間戳的情況下,該原始資料的可信度可能不足。舉 例而言,在跨國訴訟中,一旦他國的法院不承認某一筆原始資料所對應的唯一時間戳,則該些國家將也不會認為該筆原始資料是可信的。 In addition, the prior art only records a single time stamp for each piece of raw data, and in the case that a single raw data corresponds to only a single time stamp, the reliability of the raw data may be insufficient. lift For example, in cross-border litigation, once the courts of other countries do not recognize the unique timestamp corresponding to a piece of original data, those countries will not consider the original data to be credible.

綜上所述,如何在證明資料處理技術領域中降低保全證據的成本並增加原始資料的可信度,將是本發明所屬技術領域亟待解決的問題。 To sum up, how to reduce the cost of preserving evidence and increase the credibility of the original data in the technical field of certification data processing will be an urgent problem to be solved in the technical field of the present invention.

為了解決至少上述的問題,本發明的實施例提供了一種證明資料處理系統,證明資料處理系統可包含互相電性連接的一通訊介面與一處理器。該通訊介面可用以在一時間區間內接收複數電子簽章,其中各該電子簽章係分別根據一電子憑證之一私鑰對一原始資料進行處理及加密所生成。該處理器可用以:在該時間區間之後,根據該複數電子簽章產生一梅克爾樹(Merkle tree);以及針對各該電子簽章產生一令牌(Token)。其中,各該令牌記錄著該梅克爾樹的一梅克爾根(Merkle root)、各該電子簽章、各該電子簽章所對應的電子憑證、對應各該電子簽章的一梅克爾證明(Merkle proof)、以及一時戳集合,且該時戳集合包含一個以上的時戳。 In order to solve at least the above-mentioned problems, embodiments of the present invention provide a certification data processing system. The certification data processing system may include a communication interface and a processor that are electrically connected to each other. The communication interface can be used to receive a plurality of electronic signatures within a time interval, wherein each of the electronic signatures is generated by processing and encrypting an original data according to a private key of an electronic certificate. The processor may be configured to: after the time interval, generate a Merkle tree (Merkle tree) according to the plurality of electronic signatures; and generate a token (Token) for each of the electronic signatures. Wherein, each of the tokens records a Merkle root of the Merkle tree, each of the electronic signatures, each of the electronic certificates corresponding to the electronic signatures, and a Merkle certificate corresponding to each of the electronic signatures (Merkle proof), and a timestamp set, and the timestamp set includes more than one timestamp.

為了解決至少上述的問題,本發明的實施例還提供了一種證明資料處理方法,該證明資料處理方法可包含以下步驟:由一證明資料處理系統,在一時間區間內接收複數電子簽章,其中各該電子簽章係分別根據一電子憑證之一私鑰對一原始資料進行處理及加密所生成;由該證明資料處理系統,在該時間區間之後,根據該複數電子簽章產生一梅克爾樹;以及由該證明資料處理系統,針對各該電子簽章產生一令牌,其中,各該令牌記錄著該梅克爾樹的一梅克爾根、各該電子簽章、各該電子簽章所對應的電子憑證、對應各該電子簽章的一梅克爾證明、以及一時戳集合,且該時戳集合包含一個以上的時戳。 In order to solve at least the above problems, an embodiment of the present invention also provides a method for processing certification data, the method for processing certification data may include the following steps: a certification data processing system receives a plurality of electronic signatures within a time interval, wherein Each of the electronic signatures is generated by processing and encrypting an original data according to a private key of an electronic certificate; after the time interval, the certification data processing system generates a Merkle tree according to the plurality of electronic signatures ; and generating a token for each of the electronic signatures by the certification data processing system, wherein each of the tokens records a Merkle root of the Merkle tree, each of the electronic signatures, each of the electronic signatures The corresponding electronic certificate, a Merkle certificate corresponding to each of the electronic signatures, and a time stamp set, and the time stamp set includes more than one time stamp.

本發明的實施例還提供了另一種證明資料處理系統,該證明資料處理系統可包含互相電性連接的一通訊介面與一處理器。該通訊介面可用以在一時間區間內接收複數雜湊資料,其中各該雜湊資料係分別對應一原始資料。該處理器可用以:在該時間區間之後,根據該複數雜湊資料產生一梅克爾樹;以及針對各該雜湊資料產生一令牌。其中,各該令牌記錄著該梅克爾樹的一梅克爾根、各該雜湊資料、對應各該雜湊資料的一梅克爾證明、以及一時戳集合,且該時戳集合包含一個以上的時戳。 Embodiments of the present invention also provide another certification data processing system, the certification data processing system may include a communication interface and a processor that are electrically connected to each other. The communication interface can be used for receiving complex hash data in a time interval, wherein each hash data corresponds to an original data. The processor is configured to: after the time interval, generate a Merkle tree according to the complex hash data; and generate a token for each of the hash data. Wherein, each of the tokens records a Merkle root of the Merkle tree, each of the hash data, a Merkle proof corresponding to each of the hash data, and a time stamp set, and the time stamp set includes more than one time stamp .

本發明的實施例還提供了另一種證明資料處理方法,該證明資料處理方法可包含以下步驟:由一證明資料處理系統,在一時間區間內接收複數雜湊資料,其中各該雜湊資料係分別對應一原始資料;由該證明資料處理系統,在該時間區間之後,根據該複數雜湊資料產生一梅克爾樹;以及由該證明資料處理系統,針對各該電子簽章產生一令牌,其中,各該令牌記錄著該梅克爾樹的一梅克爾根、各該雜湊資料、對應各該雜湊資料的一梅克爾證明、以及一時戳集合,且該時戳集合包含一個以上的時戳。 The embodiment of the present invention also provides another method for processing certification data, the method for processing certification data may include the following steps: a certification data processing system receives complex hash data within a time interval, wherein each of the hash data corresponds to an original data; after the time interval, by the attestation data processing system, a Merkle tree is generated from the complex hash data; and by the attestation data processing system, a token is generated for each of the electronic signatures, wherein each The token records a Merkle root of the Merkle tree, each of the hash data, a Merkle proof corresponding to each of the hash data, and a set of timestamps, and the set of timestamps includes more than one timestamp.

有別於現有的證明資料處理系統是針對每一筆原始資料進行一次證據保全作業,本發明的實施例是將一段時間區間內的複數原始資料進行批次的證明資料處理,以做為證明資料。詳言之,如上所述,本發明的實施例會先針對源自於複數原始資料的複數電子簽章或是雜湊資料建立成一梅克爾樹,然後基於該梅克爾樹進行批次證據保全作業,以產生複數令牌(該複數令牌能夠分別用來證明複數原始資料的證據能力或可信力)。因此,本發明的實施例能夠大幅降低傳統的單次證據保全作業的成本,並大幅提升單次證據保全作業的效率。 Different from the existing proof data processing system which performs one proof preservation operation for each original data, the embodiment of the present invention processes the proof data in batches of plural raw data in a period of time as proof data. In detail, as described above, the embodiments of the present invention first establish a Merkle tree for plural electronic signatures or hash data derived from plural original data, and then perform batch evidence preservation operations based on the Merkle tree, so as to A complex token is generated (which can be used to prove the evidentiary power or credibility of the complex source material, respectively). Therefore, the embodiment of the present invention can greatly reduce the cost of the traditional single-time evidence preservation operation, and greatly improve the efficiency of the single-time evidence preservation operation.

