CN117390695B - Electronic file full life cycle identification system, method, equipment and medium - Google Patents
Electronic file full life cycle identification system, method, equipment and medium Download PDFInfo
- Publication number
- CN117390695B CN117390695B CN202311399460.1A CN202311399460A CN117390695B CN 117390695 B CN117390695 B CN 117390695B CN 202311399460 A CN202311399460 A CN 202311399460A CN 117390695 B CN117390695 B CN 117390695B
- Authority
- CN
- China
- Prior art keywords
- evidence
- signature
- electronic
- data
- storing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000012795 verification Methods 0.000 claims abstract description 57
- 239000000463 material Substances 0.000 claims abstract description 10
- 238000001514 detection method Methods 0.000 claims abstract description 9
- 230000008569 process Effects 0.000 claims description 21
- 238000004422 calculation algorithm Methods 0.000 claims description 13
- 230000006399 behavior Effects 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 11
- 230000006870 function Effects 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 239000000284 extract Substances 0.000 claims description 5
- 230000003542 behavioural effect Effects 0.000 claims 1
- 230000014759 maintenance of location Effects 0.000 claims 1
- 238000007639 printing Methods 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 15
- 238000004891 communication Methods 0.000 description 9
- 238000004458 analytical method Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 238000012790 confirmation Methods 0.000 description 3
- 238000000354 decomposition reaction Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000007781 pre-processing Methods 0.000 description 2
- 238000005070 sampling Methods 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- HATJHXCDGADERG-HGTLKWEASA-N 1-o-[2-[(5-azido-2-hydroxy-3-iodanylbenzoyl)amino]ethyl] 4-o-(2,5-dioxopyrrolidin-1-yl) butanedioate Chemical compound OC1=C([125I])C=C(N=[N+]=[N-])C=C1C(=O)NCCOC(=O)CCC(=O)ON1C(=O)CCC1=O HATJHXCDGADERG-HGTLKWEASA-N 0.000 description 1
- 102100022142 Achaete-scute homolog 1 Human genes 0.000 description 1
- 102100022144 Achaete-scute homolog 2 Human genes 0.000 description 1
- 101000901099 Homo sapiens Achaete-scute homolog 1 Proteins 0.000 description 1
- 101000901109 Homo sapiens Achaete-scute homolog 2 Proteins 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000010267 cellular communication Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009499 grossing Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 210000003205 muscle Anatomy 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000007789 sealing Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/18—Legal services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/30—Writer recognition; Reading and verifying signatures
- G06V40/33—Writer recognition; Reading and verifying signatures based only on signature image, e.g. static signature recognition
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Tourism & Hospitality (AREA)
- Computer Hardware Design (AREA)
- Technology Law (AREA)
- Primary Health Care (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Marketing (AREA)
- Human Resources & Organizations (AREA)
- Economics (AREA)
- Multimedia (AREA)
- Human Computer Interaction (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a full life cycle identification of an electronic file, which comprises the steps of constructing a certification platform to record the operation of the electronic file, checking the certification data and a certification chain to verify the existence of the electronic file, wherein the data are transmitted and stored in different systems, devices and networks; the electronic file full life cycle identification is realized by verifying the original file non-tamper, digital signature validity, handwriting picture, printing picture consistency and credible timestamp, verifying the authenticity of electronic data, extracting signature handwriting information from the electronic file meeting the presence and authenticity verification as a detection material and a sample to be compared and identified, and identifying the electronic signature as the original handwriting signature. The method provides a solution for judicial identification of electronic files, and has important application prospect in the judicial field.
Description
Technical Field
The invention relates to the technical field of information security and electronic data evidence obtaining, in particular to a full life cycle identification method of an electronic file based on judicial vision.
Background
With the rapid development of information technology, electronic documents are increasingly popular in various fields. The electronic data identification is used as an important link in the judicial procedure, and has important significance for ensuring the standardization of the identification flow and the correctness of the identification opinion and maintaining the judicial fairness. The process of judicial identification of electronic data is proposed in the research of judicial identification problems of electronic data by the Chinese zodiac super: first, the formation process and authenticity of the electronic data are authenticated to determine whether there is tampering or abnormality with the data. Secondly, the original data is copied by adopting technologies such as data snapshot, data mirror image or data backup, and the integrity and protection of the data in the copying process are ensured. Thirdly, repeatedly comparing the copied electronic data copy with the original data to confirm the consistency of the electronic data copy and the original data. Fourth, the original electronic data of the inspection is stored in a sealing way, so that the integrity and the safety of the data are ensured. Fifth, electronic data copies are scientifically analyzed and identified using conventional electronic data judicial identification equipment and techniques. Sixthly, obtaining an electronic data judicial identification conclusion and generating a corresponding identification report. Together, these steps ensure the trustworthiness and acceptability of the electronic data to support evidence analysis and arbitration processes in judicial programs. The fourth chapter of the judicial identification practice classification rule (2020) defines the definition and content of electronic data identification, which is the activity of an identified person to test, analyze, identify and judge the existence, authenticity, functionality, similarity and other specialized problems of electronic data and provide identification comments by using information science and technology and expertise. The use of encryption technology, digital signature, public Key Infrastructure (PKI) and blockchain technology in the internet can ensure the authenticity and validity of electronic data.