另一方面,有別於現有的證明資料處理服務只針對每一筆原始資料紀錄單一時間戳,本發明的實施例在針對同一個原始資料所產生的對應令牌中會紀錄一時戳集合,可包含一個以上的時戳,且可以是不同類型的時戳,進一步還可依時間變化來更新或增加時戳的種類與數量,以一併提升原始資料的可信度。 On the other hand, unlike the existing certification data processing service that only records a single timestamp for each original data, the embodiment of the present invention records a set of timestamps in the corresponding token generated for the same original data, which may include There are more than one time stamp, which can be different types of time stamps. Further, the types and numbers of time stamps can be updated or increased according to time changes, so as to improve the credibility of the original data.

以上內容並非為了限制本發明,而只是概括地敘述了本發明可解決的技術問題、可採用的技術手段以及可達到的技術功效,以讓本發明所屬技術領域中具有通常知識者初步地瞭解本發明。根據檢附的圖式及以下的實施方式所記載的內容,本發明所屬技術領域中具有通常知識者便可進一步瞭解本發明的各種實施例的細節。 The above contents are not intended to limit the present invention, but merely describe the technical problems that can be solved by the present invention, the technical means that can be adopted and the technical effects that can be achieved, so that those with ordinary knowledge in the technical field to which the present invention belongs can have a preliminary understanding of the present invention. invention. Those with ordinary knowledge in the technical field to which the present invention pertains can further understand the details of various embodiments of the present invention according to the attached drawings and the contents described in the following embodiments.

如下所示: As follows:

1:證明資料處理系統 1: Proof of data processing system

11:處理器 11: Processor

13:儲存器 13: Storage

15:通訊介面 15: Communication interface

S1:電子簽章 S1: Electronic Signature

D1:原始資料 D1: original data

L1:索引標籤 L1: index label

T1:令牌 T1: Token

S11、S12、S13、S14:電子簽章 S11, S12, S13, S14: Electronic signature

T11、T12、T13、T14:令牌 T11, T12, T13, T14: Tokens

MT1:梅克爾樹 MT1: Merkle Tree

MR1:梅克爾根 MR1: Merkel root

4:證明資料處理方法 4: Proof of data processing method

41~43:步驟 41~43: Steps

5:證明資料處理方法 5: Proof of data processing method

51~53:步驟 51~53: Steps

檢附的圖式可輔助說明本發明的各種實施例,其中:〔第1圖〕例示了根據本發明的某些實施例的證明資料處理系統的結構;〔第2圖〕例示了根據本發明的某些實施例中電子簽章與令牌的對應關係;〔第3圖〕例示了根據本發明的某些實施例第2圖所示的梅克爾樹;〔第4圖〕例示了根據本發明的某些實施例的證明資料處理方法的流程;以及〔第5圖〕例示了根據本發明的某些實施例的證明資料處理方法的流程。 The accompanying drawings may assist in explaining various embodiments of the present invention, in which: [FIG. 1] illustrates the structure of a certification data processing system according to certain embodiments of the present invention; [FIG. 2] illustrates an example in accordance with the present invention [Figure 3] illustrates the Merkle tree shown in Figure 2 according to some embodiments of the present invention; [Figure 4] illustrates the and [FIG. 5] illustrates the flow of a certification data processing method according to some embodiments of the present invention.

以下將透過多個實施例來說明本發明,惟這些實施例並非用以限制本發明只能根據所述操作、環境、應用、結構、流程或步驟來實施。為了易於說明,與本發明的實施例無直接關聯的內容或是不需特別說明也能理解的內容,將於本文以及圖式中省略。於圖式中,各元件(Element)的尺寸以及各元件之 間的比例僅是範例,而非用以限制本發明。除了特別說明之外,在以下內容中,相同(或相近)的元件符號可對應至相同(或相近)的元件。在可被實現的情況下,如未特別說明,以下所述的每一個元件的數量可以是一個或多個。 The present invention will be described below through various embodiments, but these embodiments are not intended to limit the present invention to only be implemented according to the described operations, environments, applications, structures, processes or steps. For ease of description, content not directly related to the embodiments of the present invention or content that can be understood without special description will be omitted from the text and the drawings. In the drawings, the size of each element and the The ratio between them is only an example, and is not intended to limit the present invention. Unless otherwise specified, in the following content, the same (or similar) element symbols may correspond to the same (or similar) elements. Where possible, the number of each of the elements described below may be one or more, unless otherwise specified.

本揭露使用之用語僅用於描述實施例,並不意圖限制本發明。除非上下文另有明確說明,否則單數形式「一」也旨在包括複數形式。「包括」、「包含」等用語指示所述特徵、整數、步驟、操作、元素及/或元件的存在,但並不排除一或多個其他特徵、整數、步驟、操作、元素、元件及/或前述之組合之存在。用語「及/或」包含一或多個相關所列項目的任何及所有的組合。 The terms used in the present disclosure are only used to describe the embodiments, and are not intended to limit the present invention. The singular form "a" is intended to include the plural form as well, unless the context clearly dictates otherwise. The terms "comprising", "comprising" and the like indicate the presence of the stated features, integers, steps, operations, elements and/or elements, but do not exclude one or more other features, integers, steps, operations, elements, elements and/or elements or a combination of the foregoing. The term "and/or" includes any and all combinations of one or more of the associated listed items.

第1圖例示了根據本發明的某些實施例的證明資料處理系統的結構,惟其所示內容僅是為了舉例說明本發明的實施例,而非為了限制本發明的保護範圍。參照第1圖,證明資料處理系統1可至少包含互相電性連接的處理器11以及通訊介面15。 FIG. 1 illustrates the structure of a certification data processing system according to some embodiments of the present invention, but the content shown is only for illustrating the embodiment of the present invention, and not for limiting the protection scope of the present invention. Referring to FIG. 1 , it is proved that the data processing system 1 can at least include a processor 11 and a communication interface 15 that are electrically connected to each other.

處理器11可以是具備訊號處理功能的微處理器(Microprocessor)或微控制器(Microcontroller)等。微處理器或微控制器是一種可程式化的特殊積體電路,其具有運算、儲存、輸出/輸入等能力,且可接受並處理各種編碼指令,藉以進行各種邏輯運算與算術運算,並輸出相應的運算結果。處理器11可被編程以解釋各種指令與執行各項任務或程式,藉以實現以下所述的各種對應功能。 The processor 11 may be a Microprocessor or a Microcontroller with a signal processing function. Microprocessor or microcontroller is a programmable special integrated circuit, which has the capabilities of operation, storage, output/input, etc., and can accept and process various coded instructions, so as to perform various logical operations and arithmetic operations, and output corresponding operation result. The processor 11 can be programmed to interpret various instructions and execute various tasks or routines to achieve various corresponding functions described below.

通訊介面15可包含一般計算機裝置/電腦內所具備的各種用以進行有線/無線通訊的輸入/輸出元件,其可接收來自外部的資料以及輸出資料至外部,藉以實現以下所述的各種對應功能。通訊介面15可包含例如但不限於:乙太網路(Ethernet)介面、互聯網(Internet)介面、電信(Telecommunication) 介面、通用序列匯流排(Universal Serial Bus,USB)介面等。 The communication interface 15 may include various input/output elements for wired/wireless communication in general computer devices/computers, which can receive data from the outside and output data to the outside, so as to realize various corresponding functions described below . The communication interface 15 may include, for example, but not limited to, an Ethernet interface, an Internet interface, and a telecommunication interface. interface, Universal Serial Bus (USB) interface, etc.