The digital certificate is the core of PKI, and can solve the problems of identity confirmation of a data source and the integrity and authenticity of data. There are some limitations on its own, specifically: digital certificates rely on the trust of Certificate Authorities (CAs). The CA is the authority responsible for issuing and managing digital certificates, the reputation and trustworthiness of which are critical to the validity of the digital certificates. However, if the CA is attacked, vulnerable, or poorly managed, trust of the certificate may be destroyed. Second, the revocation mechanism of digital certificates presents certain challenges. When the private key of the digital certificate is revealed, the certificate holder is no longer trusted or the certificate information is changed, the certificate needs to be timely revoked to prevent abuse of the certificate.
Conventional certificate revocation mechanisms, such as Certificate Revocation Lists (CRLs) and Online Certificate Status Protocols (OCSP), suffer from scalability and efficiency issues that may lead to delays or inaccuracy in the revocation information. Finally, secure distribution of root certificates is also a challenge. The root certificate is the highest level certificate of the trust chain, and its secure distribution is critical to ensure the trustworthiness of the entire Public Key Infrastructure (PKI) system. However, the security and distribution mechanism of root certificates may be compromised by physical attacks, malicious tampering, or improper management.
Thus, digital certificates are not entirely reliable in authenticating electronic data.
Disclosure of Invention
In order to solve the problem of authenticity and integrity of an electronic file in a judicial identification process, the invention provides a full life cycle identification method based on electronic signature stamping. Including electronic data presence authentication, electronic data authenticity authentication, and handwriting authentication. And finally, effective and powerful identification evidence is provided for the electronic file in judicial identification, so that the credibility and the creditability of the electronic data are enhanced.
Recording the operation and circulation paths of the electronic file by using a chain type evidence-storing platform;
under the condition of discarding the traditional CA (Certificate Authority) mechanism, adopting an encryption algorithm based on SM9 and an electronic signature technology to finish the authenticity and integrity check of the electronic data.
According to one aspect of the application, an electronic file full life cycle identification system comprises an electronic data existence identification unit, an electronic data authenticity identification unit and an electronic handwriting identification unit, wherein the electronic data existence identification unit constructs an operation of recording an electronic file by a certification platform, and the transmission and storage tracks of the data among different systems, devices and networks are checked, and the certification data and a certification chain are checked to verify the existence of the electronic file; the authenticity identifying unit verifies the authenticity of the electronic data by verifying the tamper-free property of the original file, the validity of the digital signature, the consistency of the handwriting picture, the trusted time stamp and the like, and extracts signature handwriting information from the electronic file meeting the verification of the presence and the authenticity as a check material to be compared and identified with a reserved sample, and identifies the electronic signature as the original handwriting signature.
Further preferably, the electronic data presence authentication unit tracks and analyzes the circulation path and operation record of the digital data of the electronic file based on the chain type certification platform to determine the source, the processing procedure and the related operation of the data for the presence authentication of the electronic file; the authenticity identification unit adds signed information to complete the authenticity identification of the electronic data on the premise of not changing the file structure; the electronic handwriting identification unit adds electronic signature and seal related expansion information to complete handwriting identification on the premise of not changing the file structure.
Further preferably, an operation of recording an electronic file by constructing a certification platform and transmission and storage tracks of data among different systems, devices or networks are established, the certification platform records the operation by adopting business certification including but not limited to chained storage, behavior certification and event certification, corresponding business certification is determined by a business serial number, each link corresponds to one behavior certification, multiple certification forms a plurality of behavior certification, certification events are determined by operation events in each link, and a certification chain of the business is formed according to the operation time sequence.
Further preferably, the chain type evidence-storing platform provides functions of business evidence, node evidence-storing and event evidence-storing, an event is formed for each operation of the electronic file, the event is used as a minimum unit in the evidence-storing system, a plurality of events can be submitted once by a user, a evidence-storing node report is generated once every time the event is submitted, all evidence-storing node reports are stored in a chain type structure according to the time sequence of the business evidence, and all signature bits HASH and data evidence HASH are calculated for the node evidence-storing reports comprising a series of events; one service chain reflects the full life cycle of the electronic file, determines the operated times of the electronic file through the number of nodes, and associates the service name, the certificate storing time and the certificate storing main body; the node records all events submitted at the time downwards, checks the whole operation process of the file business in the business certification according to the certification number upwards, and generates a certification storing link; recording the evidence-storing main body, the evidence-storing platform, the operation main body and the event operation type as events to a chained evidence-storing platform, and setting the event number to be related to the node evidence-storing number.
Further preferably, backtracking a business handling end-to-end node through a business serial number identification, grouping the certificate storage information according to the nodes, and displaying the node information, the operator information and the evidence information of the whole life cycle of the business certificate one by one according to the operation time sequence, wherein one business handling is used as one business certificate; the authenticity identification unit adds an expansion domain and a signing domain in the electronic file, wherein the expansion data added in the expansion domain comprises original data, auxiliary certificate data and presentation bit data, signing information, a password public key, time and a signature value obtained by calculating a digital signature on the signing information are added in the signing domain, and finally a trusted timestamp is added.
Further preferably, electronic data authenticity identification is performed on the electronic file according to the added field information, an electronic file hash value for removing signature information is calculated, whether the electronic file is tampered or not is verified by comparing the electronic file hash value with an original text hash value, signature information is extracted from the electronic file to verify whether an electronic signature is effective or not, original text hash and signature values comprising time stamps are verified, trusted time is extracted, and consistency of handwriting display position and signature appearance handwriting and seal display position and seal appearance is verified.
Further preferably, the signing information data structure is divided according to the file signing event, the signing domain is added for original handwriting signature, fingerprint seal and electronic signature, the signing information structure of the original handwriting signature and seal is the same, HASH value calculated by the data after the signing information is removed is used as original HASH, solidifying the signed or right-pressed file in a first field of signed information, taking the identification ID of the key as a second field of signed information, taking the signing time as a third field of signed information, calling a password service unit to calculate a signature value according to the signed information field, and storing the signature value in a fourth field; the extension data includes: the method comprises the steps of setting a value of an operation entity identifier for uniquely identifying the operation entity, carrying out hash calculation on the identity card information of the operation entity to be used as an operation entity identity card hash value; the key fields included in the original handwriting signature comprise the duration of signing the handwriting, handwriting characteristic data, encrypting to generate a handwriting data hash value and handwriting pictures; the fingerprint and the seal comprise the fingerprint of the display position and the seal picture.
According to another aspect of the application, a full life cycle identification method of an electronic file is provided, which comprises the steps that an electronic data existence identification unit constructs an evidence storage platform to record the operation of the electronic file, and the transmission and storage tracks of data among different systems, devices and networks are checked to verify the existence of the electronic file; the authenticity identifying unit verifies the authenticity of the electronic data by verifying the tamper-free property of the original file, the validity of the digital signature, the consistency of the handwriting picture, the trusted time stamp and the like, and extracts signature handwriting information from the electronic file meeting the verification of the presence and the authenticity as a check material to be compared and identified with a reserved sample, and identifies the electronic signature as the original handwriting signature.
Further preferably, the electronic data presence authentication unit tracks and analyzes the circulation path and operation record of the digital data of the electronic file based on the chain type certification platform to determine the source, the processing procedure and the related operation of the data for the presence authentication of the electronic file; the authenticity identification unit adds signed information to complete the authenticity identification of the electronic data on the premise of not changing the file structure; the electronic handwriting identification unit adds electronic signature and seal related expansion information to complete handwriting identification on the premise of not changing the file structure.
Further preferably, the chain type evidence-storing platform provides functions of business evidence-storing, node evidence-storing and event evidence-storing, each operation of the electronic file forms an event, the event is used as a minimum unit in the evidence-storing system, a plurality of events can be submitted once by a user, each time of submitting generates a evidence-storing node report, and the business evidence-storing node reports are stored in a chain type structure according to time sequence; calculating all signature bits HASH and data store HASH for a node store report comprising a series of events; one service chain reflects the full life cycle of the electronic file, determines the operated times of the electronic file through the number of nodes, and associates the service name, the certificate storing time and the certificate storing main body; the node records all events submitted at the time downwards, checks the whole operation process of the file business in the business certification according to the certification number upwards, and generates a certification storing link; recording the evidence-storing main body, the evidence-storing platform, the operation main body and the event operation type as events to a chained evidence-storing platform, and setting the event number to be related to the node evidence-storing number.
Further preferably, backtracking a business handling end-to-end node through a business serial number identification, grouping the certificate storage information according to the nodes, and displaying the node information, the operator information and the evidence information of the whole life cycle of the business certificate one by one according to the operation time sequence, wherein one business handling is used as one business certificate; dividing a signing information data structure according to a file signing event, adding a signing domain for original handwriting signature, fingerprint printing and electronic signature, wherein the original handwriting signature is identical to the signature information structure of the printing, removing a HASH value calculated by data after signing information as an original text HASH, solidifying the signed or pressed file in a signing information first field, taking an identification ID of a secret key as a signing information second field, taking the signing time as a signing information third field, calling a password service unit to calculate a signature value according to the signing information fields, and storing the signature value in a fourth field.