在某些實施例中,證明資料處理系統1還可包含電性連接至處理器11的儲存器13。儲存器13可包含一般計算裝置/電腦內所具備的各種儲存單元,藉以實現以下所述的各種對應功能。舉例而言,儲存器13可包含第一級儲存裝置(又稱主記憶體或內部記憶體),通常簡稱為記憶體,其與處理器11直接連接。處理器11可讀取儲存在記憶體內的指令集,並在需要時執行這些指令集。儲存器13還可包含第二級儲存裝置(又稱外部記憶體或輔助記憶體),其透過記憶體的I/O通道來與處理器11連接,並使用資料緩衝器來將資料傳輸至第一級儲存裝置。第二級記憶裝置可例如是各種類型的硬碟、光碟等。儲存器13亦可包含第三級儲存裝置,例如可直接插入或自電腦拔除的隨身碟、或是雲端硬碟。 In some embodiments, the certification data processing system 1 may also include a memory 13 electrically connected to the processor 11 . The storage 13 may include various storage units in general computing devices/computers, so as to realize various corresponding functions described below. For example, the storage 13 may include a first-level storage device (also known as main memory or internal memory), commonly referred to simply as memory, which is directly connected to the processor 11 . The processor 11 can read the instruction sets stored in the memory and execute the instruction sets when needed. The storage 13 may also include a secondary storage device (also known as external memory or auxiliary memory), which is connected to the processor 11 through the I/O channel of the memory and uses a data buffer to transfer data to the second storage device. Primary storage device. The secondary memory device may be, for example, various types of hard disks, optical disks, and the like. The storage 13 may also include a tertiary storage device, such as a flash drive that can be directly inserted into or removed from the computer, or a cloud hard drive.

根據本發明的某些實施例,通訊介面15可用以從一或多個外部裝置接收電子簽章S1。根據本發明的某些實施例,除了電子簽章S1之外,通訊介面15還可用以從一或多個外部裝置接收原始資料D1及/或索引標籤L1。根據本發明的某些實施例,儲存器13可用以儲存原始資料D1及/或索引標籤L1。根據本發明的某些實施例,通訊介面15可用以將儲存器13儲存的各種資料(例如但不限於:原始資料D1、索引標籤L1)傳送至一或多個外部裝置。 According to some embodiments of the present invention, the communication interface 15 may be used to receive the electronic signature S1 from one or more external devices. According to some embodiments of the present invention, in addition to the electronic signature S1, the communication interface 15 can also be used to receive the original data D1 and/or the index label L1 from one or more external devices. According to some embodiments of the present invention, the storage 13 may be used to store the original data D1 and/or the index label L1 . According to some embodiments of the present invention, the communication interface 15 can be used to transmit various data stored in the storage 13 (eg, but not limited to: the original data D1, the index label L1) to one or more external devices.

接著將同時根據第1圖至第3圖來說明證明資料處理系統1的運作的示範。第2圖例示了根據本發明的某些實施例中電子簽章與令牌的對應關係,而第3圖例示了根據本發明的某些實施例第2圖所示的梅克爾樹。第2圖與第3圖所示內容僅是為了舉例說明本發明的實施例,而非為了限制本發明的保護範圍。 Next, a demonstration for certifying the operation of the data processing system 1 will be described with reference to FIGS. 1 to 3 at the same time. Figure 2 illustrates the correspondence between electronic signatures and tokens according to some embodiments of the present invention, and Figure 3 illustrates the Merkle tree shown in Figure 2 according to some embodiments of the present invention. The contents shown in FIG. 2 and FIG. 3 are only for illustrating the embodiments of the present invention, but not for limiting the protection scope of the present invention.

通訊介面15可在一時間區間內接收複數電子簽章S1。根據不同的需求,上述時間區間可以為各種長度的時間區間,例如但不限於:半小時、一小 時、五小時、二十四小時、四十八小時。在該時間區間之後,處理器11可根據該複數電子簽章S1產生一梅克爾樹MT1,接著,處理器11可針對各該電子簽章S1產生一令牌T1。各該令牌T1至少記錄著該梅克爾樹MT1的一梅克爾根、各該電子簽章S1、各該電子簽章所對應的電子憑證、對應各該電子簽章的一梅克爾證明、以及一時戳集合,且該時戳集合包含一個以上的時戳。根據本發明的某些實施例,電子簽章S1與令牌T1可以儲存在儲存器13中。 The communication interface 15 can receive a plurality of electronic signatures S1 within a time interval. According to different needs, the above time interval can be a time interval of various lengths, such as but not limited to: half an hour, one hour hours, five hours, twenty-four hours, forty-eight hours. After the time interval, the processor 11 may generate a Merkle tree MT1 according to the plurality of electronic signatures S1, and then the processor 11 may generate a token T1 for each of the electronic signatures S1. Each of the tokens T1 records at least a Merkle root of the Merkle tree MT1, each of the electronic signatures S1, each of the electronic certificates corresponding to the electronic signatures, a Merkle certificate corresponding to each of the electronic signatures, and A timestamp set, and the timestamp set includes more than one timestamp. According to some embodiments of the present invention, the electronic signature S1 and the token T1 may be stored in the storage 13 .

以第2圖所示的內容為例,通訊介面15可在一時間區間內接收四電子簽章S11、S12、S13、S14,接著,處理器11可根據該四電子簽章S11、S12、S13、S14產生一梅克爾樹MT1,並針對該四電子簽章S11、S12、S13、S14分別產生對應的四個令牌T11、T12、T13、T14。 Taking the content shown in FIG. 2 as an example, the communication interface 15 can receive four electronic signatures S11, S12, S13, S14 within a time interval, and then, the processor 11 can receive the four electronic signatures S11, S12, S13 according to the four electronic signatures S11, S12, S13 , S14 generate a Merkle tree MT1, and generate corresponding four tokens T11, T12, T13, T14 for the four electronic signatures S11, S12, S13, S14 respectively.

各該電子簽章S1係分別根據一電子憑證之一私鑰分別對各自的一原始資料D1進行處理及加密所生成。在某些實施例中,原始資料D1可以是一使用者(例如:一個體戶或一企業)欲保存的電子式的原始檔案,例如文件、照片、研發記錄、產品開發過程等。在某些實施例中,通訊介面15可接收使用者提供的原始資料D1,且儲存器13可儲存原始資料D1,以額外提供使用者原始資料D1的保存服務。在某些實施例中,若不需要證明資料處理系統1額外保存原始資料D1,使用者可以自行經由其他儲存裝置來保存原始資料D1,僅提供電子簽章S1至證明資料處理系統1進行證明資料的保全作業。 Each of the electronic signatures S1 is generated by processing and encrypting a respective original data D1 according to a private key of an electronic certificate. In some embodiments, the original data D1 may be an electronic original file to be saved by a user (eg, a self-employed person or an enterprise), such as documents, photos, R&D records, product development processes, and the like. In some embodiments, the communication interface 15 can receive the original data D1 provided by the user, and the storage 13 can store the original data D1, so as to additionally provide a storage service of the user's original data D1. In some embodiments, if the original data D1 is not required to be additionally stored by the certification data processing system 1, the user can save the original data D1 through other storage devices, and only provide the electronic signature S1 to the certification data processing system 1 for certification data security work.

根據本發明的某些實施例,各該電子簽章S1是使用者在本地端先將相應的原始資料D1進行一雜湊處理得到一雜湊資料、再使用所對應之電子憑證之私鑰對該雜湊資料進行處理及加密所生成。再另一些實施例中,各該電子簽章S1還可以對該雜湊資料進行其他資料處理,例如格式化。舉例而言,若使用者 想保存的原始資料D1是一文書檔案,其可在本地端將該文書檔案進行一雜湊處理以得到一雜湊值,再使用對應之電子憑證之私鑰將該雜湊值進行處理及加密,以產生對應的電子簽章S1。 According to some embodiments of the present invention, each of the electronic signatures S1 is that the user first performs a hashing process on the corresponding original data D1 at the local end to obtain a hashed data, and then uses the private key of the corresponding electronic certificate to hash the hashed data. Data is processed and encrypted. In still other embodiments, each of the electronic signatures S1 may also perform other data processing, such as formatting, on the hash data. For example, if the user The original data D1 to be saved is a document file, which can perform a hashing process on the document file on the local end to obtain a hash value, and then use the private key of the corresponding electronic certificate to process and encrypt the hash value to generate The corresponding electronic signature S1.

根據本發明的某些實施例,使用者的電子憑證可以是一x.509憑證(即,SSL憑證)。利用該電子憑證之私鑰針對原始資料D1產生電子簽章S1,並透過將電子憑證保存在令牌中,除了能夠證明原始資料D1的存在,亦可透過使用電子憑證之公鑰解密該電子簽章S1,來證明原始資料D1的所有權屬於該使用者。 According to some embodiments of the present invention, the user's electronic certificate may be an x.509 certificate (ie, an SSL certificate). Using the private key of the electronic certificate to generate an electronic signature S1 for the original data D1, and by storing the electronic certificate in the token, in addition to proving the existence of the original data D1, the electronic signature can also be decrypted by using the public key of the electronic certificate Chapter S1, to prove that the ownership of the original data D1 belongs to the user.

複數電子簽章S1可以是來自相同使用者(例如:相同個體戶或相同企業),也可以是來自不同使用者(例如:不同個體戶或不同企業)。若某電子簽章S1來自一企業,則該電子簽章S1是透過該企業的一企業憑證所對應的一私鑰處理及加密而生成的。 The plurality of electronic signatures S1 may come from the same user (eg, the same individual household or the same enterprise), or may be from different users (eg, different individual households or different enterprises). If an electronic signature S1 comes from an enterprise, the electronic signature S1 is generated by processing and encrypting a private key corresponding to an enterprise certificate of the enterprise.

根據本發明的某些實施例,通訊介面15可將處理器11所產生的複數令牌T1中的一或多個傳送至一或多個外部裝置。舉例而言,因應於某企業提供的電子簽章S1,通訊介面15可將對應的令牌T1傳送至該企業。 According to some embodiments of the present invention, the communication interface 15 may transmit one or more of the plurality of tokens T1 generated by the processor 11 to one or more external devices. For example, in response to the electronic signature S1 provided by an enterprise, the communication interface 15 can transmit the corresponding token T1 to the enterprise.

在通訊界面15接收第2圖所示的該四電子簽章S11、S12、S13、S14後,處理器11根據該四電子簽章S11、S12、S13、S14所產生的梅克爾樹MT1可如第3圖所示。詳言之,梅克爾樹MT1的最底層包含處理器11將接收的四電子簽章S11、S12、S13、S14分別對各自的原始資料進行雜湊處理以得到的四個雜湊值,即,Hash(S11)、Hash(S12)、Hash(S13)、Hash(S14)。除了最底層,梅克爾樹MT1中的每一層為其下一層的所有雜湊值相加後再進行一次雜湊處理所得到的雜湊值。梅克爾樹MT1的最高層,也就是梅克爾樹MT1的梅克爾根MR1。 After the communication interface 15 receives the four electronic signatures S11 , S12 , S13 and S14 shown in FIG. 2 , the Merkle tree MT1 generated by the processor 11 according to the four electronic signatures S11 , S12 , S13 and S14 can be as follows shown in Figure 3. In detail, the bottom layer of the Merkle tree MT1 includes four hash values obtained by the processor 11 hashing the received four electronic signatures S11, S12, S13, and S14 respectively on the respective original data, that is, Hash( S11), Hash (S12), Hash (S13), Hash (S14). Except for the bottom layer, each layer in the Merkle tree MT1 is the hash value obtained by adding all the hash values of the next layer and then performing a hash process. The highest level of the Merkle tree MT1 is the Merkle root MR1 of the Merkle tree MT1.

每個梅克爾根MR1可以傳送到系統外部的時戳服務系統請求提供時戳服務,並得到一個以上的時戳。時戳服務系統可以是中心化的時戳服務系統(例如:中華電信時戳服務、WIPO PROOF)、或去中心化的時戳服務系統(例如:區塊鏈)。因此,梅克爾根MR1會對應一個以上的複數個時戳,存放在令牌T1的一時戳集合中,亦即,在同一個梅克爾根MR1底下的所有電子簽章S1皆對應該複數個時戳。另外,各個電子簽章S1皆對應一個梅克爾證明,而各電子簽章S1的梅克爾證明可證明該電子簽章S1屬於該梅克爾根MR1中。舉例而言,電子簽章S11的梅克爾證明為「Hash(S12)」以及「Hash(Hash(S13)+Hash(S14))」,因為根據「Hash(S11)」和「Hash(S12)」將可以計算出「Hash(Hash(S11)+Hash(S12))」,而根據「Hash(Hash(S11)+Hash(S12))」以及「Hash(Hash(S13)+Hash(S14))」將可以計算出等於梅克爾根MR1的「Hash(Hash(Hash(S11)+Hash(S12))+Hash(Hash(S13)+Hash(S14)))」,而這樣的路經將可以證明該電子簽章S11確實在梅克爾根MR1底下。 Each Merkel root MR1 can transmit to the time stamp service system outside the system to request the time stamp service, and get more than one time stamp. The timestamp service system can be a centralized timestamp service system (eg Chunghwa Telecom timestamp service, WIPO PROOF), or a decentralized timestamp service system (eg blockchain). Therefore, the Merkle root MR1 corresponds to more than one time stamp and is stored in a time stamp set of the token T1, that is, when all electronic signatures S1 under the same Merkle root MR1 correspond to the plurality of time stamps stamp. In addition, each electronic signature S1 corresponds to a Merkel certificate, and the Merkel certificate of each electronic signature S1 can prove that the electronic signature S1 belongs to the Merkel root MR1. For example, the Merkle certificate of electronic signature S11 is "Hash(S12)" and "Hash(Hash(S13)+Hash(S14))", because according to "Hash(S11)" and "Hash(S12)" It will be possible to calculate "Hash(Hash(S11)+Hash(S12))", and according to "Hash(Hash(S11)+Hash(S12))" and "Hash(Hash(S13)+Hash(S14))" It will be possible to calculate "Hash(Hash(Hash(S11)+Hash(S12))+Hash(Hash(S13)+Hash(S14))) which is equal to Merkel root MR1, and such a path will prove that the The electronic signature S11 is indeed under the Merkel root MR1.

處理器11在產生梅克爾樹MT1之後,可針對同一時間區間內的每一電子簽章S1產生對應的令牌T1。舉例而言,根據本發明的某些實施例,處理器11可將各該電子簽章S1以及各該電子簽章S1的輔助資料(即,該梅克爾樹MT1的梅克爾根MR1、該電子簽章S1對應的電子憑證、該電子簽章在該梅克爾樹MT1中對應的梅克爾證明、以及一時戳集合)紀錄在對應的令牌T1中。時戳集合中包含一個以上的時戳。 After generating the Merkle tree MT1, the processor 11 may generate a corresponding token T1 for each electronic signature S1 in the same time interval. For example, according to some embodiments of the present invention, the processor 11 may convert each of the electronic signatures S1 and the auxiliary data of each of the electronic signatures S1 (ie, the Merkle root MR1 of the Merkle tree MT1 , the electronic The electronic certificate corresponding to the signature S1, the Merkle certificate corresponding to the electronic signature in the Merkle tree MT1, and a time stamp set) are recorded in the corresponding token T1. The timestamp collection contains more than one timestamp.