According to another aspect of the application, an electronic device comprises: a processor; and a memory storing a program, wherein the program comprises instructions that when executed by the processor cause the processor to perform the electronic file full lifecycle authentication method according to the above.
According to another aspect of the application, a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the electronic file full life cycle authentication method according to the above.
The invention makes up for the shortages of the traditional CA mechanism in this aspect. Meanwhile, the method provides reliable safety guarantee for the electronic data, promotes the credibility and usability of the electronic document, provides a solution for judicial identification of the electronic document, and has important application prospects in the fields of law and judicial.
Drawings
FIG. 1 is a schematic diagram of an electronic document authentication process under judicial view in the present exemplary embodiment;
FIG. 2 is an electronic file data structure for judicial authentication in accordance with the present exemplary embodiment;
FIG. 3 illustrates an electronic file chain forensic platform data layer architecture in the present exemplary embodiment;
FIG. 4 is a schematic diagram of a file non-tamperability verification flow in the present exemplary embodiment;
fig. 5 is a schematic diagram of a digital signature validity verification flow in the present exemplary embodiment;
FIG. 6 is a diagram of a verification of consistency of a handwriting presentation result and an original handwriting in the present exemplary embodiment;
FIG. 7 is a diagram of a trusted timestamp validation flow in the present exemplary embodiment;
FIG. 8 is a schematic diagram of a basic flow of handwriting verification in the present exemplary embodiment;
Fig. 9 is an exemplary diagram of a hardware device that can be applied to the present application.
Detailed Description
The invention provides a full life cycle identification method based on electronic signature. Including electronic data presence authentication, electronic data authenticity authentication, and handwriting authentication. And finally, effective and powerful identification evidence is provided for the electronic file in judicial identification, so that the credibility and the creditability of the electronic data are enhanced. And verifying the authenticity and validity of the electronic signature and the right-stamping electronic file in the judicial authentication procedure.
Embodiments of the present application will be described in more detail below with reference to the accompanying drawings. While the application is susceptible of embodiment in the drawings, it is to be understood that the application may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided to provide a more thorough and complete understanding of the application. It should be understood that the drawings and embodiments of the application are for illustration purposes only and are not intended to limit the scope of the present application.
The steps recited in the method embodiments of the present application may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the application is not limited in this respect.
The term "including" and variations thereof as used herein are intended to be open-ended, i.e., including, but not limited to. The term "based on" is based at least in part on. The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments. Related definitions of other terms will be given in the description below. It should be noted that the terms "first," "second," and the like herein are merely used for distinguishing between different devices, modules, or units and not for limiting the order or interdependence of the functions performed by such devices, modules, or units.
It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those skilled in the art will appreciate that "one or more" is intended to be construed as "one or more" unless the context clearly indicates otherwise.
The names of messages or information interacted between the devices in the embodiments of the present application are for illustrative purposes only and are not intended to limit the scope of such messages or information.
FIG. 1 is a schematic diagram of an electronic document authentication flow based on judicial views in an exemplary embodiment of the application, including electronic data presence authentication, electronic data authenticity authentication, and electronic handwriting authentication. Verifying the existence of the electronic file through data certification and certification chain and checking; the signature handwriting identification is completed by carrying out tamper-free verification, digital signature validity verification, handwriting picture consistency verification, stamping picture consistency verification and trusted time stamp verification on an original file, verifying the authenticity of electronic data, determining that the electronic file is valid, and carrying out comparison identification and identification analysis on information extracted from the electronic file as a detection material and a sample of a sample database on the premise that the electronic file exists and is valid. And generating an identification report according to the identification result, and judging whether the electronic file is legal and effective.
Carrying out the existence authentication of the electronic data based on a chained evidence-storing platform, adding signed information on the premise of not changing the file structure, and completing the authenticity authentication of the electronic data based on the signed information; the handwriting identification is completed by adding electronic signature and expansion information related to the seal on the premise of not changing the file structure. The method specifically comprises the following steps:
identification of the presence of electronic data: in the authentication process, the flow path and operational records of the digital data of the electronic file are tracked and analyzed to determine the source, process, and related operations of the data.
The present exemplary embodiment proposes to construct a certification platform to record operations such as creation, data modification, deletion, duplication, etc. of an electronic file, and transmission and storage trajectories of data between different systems, devices, or networks.
In the business handling process, any deterministic operation event, such as the confirmation protocol, application submission and signature confirmation of the applicant, can be called by a client manager to submit operation, and the operation event is stored by the behavior verification service of the evidence service platform.