根據本發明的某些實施例,上述輔助資料還可包含各該電子簽章S1所包含的該電子憑證的一憑證有效性證明。憑證有效性證明可以是來自於使用者。因應於電子憑證通常具有時效性,例如每隔一段時間可能會過期失效或更 換,當電子憑證失效之後,日後將無法證明該電子憑證為使用者或者企業的有效憑證。因此在進行證明資料處理時,可同時將電子憑證進行驗證以取得憑證有效性證明。故令牌T1還可包含該電子憑證的憑證有效性證明,在該電子憑證過期時,還是能夠被證明其先前是有效的。 According to some embodiments of the present invention, the above-mentioned auxiliary data may further include a certificate validity certificate of the electronic certificate included in each of the electronic signatures S1. Credential validity proof can be from the user. Due to the fact that electronic certificates are usually time-sensitive, for example, they may expire at regular intervals or become invalid. If the electronic certificate becomes invalid, it will not be possible to prove that the electronic certificate is a valid certificate for the user or enterprise in the future. Therefore, when processing the certification data, the electronic certificate can be verified at the same time to obtain the certificate validity certificate. Therefore, the token T1 can also contain the certificate validity certificate of the electronic certificate, which can still be proved to be valid before when the electronic certificate expires.

根據本發明的某些實施例,處理器11是將通訊介面15在一時間區間內所接收的雜湊資料紀錄至對應的令牌T1中。在這些實施例中,通訊介面15所接收的每一個雜湊資料可分別對應一原始資料,例如,儲存有原始資料的一外部裝置(未繪示),可對每一原始資料進行雜湊處理得到對應於該原始資料的雜湊資料,再將各雜湊資料傳送到通訊介面15。通訊介面15可以接收來自多個外部裝置的複數雜湊資料,再由處理器11在該時間區間之後,根據該複數雜湊資料產生一梅克爾樹,再針對各該雜湊資料產生一令牌。在此實施例中,各該令牌記錄著該梅克爾樹的一梅克爾根、各該雜湊資料、對應各該雜湊資料的一梅克爾證明、以及一時戳集合,且時戳集合中包含一個以上的時戳。 According to some embodiments of the present invention, the processor 11 records the hash data received by the communication interface 15 within a time interval into the corresponding token T1. In these embodiments, each hash data received by the communication interface 15 may correspond to an original data, for example, an external device (not shown) storing the original data may perform hash processing on each original data to obtain the corresponding Based on the hash data of the original data, each hash data is then sent to the communication interface 15 . The communication interface 15 can receive complex hash data from a plurality of external devices, and after the time interval, the processor 11 generates a Merkle tree according to the complex hash data, and then generates a token for each hash data. In this embodiment, each of the tokens records a Merkle root of the Merkle tree, each of the hash data, a Merkle proof corresponding to each of the hash data, and a timestamp set, and the timestamp set includes a Timestamp above.

根據本發明的某些實施例,各該令牌T1所包含的該時戳集合係為複數個中心化時戳和複數個去中心化時戳其中之任兩個時戳以上。在某些情況下,令牌T1可包含複數個中心化時戳。在某些情況下,令牌T1可包含複數個去中心化時戳。在某些情況下,令牌T1可包含至少一個中心化時戳以及至少一個去中心化時戳。根據本發明的某些實施例,上述中心化時戳可以是RFC-3161時戳,例如但不限於:中華電信時戳、WIPO PROOF;且上述去中心化時戳可以是區塊鏈時戳,例如但不限於:比特幣時戳、乙太坊時戳。 According to some embodiments of the present invention, the set of timestamps included in each token T1 is any two or more of a plurality of centralized timestamps and a plurality of decentralized timestamps. In some cases, token T1 may contain a plurality of centralized timestamps. In some cases, token T1 may contain a plurality of decentralized timestamps. In some cases, token T1 may contain at least one centralized timestamp and at least one decentralized timestamp. According to some embodiments of the present invention, the above-mentioned centralized time stamp may be an RFC-3161 time stamp, such as but not limited to: Chunghwa Telecom time stamp, WIPO PROOF; and the above-mentioned decentralized time stamp may be a blockchain time stamp, For example but not limited to: Bitcoin timestamp, Ethereum timestamp.

在某些實施例中,因應於各時戳服務系統能夠提供時戳所需的時間並不相同,以使得處理器11在令牌上押上各種時戳所需的處理時間不相同,處 理器11可以在未將任一時戳記錄至令牌的時戳集合時,先產生一初始的令牌以提供給使用者使用,或是將初始的令牌先儲存至儲存器13中。處理器11可以在每一個時戳成功被紀錄至初始令牌中時更新令牌,當所有時戳都成功被紀錄至某一令牌中時,令牌T1被完成。處理器11可以將完成的令牌T1再提供給使用者使用,或是更新儲存器13中的令牌。 In some embodiments, since the time required for each time stamp service system to provide time stamps is different, so that the processing time required by the processor 11 to place various time stamps on the token is different, the processing time is different. The processor 11 may first generate an initial token for use by the user or store the initial token in the storage 13 when any timestamp is not recorded in the token timestamp set. The processor 11 may update the token when each time stamp is successfully recorded in the initial token, and when all time stamps are successfully recorded in a certain token, the token T1 is completed. The processor 11 can provide the completed token T1 to the user again, or update the token in the storage 13 .

在某些實施例中,通訊介面15還可在該時間區間內接收各該電子簽章S1所對應的一索引標籤L1,索引標籤L1可以是來自於使用者。處理器11可將接收的索引標籤L1儲存於儲存器13中,且紀錄該索引標籤L1與對應令牌T1之關聯,以便將來提供索引服務(即,作為使用者搜尋對應的令牌T1之依據)。舉例而言,索引標籤L1可包含使用者自訂的關鍵字,當使用者日後有舉證的需求,則可根據索引標籤L1的關鍵字,快速且系統性地找到所需的令牌T1。 In some embodiments, the communication interface 15 may also receive an index label L1 corresponding to each of the electronic signatures S1 within the time interval, and the index label L1 may be from the user. The processor 11 can store the received index label L1 in the storage 13, and record the association between the index label L1 and the corresponding token T1, so as to provide indexing services in the future (ie, as a basis for the user to search for the corresponding token T1 ). For example, the index label L1 may contain a user-defined keyword. When the user needs to provide evidence in the future, he can quickly and systematically find the required token T1 according to the keyword of the index label L1.

第4圖例示了根據本發明的某些實施例的證明資料處理方法的流程,惟其所示內容僅是為了舉例說明本發明的實施例,而非為了限制本發明的保護範圍。 FIG. 4 illustrates the flow of a method for processing certification data according to some embodiments of the present invention, but the content shown is only for illustrating the embodiment of the present invention, rather than for limiting the protection scope of the present invention.

參照第4圖,證明資料處理方法4可包含以下步驟:由一證明資料處理系統,在一時間區間內接收複數電子簽章,其中各該電子簽章係分別根據一電子憑證之一私鑰對一原始資料進行處理及加密所生成(標示為步驟41);由該證明資料處理系統,在該時間區間之後,根據該複數電子簽章產生一梅克爾樹(標示為步驟42);以及由該證明資料處理系統,針對各該電子簽章產生一令牌,其中,各該令牌記錄著該梅克爾樹的一梅克爾根、各該電子簽章、各該電子簽章所對應的電子憑證、對應各該電子簽章的一梅克爾證明、以及一時戳集合,且該時戳集合包含一個以上的時戳(標示為步驟43)。 Referring to FIG. 4, the certification data processing method 4 may include the following steps: a certification data processing system receives a plurality of electronic signatures within a time interval, wherein each of the electronic signatures is based on a private key pair of an electronic certificate. A raw data is processed and encrypted to generate (marked as step 41); by the certification data processing system, after the time interval, a Merkle tree is generated according to the plurality of electronic signatures (marked as step 42); and by the The certification data processing system generates a token for each of the electronic signatures, wherein each of the tokens records a Merkle root of the Merkle tree, each of the electronic signatures, and an electronic certificate corresponding to each of the electronic signatures , a Merkle certificate corresponding to each of the electronic signatures, and a set of timestamps, and the set of timestamps includes more than one timestamp (marked as step 43 ).

第4圖所示的步驟41至步驟43的順序並非限制。在仍可實施的情況下,第4圖所示的步驟41至步驟43的順序可以被任意調整。 The order of steps 41 to 43 shown in FIG. 4 is not limited. The order of steps 41 to 43 shown in FIG. 4 can be arbitrarily adjusted as long as it is still practicable.

根據本發明的某些實施例,除了步驟41至步驟43之外,證明資料處理方法4還可包含以下步驟:由該證明資料處理系統,儲存該複數令牌。 According to some embodiments of the present invention, in addition to steps 41 to 43, the certification data processing method 4 may further include the following steps: storing the plurality of tokens by the certification data processing system.

根據本發明的某些實施例,除了步驟41至步驟43之外,證明資料處理方法4還可包含以下步驟:由該證明資料處理系統,傳送該複數令牌至一或多個外部裝置。 According to some embodiments of the present invention, in addition to steps 41 to 43, the certification data processing method 4 may further include the following steps: the certification data processing system transmits the plurality of tokens to one or more external devices.

根據本發明的某些實施例,各該電子簽章是先將該原始資料進行一雜湊處理得到一雜湊資料、再使用所對應之電子憑證之私鑰對該雜湊資料進行處理及加密所生成。 According to some embodiments of the present invention, each of the electronic signatures is generated by first hashing the original data to obtain a hash data, and then processing and encrypting the hash data using the private key of the corresponding electronic certificate.

根據本發明的某些實施例,除了步驟41至步驟43之外,證明資料處理方法4還可包含以下步驟:由該證明資料處理系統,在該時間區間內接收各該電子簽章所對應的一索引標籤;以及由該證明資料處理系統,儲存該複數個索引標籤和該原始資料兩者至少其中之一。在其他實施例中,索引標籤也可以儲存在一外部儲存裝置中。 According to some embodiments of the present invention, in addition to steps 41 to 43, the certification data processing method 4 may further include the following steps: the certification data processing system receives the corresponding electronic signatures within the time interval. an index label; and at least one of the plurality of index labels and the original data is stored by the certification data processing system. In other embodiments, the index tags may also be stored in an external storage device.

根據本發明的某些實施例,各該電子憑證為一x.509憑證。 According to some embodiments of the present invention, each of the electronic certificates is an x.509 certificate.

根據本發明的某些實施例,各該令牌所包含的該時戳集合係為複數個中心化時戳和複數個去中心化時戳其中之任兩個時戳以上。 According to some embodiments of the present invention, the set of timestamps included in each token is any two or more of a plurality of centralized timestamps and a plurality of decentralized timestamps.

根據本發明的某些實施例,各該令牌還包含各該電子簽章所包含的該電子憑證的一憑證有效性證明。 According to some embodiments of the present invention, each of the tokens further includes a certificate validity certificate of the electronic certificate contained in each of the electronic signatures.

根據本發明的某些實施例,各該電子簽章是來自不同企業,且各該電子簽章是根據對應的一企業憑證所對應的一私鑰以處理及加密。 According to some embodiments of the present invention, each of the electronic signatures is from a different enterprise, and each of the electronic signatures is processed and encrypted according to a private key corresponding to a corresponding enterprise certificate.

證明資料處理方法4的每一個實施例本質上都會與證明資料處理系統1的某一個實施例相對應。因此,即使上文未針對證明資料處理方法4的每一個實施例進行詳述,本發明所屬技術領域中具有通常知識者仍可根據上文針對證明資料處理系統1的說明而直接瞭解證明資料處理方法4的未詳述的實施例。 Each embodiment of the attestation data processing method 4 essentially corresponds to a certain embodiment of the attestation data processing system 1 . Therefore, even if each embodiment of the certification data processing method 4 is not described in detail above, those with ordinary knowledge in the technical field of the present invention can still directly understand the certification data processing according to the above description of the certification data processing system 1 Non-detailed embodiment of method 4.

第5圖例示了根據本發明的某些實施例的證明資料處理方法的流程,惟其所示內容僅是為了舉例說明本發明的實施例,而非為了限制本發明的保護範圍。 FIG. 5 illustrates the flow of the method for processing certification data according to some embodiments of the present invention, but the content shown is only for illustrating the embodiment of the present invention, rather than for limiting the protection scope of the present invention.

參照第5圖,證明資料處理方法5可包含以下步驟:由一證明資料處理系統,在一時間區間內接收複數雜湊資料,其中各該雜湊資料係分別對應一原始資料(標示為步驟51);由該證明資料處理系統,在該時間區間之後,根據該複數雜湊資料產生一梅克爾樹(標示為步驟52);以及由該證明資料處理系統,針對各該電子簽章產生一令牌,其中,各該令牌記錄著該梅克爾樹的一梅克爾根、各該雜湊資料、對應各該雜湊資料的一梅克爾證明、以及一時戳集合,且該時戳集合包含一個以上的時戳(標示為步驟53)。 Referring to FIG. 5, the certification data processing method 5 may include the following steps: a certification data processing system receives complex hash data within a time interval, wherein each of the hash data corresponds to an original data (marked as step 51); After the time interval, by the certification data processing system, a Merkle tree is generated from the complex hash data (labeled as step 52); and by the certification data processing system, a token is generated for each of the electronic signatures, wherein , each of the tokens records a Merkle root of the Merkle tree, each of the hash data, a Merkle proof corresponding to each of the hash data, and a set of timestamps, and the set of timestamps contains more than one timestamp ( marked as step 53).

第5圖所示的步驟51至步驟53的順序並非限制。在仍可實施的情況下,第5圖所示的步驟51至步驟53的順序可以被任意調整。 The order of step 51 to step 53 shown in FIG. 5 is not limited. The order of steps 51 to 53 shown in FIG. 5 can be arbitrarily adjusted as long as it is still practicable.

證明資料處理方法5的每一個實施例本質上都會與證明資料處理系統1的某一個實施例相對應。因此,即使上文未針對證明資料處理方法5的每一個實施例進行詳述,本發明所屬技術領域中具有通常知識者仍可根據上文針對證明資料處理系統1的說明而直接瞭解證明資料處理方法5的未詳述的實施例。 Each embodiment of the attestation data processing method 5 essentially corresponds to a certain embodiment of the attestation data processing system 1 . Therefore, even if each embodiment of the certification data processing method 5 is not described in detail above, those with ordinary knowledge in the technical field of the present invention can still directly understand the certification data processing according to the above description of the certification data processing system 1 Non-detailed embodiment of method 5.

上述實施例只是舉例來說明本發明,而非為了限制本發明。任何針對上述實施例進行修飾、改變、調整、整合而產生的其他實施例,只要是本發 明所屬技術領域中具有通常知識者不難思及的,都涵蓋在本發明的保護範圍內。本發明的保護範圍以申請專利範圍為準。 The above-mentioned embodiments are only used to illustrate the present invention, but not to limit the present invention. Any other embodiments produced by modifying, changing, adjusting and integrating the above-mentioned embodiments, as long as they are the present invention It is not difficult for a person with ordinary knowledge in the technical field to understand that it is within the protection scope of the present invention. The protection scope of the present invention is subject to the scope of the patent application.