Specifically, the certification platform can use the business certification including chain storage, behavior certification and certification event to make detailed record. The certification information of the business certification may include: the certification authority, the certification channel (generated by what service system), the service serial number, the operation event, the operator, the operation time, the service description, the certification ip, the certification site, the certification mac address, the certification carrier (pc, app), the certification equipment information and the like. If a business is handled as a business deposit certificate, a corresponding business deposit certificate is determined by a business serial number, each link corresponds to a behavior deposit certificate, a plurality of times of deposit certificates form a plurality of behavior deposit certificates, a deposit certificate event is determined by an operation event in each link, and a deposit certificate chain of the business is formed according to the operation time sequence. The service handling end-to-end node is traced back through the unique identification of the service serial number, the certificate storage information of the certificate storage is grouped according to the nodes, and the node information, the operator information, the evidence information and the like of the whole service certificate storage life cycle are displayed one by one according to the operation time sequence.
And (5) authenticating the authenticity of the electronic data. Adding an expansion domain and a signing domain in an electronic file, wherein the expansion data added in the expansion domain comprises original data, auxiliary certificate data and display bit data (display bits comprise original handwriting signature pictures, fingerprint printing pictures, signature pictures and the like); the signing domain adds signing information (including the original text hash calculated by SM 3), the cryptographic public key and time, and the signature value obtained after calculating the digital signature for the signing information, and finally adds the trusted timestamp. And carrying out electronic data authenticity identification verification on the electronic file according to the added field information. In particular, a method may be employed which includes,
Acquiring an electronic file to be authenticated, removing signature information from the electronic file, calculating an electronic file hash value from which the signature information is removed, comparing the electronic file hash value with an original text hash value, verifying whether the electronic file to be authenticated is tampered, and if the electronic file hash value from which the signature information is removed is consistent with the original text hash value, indicating that the electronic file to be authenticated is not tampered;
Extracting relevant signing information from the electronic file to be authenticated to verify whether the signature is valid or not, verifying the validity of the digital signature, and ensuring the credibility of the data source; verifying the original text hash and the signature value comprising the time stamp, performing trusted time stamp verification, and finally extracting trusted time; the consistency of handwriting pictures and printing pictures is verified, and the method specifically comprises the following steps: and verifying the consistency of the handwriting display position and the signed appearance handwriting, and verifying the consistency of the seal display position and the seal appearance. The handwriting display position stores handwriting pictures generated by handwriting point position data, and the handwriting pictures are invisible to a user in the file. The signed visual picture is then displayed on the document, visible to the user.
And (5) handwriting identification. The identification system acquires a plurality of pieces of material detection data and a plurality of pieces of sample data which pass through the existence and the authenticity verification of the electronic file, respectively detects the samples and the material detection, compares and detects the samples and the material detection, and the algorithm module performs multidimensional analysis according to the detection data, outputs judicial identification reports and identification conclusions, and realizes the human-computer collaborative identification.
An electronic file data structure for judicial authentication according to the present exemplary embodiment is shown in fig. 2.
And adding extension data and signature information into the original document of the electronic document, wherein the signature comprises signature, stamp and signature. The key fields of signing information for electronic data authenticity verification include: original handwriting signature, original text HASH, password public key, signing time, signature value, fingerprint seal, original text HASH, password public key, signing time and signature value; the key fields of the expanded data for handwriting authentication include: the method comprises the steps of operating an operating entity, operating entity identification, operating entity name, operating entity identity card type, operating entity identity card HASH, original handwriting signature, handwriting signing duration, handwriting data (xypt), handwriting data HASH, handwriting picture, fingerprint seal and fingerprint picture.
1. Signing information data structure
The signing information data structure is divided according to the file signing event, and three common event types include: original handwriting signature, fingerprint seal and electronic signature, and the signature domain is increased on the premise of not changing the file structure of the original file. Original handwriting signature, fingerprint seal and electronic signature. The original handwriting signature and the signature information structure of the seal are the same, and mainly comprise: the original text HASH, the HASH value calculated according to the data after the signature information is removed after the document is signed is taken as the original text HASH, and the document after signature or seal printing and the original Wen Haxi value are solidified in a first field of the signature information; the identification ID of the password public key is used as a second field of signing information, and the password public key can be obtained from the password service through the identification ID and used for subsequent signature verification; the third field of the signing information is the time of signing. Based on the above signed information field, the cryptographic service unit is invoked to calculate a signature value for deposit in the fourth field, e.g. based on the above signed information field, the signature value is calculated at SM 9. And finally, calculating the trusted time stamp, and placing the obtained trusted time stamp in the last row.
The hash is used to protect the original file and the extension data from tampering. The signature value is a protection hash of the device,
In the process of verifying the authenticity of the electronic file, the validity or/and the legality of the fields are verified one by one according to the signed information structure and related partial contents. Wherein the public key and the digital signature value are items that must be verified.
2. Data structure of extended data
The extension data includes: an operation entity, an original handwriting signature, a fingerprint, a seal, and the like.
The key fields included in the operation entity include an operation entity identification, an identity card type and an identity card hash value. Setting a value for uniquely identifying the operation entity, including the name or identifier of the operation entity, which may be the name of a person or the name of an organization; indicating the value of the identity card type used by the operation entity as the identity card type of the operation entity; the hash value obtained by performing hash calculation on the identity card information of the operation entity is used as the hash value of the identity card of the operation entity, and the hash value of the identity card is generally used for protecting privacy and safety so as to avoid directly storing sensitive information.