如下所示: 4: 證明資料處理方法 41~43:步驟 As follows: 4: Proof of data processing method 41~43: Steps

Claims (20)

一種證明資料處理系統,包含:一通訊介面,用以在一時間區間內接收複數電子簽章,其中各該電子簽章係分別根據一電子憑證之一私鑰對一原始資料進行處理及加密所生成;以及一處理器,電性連接至該通訊介面,且用以:在該時間區間之後,以該複數電子簽章做為一梅克爾樹之複數節點,以產生該梅克爾樹,並分別為各該電子簽章產生相應之一梅克爾證明;以及針對各該電子簽章以及其相應之該梅克爾證明產生一令牌,其中,各該令牌記錄著該梅克爾樹的一梅克爾根、各該電子簽章、各該電子簽章所對應的電子憑證、對應各該電子簽章的該梅克爾證明、以及一時戳集合,且該時戳集合包含一個以上的時戳。 A certification data processing system, comprising: a communication interface for receiving a plurality of electronic signatures within a time interval, wherein each of the electronic signatures respectively processes and encrypts an original data according to a private key of an electronic certificate. generating; and a processor electrically connected to the communication interface and used for: after the time interval, using the plurality of electronic signatures as a plurality of nodes of a Merkle tree to generate the Merkle tree, and respectively generating a corresponding Merkle certificate for each of the electronic signatures; and generating a token for each of the electronic signatures and its corresponding Merkle certificate, wherein each of the tokens records a Merkle of the Merkle tree The root, each of the electronic signatures, the electronic certificate corresponding to each of the electronic signatures, the Merkel certificate corresponding to each of the electronic signatures, and a timestamp set, and the timestamp set includes more than one timestamp. 如請求項1所述的證明資料處理系統,還包含:一儲存器,電性連接至該通訊介面與該處理器,且用以儲存各該令牌。 The certification data processing system according to claim 1, further comprising: a storage, electrically connected to the communication interface and the processor, for storing each of the tokens. 如請求項1所述的證明資料處理系統,其中:該通訊介面還用以傳送各該令牌至一或多個外部裝置。 The certification data processing system of claim 1, wherein: the communication interface is further configured to transmit each of the tokens to one or more external devices. 如請求項1所述的證明資料處理系統,其中各該電子簽章是先將該原始資料進行一雜湊處理得到一雜湊資料、再使用所對應之該電子憑證之該私鑰對該雜湊資料進行處理及加密所生成。 The certification data processing system according to claim 1, wherein each of the electronic signatures first performs a hashing process on the original data to obtain a hashed data, and then uses the private key of the corresponding electronic certificate to perform a hashing process on the hashed data. generated by processing and encryption. 如請求項1所述的證明資料處理系統,其中,該通訊介面還用以在該時間區間內接收各該電子簽章所對應的一索引標籤,且該系統還包含:一儲存器,電性連接至該通訊介面與該處理器,且用以儲存該複數個索引標籤和該原始資料兩者至少其中之一。 The certification data processing system according to claim 1, wherein the communication interface is further used to receive an index tag corresponding to each of the electronic signatures within the time interval, and the system further comprises: a storage, electrically is connected to the communication interface and the processor, and is used for storing at least one of the plurality of index labels and the original data. 如請求項1所述的證明資料處理系統,其中各該電子憑證為一x.509憑證。 The certification data processing system as claimed in claim 1, wherein each of the electronic certificates is an x.509 certificate. 如請求項1所述的證明資料處理系統,其中各該令牌所包含的該時戳集合係為複數個中心化時戳和複數個去中心化時戳其中之任兩個時戳以上。 The certification data processing system according to claim 1, wherein the time stamp set included in each token is any two or more of a plurality of centralized time stamps and a plurality of decentralized time stamps. 如請求項1所述的證明資料處理系統,其中各該令牌還包含各該電子簽章所對應的該電子憑證的一憑證有效性證明。 The certification data processing system according to claim 1, wherein each of the tokens further includes a certificate validity certificate of the electronic certificate corresponding to each of the electronic signatures. 如請求項1所述的證明資料處理系統,其中各該電子簽章是來自不同企業,且各該電子簽章是根據對應的一企業憑證所對應的一私鑰以處理及加密。 The certification data processing system according to claim 1, wherein each of the electronic signatures is from different enterprises, and each of the electronic signatures is processed and encrypted according to a private key corresponding to a corresponding enterprise certificate. 一種證明資料處理系統,包含:一通訊介面,用以在一時間區間內接收複數雜湊資料,其中各該雜湊資料係分別對應一原始資料;以及一處理器,電性連接至該通訊介面,且用以在該時間區間之後,以該複數雜湊資料做為一梅克爾樹之複數節點,以產生該梅克爾樹,並分別為各該雜湊資料產生相應之一梅克爾證明;以及針對各該雜湊資料以及其相應之該梅克爾證明產生一令牌,其中,各該令牌記錄著該梅克爾樹的一梅克爾根、各該雜湊資料、對應各該雜湊資料的該梅克爾證明、以及一時戳集合,且該時戳集合包含一個以上的時戳。 A certification data processing system, comprising: a communication interface for receiving complex hash data within a time interval, wherein each of the hash data respectively corresponds to an original data; and a processor electrically connected to the communication interface, and After the time interval, the complex hash data is used as a complex node of a Merkle tree to generate the Merkle tree, and a corresponding Merkle proof is generated for each of the hash data; and for each of the hashes The data and its corresponding Merkle proof yield a token, wherein each token records a Merkle root of the Merkle tree, each hash, the Merkle proof corresponding to each hash, and a time A set of timestamps, and the set of timestamps contains more than one timestamp. 一種證明資料處理方法,包含:由一證明資料處理系統,在一時間區間內接收複數電子簽章,其中各該電子簽章係分別根據一電子憑證之一私鑰對一原始資料進行處理及加密所生成; 由該證明資料處理系統,在該時間區間之後,以該複數電子簽章做為一梅克爾樹之複數節點,以產生該梅克爾樹,並分別為各該電子簽章產生相應之一梅克爾證明;以及由該證明資料處理系統,針對各該電子簽章以及其相應之該梅克爾證明產生一令牌,其中,各該令牌記錄著該梅克爾樹的一梅克爾根、各該電子簽章、各該電子簽章所對應的電子憑證、對應各該電子簽章的該梅克爾證明、以及一時戳集合,且該時戳集合包含一個以上的時戳。 A certification data processing method, comprising: receiving a plurality of electronic signatures within a time interval by a certification data processing system, wherein each of the electronic signatures respectively processes and encrypts an original data according to a private key of an electronic certificate generated; By the certification data processing system, after the time interval, the plural electronic signatures are used as plural nodes of a Merkle tree to generate the Merkle tree, and a corresponding Merkle is generated for each of the electronic signatures respectively and a token is generated by the certification data processing system for each of the electronic signatures and its corresponding Merkle certificate, wherein each of the tokens records a Merkle root of the Merkle tree, each of the electronic signatures The signature, the electronic certificate corresponding to each of the electronic signatures, the Merkel certificate corresponding to each of the electronic signatures, and a time stamp set, and the time stamp set includes more than one time stamp. 如請求項11所述的證明資料處理方法,還包含:由該證明資料處理系統,儲存各該令牌。 The certification data processing method according to claim 11, further comprising: storing each of the tokens by the certification data processing system. 如請求項11所述的證明資料處理方法,還包含:由該證明資料處理系統,傳送各該令牌至一或多個外部裝置。 The certification data processing method according to claim 11, further comprising: transmitting, by the certification data processing system, each of the tokens to one or more external devices. 如請求項11所述的證明資料處理方法,其中各該電子簽章是先將該原始資料進行一雜湊處理得到一雜湊資料、再使用所對應之電子憑證之該私鑰對該雜湊資料進行處理及加密所生成。 The method for processing certification data as described in claim 11, wherein each of the electronic signatures first performs a hashing process on the original data to obtain a hashed data, and then uses the private key of the corresponding electronic certificate to process the hashed data and encrypted. 如請求項11所述的證明資料處理方法,還包含:由該證明資料處理系統,在該時間區間內接收各該電子簽章所對應的一索引標籤;以及由該證明資料處理系統,儲存該複數個索引標籤和該原始資料兩者至少其中之一。 The certification data processing method according to claim 11, further comprising: receiving, by the certification data processing system, an index label corresponding to each of the electronic signatures within the time interval; and storing the certification data processing system by the certification data processing system at least one of a plurality of index tags and the raw material. 如請求項11所述的證明資料處理方法,其中各該電子憑證為一x.509憑證。 The certification data processing method according to claim 11, wherein each of the electronic certificates is an x.509 certificate. 如請求項11所述的證明資料處理方法,其中各該令牌所包含的該時戳集合係為複數個中心化時戳和複數個去中心化時戳其中之任兩個時戳以上。 The method for processing certification data according to claim 11, wherein the set of timestamps included in each token is any two or more of a plurality of centralized timestamps and a plurality of decentralized timestamps. 如請求項11所述的證明資料處理方法,其中各該令牌還包含各該電子簽章所對應的該電子憑證的一憑證有效性證明。 The certification data processing method according to claim 11, wherein each of the tokens further includes a certificate validity certificate of the electronic certificate corresponding to each of the electronic signatures. 如請求項11所述的證明資料處理方法,其中各該電子簽章是來自不同企業,且各該電子簽章是根據對應的一企業憑證所對應的一私鑰以處理及加密。 The certification data processing method as claimed in claim 11, wherein each of the electronic signatures is from different enterprises, and each of the electronic signatures is processed and encrypted according to a private key corresponding to a corresponding enterprise certificate. 一種證明資料處理方法,包含:由一證明資料處理系統,在一時間區間內接收複數雜湊資料,其中各該雜湊資料係分別對應一原始資料;由該證明資料處理系統,在該時間區間之後,以該複數雜湊資料做為一梅克爾樹之複數節點,以產生該梅克爾樹,並分別為各該雜湊資料產生相應之一梅克爾證明;以及由該證明資料處理系統,針對各該雜湊資料以及其相應之該梅克爾證明產生一令牌,其中,各該令牌記錄著該梅克爾樹的一梅克爾根、各該雜湊資料、對應各該雜湊資料的該梅克爾證明、以及一時戳集合,且該時戳集合包含一個以上的時戳。 A certification data processing method, comprising: receiving complex hash data within a time interval by a certification data processing system, wherein each of the hash data corresponds to an original data; the certification data processing system, after the time interval, Using the complex hash data as a complex node of a Merkle tree to generate the Merkle tree, and respectively generating a corresponding Merkle proof for each of the hash data; and, by the proof data processing system, for each of the hash data and its corresponding Merkle proof produce a token, wherein each token records a Merkle root of the Merkle tree, each hash, the Merkle proof corresponding to each hash, and a timestamp set, and the timestamp set contains more than one timestamp.
TW109139623A 2020-11-13 2020-11-13 Verification data processing system and verification data processing method TWI778448B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
TW109139623A TWI778448B (en) 2020-11-13 2020-11-13 Verification data processing system and verification data processing method
CN202110076164.2A CN114499914A (en) 2020-11-13 2021-01-20 Proof data processing system and proof data processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109139623A TWI778448B (en) 2020-11-13 2020-11-13 Verification data processing system and verification data processing method

Publications (2)

Publication Number Publication Date
TW202219799A TW202219799A (en) 2022-05-16
TWI778448B true TWI778448B (en) 2022-09-21

Family

ID=81491679

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109139623A TWI778448B (en) 2020-11-13 2020-11-13 Verification data processing system and verification data processing method

Country Status (2)

Country Link
CN (1) CN114499914A (en)
TW (1) TWI778448B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI807979B (en) * 2022-08-30 2023-07-01 中華電信股份有限公司 A fido certification and auditing system, method base on timestamp signature and computer-readable medium thereof

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190358515A1 (en) * 2016-05-02 2019-11-28 Bao Tran Blockchain

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI659640B (en) * 2017-11-16 2019-05-11 中華電信股份有限公司 Signature system incorporating block chain technique, signature method and signature authentication method
US11218324B2 (en) * 2018-04-05 2022-01-04 Ares Technologies, Inc. Systems and methods authenticating a digitally signed assertion using verified evaluators
US11057366B2 (en) * 2018-08-21 2021-07-06 HYPR Corp. Federated identity management with decentralized computing platforms
CN109525583B (en) * 2018-11-26 2021-03-12 中国科学院数据与通信保护研究教育中心 False certificate detection method and system for third-party identity management providing service system
CN111835526B (en) * 2020-06-30 2023-11-21 北京泰尔英福科技有限公司 Method and system for generating anonymous credential

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190358515A1 (en) * 2016-05-02 2019-11-28 Bao Tran Blockchain

Also Published As

Publication number Publication date
CN114499914A (en) 2022-05-13
TW202219799A (en) 2022-05-16

Similar Documents

Publication Publication Date Title
Mehmood et al. Protection of big data privacy
Alloghani et al. A systematic review on the status and progress of homomorphic encryption technologies
Zhu et al. Enabling generic, verifiable, and secure data search in cloud services
CA2887191C (en) Secure linkage of databases
Li et al. A hybrid cloud approach for secure authorized deduplication
US20190173859A1 (en) Systems and methods for implementing modular digital encryption key management solutions
US20190340362A1 (en) A method and system for verifying integrity of a digital asset using a distributed hash table and a peer-to-peer distributed ledger
Kamara et al. Cs2: A searchable cryptographic cloud storage system
Zhang et al. Towards secure data distribution systems in mobile cloud computing
JP2014002365A (en) Encrypted data inquiry method and system which can protect privacy
WO2019090841A1 (en) Encrypted file retrieval method and system, terminal device and storage medium
Sun et al. Research on logistics information blockchain data query algorithm based on searchable encryption
CN117396869A (en) System and method for secure key management using distributed ledger techniques
US10516663B2 (en) Systems and methods for variable-length encoding and decoding for enhancing computer systems
JP2018526666A (en) Personal search index with enhanced confidentiality
US11233646B2 (en) Searchable encryption method
WO2021198750A1 (en) System and method to manage information and documents on a native blockchain network system including permissioned blockchain, storage, sharing, organisation, porting and various applications
TWI778448B (en) Verification data processing system and verification data processing method
CN118228312A (en) File data protection method based on blockchain
Zhang et al. Blockchain-assisted data sharing supports deduplication for cloud storage
Cui et al. Power system real time data encryption system based on DES algorithm
Liu et al. Authorized keyword search on mobile devices in secure data outsourcing
US11106740B2 (en) Search device, search system, search method, and computer readable medium
Sun et al. Research of data security model in cloud computing platform for SMEs
US20230082077A1 (en) Cryptographic systems and methods for maintenance of pools of random numbers

Legal Events

Date Code Title Description
GD4A Issue of patent certificate for granted invention patent