The key fields included in the original handwriting signature comprise the duration of signing the handwriting, handwriting characteristic data, encrypting to generate a handwriting data hash value and handwriting pictures. And recording the time difference between the initial pen lifting and the final pen lifting in the signing process as handwriting time, wherein the handwriting characteristic data comprises, but is not limited to, the abscissa and the ordinate of sampling points, the pen pressure and the time difference (x, y, p and t) between each sampling point, and encrypting the handwriting characteristic data to generate handwriting data hash values. The handwriting point location data is used for calculating and displaying the signing result and subsequent verification.
The fingerprint and the seal only comprise the fingerprint of the display position and the seal picture.
According to the electronic file data structure, the data structure and the change in the whole process of generating, transmitting and storing the electronic file are retrospectively analyzed, the electronic file full life cycle identification system is designed, and the electronic file full life cycle is monitored. The method comprises the steps that a chained evidence-storing platform is built, the existence identification of an electronic file is completed based on inquiry of an evidence-storing link, and an authenticity verification module completes the authenticity identification of the electronic file based on file non-falsification verification, digital signature validity verification, handwriting display result and original handwriting consistency verification and trusted timestamp verification; the original handwriting verification unit analyzes the electronic file to obtain a file signed appearance picture, a signature picture and/or a seal picture, and consistency verification of the displayed handwriting and the original handwriting is completed.
Fig. 3 shows a data layer architecture of the electronic file presence authentication chained authentication platform in the present exemplary embodiment. The chained document storage platform records all operation behaviors of the electronic document from generation to archiving, including what operation is performed on the document by what person and from what place the document is sourced. The chain type evidence storage platform provides the functions of business evidence storage, node evidence storage and event evidence storage, forms an event for each operation of the electronic file, the event is used as a minimum unit in the evidence storage system, a plurality of events can be used as one submission of a user, each submission generates one evidence storage node report, and the business evidence storage stores all evidence storage node reports in a chain type structure according to time sequence. The chain structure is stored as chain service information evidence, for example, original text HASH is calculated according to original text of the electronic file, HASH1 is generated through a first event, HASH2 is generated through a second event calculation, and HASHn is generated through n events. All signature bits HASH and data signature HASH are calculated for a node certification report comprising a series of events, each event is protected by calculating a HASH for a series of events, and if someone tampers with an operational event, verification can be performed by the HASH. The evidence-preserving field structure of the evidence-preserving platform comprises: original text HASH, cryptographic public key, operation subject information, forensic event HASH (including original handwriting signature, fingerprint signature, content viewing, endorsement, etc.).
The service certificate is stored, a service chain reflects the life cycle of the file from generation to archiving, wherein key fields of the service certificate are provided with a service number, a service name, a certificate storing time and a certificate storing main body name, the service number corresponds to the certificate storing nodes, the number of the service certificate storing nodes is the same as the number of times the electronic file is operated, the number of times the electronic file is operated is determined through the number of the nodes, and the service name, the certificate storing time and the certificate storing main body are related.
Each evidence-storing node is each time the operation main body submits the operation of the electronic file, the node records all events submitted this time downwards, and the whole flow of the file business operation processing can be checked in the business evidence-storing according to the evidence-storing number upwards. Each node certificate will form a data certificate HASH, and the next node HASH value is generated according to the current certificate HASH to form a chain evidence chain. The key field of node certificate records operation subject information and certificate behavior information, and the key field includes certificate subject (certificate number of operation subject, certificate type, platform code, real name information, subject name, etc.), and certificate behavior information (certificate number, service stage occurrence time, whether chain data, custom extension field, stage name, stage number, service stage description, etc.).
Event evidence storage, namely recording an evidence storage main body, an evidence storage platform, an operation main body and event operation type information of the electronic file as events in detail to a chain type evidence storage platform, wherein the event operation types are various, such as signature, annotation, seal and the like. The event certification can be operated in a single or batch mode, the event number is set to be associated with the node certification number, the node to which the event belongs can be checked through the event number, and then the service chain is queried through the certification number of the node. And in the authentication process, the tracing and the checking of the event operation evidence information in the whole life cycle of the electronic file are realized. The event evidence critical field comprises auxiliary evidence data: such as evidence storage address, evidence data, evidence type-enumeration class (1: picture, 2: audio, 3: video, 4: file, 5: metadata, 6: composition), file Id, file name, associated evidence stream, etc.
And completing the business certification, node certification and event certification of the electronic file through a certification platform, and inquiring a certification link to realize the existence identification of the electronic file. Completing the presence authentication of the electronic file by means of the inquiry of the certification link comprises the following steps: evidence generation, storage and checking:
Evidence data is generated for the full life cycle data evidence storage of the electronic file, and the evidence storage platform solidifies and encrypts and stores the electronic data (such as contracts, web pages, photos, audio recordings, video recordings, files and the like) of the user in real time, and can further form electronic evidence with legal effectiveness by combining the evidence storage platform with an authoritative notarization department or a blockchain platform;
Forming a certification-storing link, wherein the node records all events submitted at the time downwards, records the whole flow of the file business operation processing upwards, generates the certification-storing link, and provides the whole flow tracing and checking of certification-storing data and the association relation of the certification-storing data and other data for the user. The reliability and the reliability of the verification data are enhanced through the verification link, and the overall view of the verification data is clearly known.
The evidence-storing platform generates a detailed file of the electronic file data, the evidence-storing process and the result according to the generated evidence-storing data and the evidence-storing link, and a user can check and verify whether the electronic file to be identified exists in the form of an evidence file by inputting the evidence-storing file or other modes on-line inquiring and checking the electronic data which is already stored.
The electronic file authenticity identification comprises file non-falsification verification, digital signature validity verification, handwriting display result and original handwriting consistency verification and trusted timestamp verification.
Fig. 4 is a schematic diagram showing a file non-falsification verification flow in the present exemplary embodiment.
The HASH value of the electronic file to be identified is the same as the HASH value of the original text under the condition that the electronic file is complete and not tampered, otherwise, the HASH value of the electronic file to be identified is different. Acquiring an original text HASH by analyzing the signing information of the electronic file; rejecting the signed information in the file, calculating HASH values except signature bit signed information, and calculating HASH except signed information of the file by using SM3 algorithm; and comparing the original HASH with the HASH value calculated after the signature information is removed, if the HASH value is one, proving that the electronic file is not tampered, otherwise, tampering the electronic file.
As shown in fig. 5, which is a schematic diagram of a digital signature validity verification flow in the present exemplary embodiment, the validity of the digital signature may be optionally verified at the server side or the local side, and the signature verification may be performed using SM 9. Specifically, the validity of the digital signature can be verified at the server side or the local side. (besides the cryptographic algorithm SM9 is used for verifying the validity of the electronic signature, an asymmetric cryptographic algorithm such as SM2 RSA can also be used.
Embodiment 1, the validity of the digital signature is verified at the server side using SM 9. Analyzing the electronic file, and acquiring an electronic file identification ID, an original text hash and a signature value from the signed information; taking the identification ID, the original text hash and the signature value as parameters to construct a password service request; sending a password service request to an SM9 server side; after receiving the password service request, the SM9 server side processes the request, calls an SM9 algorithm module to verify, and verifies whether the original text HASH and the signature value in the password request are consistent with the file HASH and the signature value corresponding to the file identifier. The SM9 server side completes signature validity judgment and returns whether the signature is valid or not.
Example 2, the validity of the digital signature was verified at the home using SM 9. Analyzing the electronic file, and acquiring a file identification ID, a signature value and an original text hash from the signed information; acquiring a main public key from a password service request; calculating to obtain a user public key according to the file identification ID and the master public key; and taking the public key, the signature value and the original text hash value of the user as input parameters to input into a local verification module, and calling a local SM9 signature verification algorithm module to carry out signature verification so as to verify whether the electronic signature is valid.
Fig. 6 is a diagram showing the result of handwriting display and verification of original handwriting consistency in the present exemplary embodiment. And analyzing the electronic file to obtain signature point data or a signature original picture, and comparing the signature point data or the signature original picture with the signed appearance on the file. And judging whether the signed appearance is tampered or not. The signed appearance picture is a signature picture visible on the file, and the signature picture is a picture generated by calculating point location information acquired during signature. Not visible on the file.
Extracting a display bitmap film from the file expansion data to be identified to obtain a signature picture and a printing picture; and comparing the pixel data of the signed appearance picture and the pixel data of the expansion data display bit picture obtained by analysis, if the pixel data of the signed appearance picture and the pixel data of the expansion data display bit picture are consistent, the signature and the seal are effective, otherwise, the signature and the seal are ineffective.
Fig. 7 is a schematic diagram of a trusted timestamp verification flow according to an exemplary embodiment of the present application, including:
Analyzing the electronic file, and acquiring an original text hash, a signature value and file identification time from the signed information; and carrying out original text HAHS and digital signature validity verification. Specifically, the original text HASH is obtained by analyzing the signing information of the electronic file; rejecting the signed information in the file, calculating HASH values except signature bits, and calculating HASH of the file except the signed information by using an SM3 algorithm; the original text HASH is compared with the calculated HASH value, such as HASH value one to one, and the file is proved not to be tampered, otherwise, the file is tampered. Verification of digital signature validity in the foregoing exemplary embodiments of the present application may be employed, and verification of digital signature validity may optionally be performed at the server side or the local side, and may be accomplished using SM 9. After the verification of the untampered property of the electronic file and the verification of the validity of the digital signature are passed, the credibility of the timestamp is explained, the credibility time is extracted from the file which passes the verification, and the credibility time and the file identification time are obtained by analyzing the signed information; and comparing the extracted trusted time with the identified time, and verifying the validity of the identified time, wherein if the time is consistent, the identified time passes verification, and if the time is inconsistent, the identified time is invalid.
The identification system acquires the electronic file to be detected, analyzes the electronic file to be detected, extracts handwriting data in the extension data, extracts handwriting sample data from the sample, and the handwriting identification module compares the electronic file to be detected and the sample signature handwriting data, verifies handwriting and judges whether the signature is effective. The handwriting identification module can calculate and analyze the handwriting data to be detected by adopting methods such as algorithm verification, clustering, preprocessing, feature calculation, signature attribute calculation and the like, for example, the analysis report of the handwriting data of the file to be detected and the sample handwriting data is obtained by comparing and analyzing point features, pen-in-pen features, structure collocation features, integral style features and writing structure features of the electronic signature handwriting, and effective evidence is provided for judicial identification.
Fig. 8 is a schematic diagram showing a basic flow of handwriting verification in the present exemplary embodiment. Comprising the steps of (a) a step of,
Analyzing the electronic file to extract handwriting data in the extension data as a detection material; an algorithm module is called to check the extracted handwriting data, so that the accuracy and the integrity of the acquired data are ensured; preprocessing the extracted handwriting data, including noise removal, smoothing and the like, so as to improve the effect of subsequent analysis; calculating the signature attribute based on the extracted handwriting data, wherein the calculating the signature attribute comprises: length of signature, curve characteristics, etc.; clustering signature handwriting data, classifying similar signatures into one type, and further analyzing and comparing according to the clustering; calculating the characteristics of the signature, including calculating specific characteristics such as handwriting point characteristics, stroke and fortune pen characteristics, structure collocation characteristics, integral style characteristics, writing structure characteristics and the like; and the analysis module performs multidimensional analysis and comparison according to the characteristics of the detection and sample-remaining sample to generate a handwriting identification report. And providing judicial identification expert for reference to obtain an identification conclusion.
Referring to fig. 9, a block diagram of an electronic device 300 that may be a server or a client of the present application will now be described, which is an example of a hardware device that may be applied to aspects of the present application. Electronic devices are intended to represent various forms of digital electronic computer devices, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other suitable computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the applications described and/or claimed herein.
As shown in fig. 9, the electronic device 300 includes a computing unit 301 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM) 302 or a computer program loaded from a storage unit 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data required for the operation of the device 300 may also be stored. The computing unit 301, the ROM 302, and the RAM 303 are connected to each other by a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
Various components in the electronic device 300 are connected to the I/O interface 305, including: an input unit 306, an output unit 307, a storage unit 308, and a communication unit 309. The input unit 306 may be any type of device capable of inputting information to the electronic device 300, and the input unit 306 may receive input numeric or character information and generate key signal inputs related to user settings and/or function controls of the electronic device. The output unit 307 may be any type of device capable of presenting information and may include, but is not limited to, a display, speakers, video/audio output terminals, vibrators, and/or printers. Storage unit 308 may include, but is not limited to, magnetic disks, optical disks. The communication unit 309 allows the electronic device 300 to exchange information/data with other devices through a computer network, such as the internet, and/or various telecommunications networks, and may include, but is not limited to, modems, network cards, infrared communication devices, wireless communication transceivers and/or chipsets, such as bluetooth devices, wiFi devices, wiMax devices, cellular communication devices, and/or the like.
The computing unit 301 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 301 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 301 performs the respective methods and processes described above. For example, in some embodiments, the reconstruction and decomposition of the muscle movement trajectories of the signature strokes as they are re-plotted from their original trajectories, the decomposition of their log velocity profiles, and the like may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as the storage unit 308. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 300 via the ROM 302 and/or the communication unit 309. In some embodiments, the computing unit 301 may be configured to perform the signature script dynamic acquisition implementation by any other suitable means (e.g., by means of firmware).
Program code for carrying out methods of the present application may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present application, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
While the applicant has described and illustrated the embodiments of the present invention in detail with reference to the drawings, it should be understood by those skilled in the art that the above embodiments are only preferred embodiments of the present invention, and the detailed description is only for the purpose of helping the reader to better understand the spirit of the present invention, and not to limit the scope of the present invention, but any improvements or modifications based on the spirit of the present invention should fall within the scope of the present invention.
Claims (14)
1. The electronic document full life cycle identification system is characterized by comprising an electronic data existence identification unit, an electronic data authenticity identification unit and an electronic handwriting identification unit, wherein the electronic data existence identification unit constructs an evidence storage platform to record electronic document operation, and data transmission and storage tracks among different systems, devices and networks are used for checking evidence storage data and an evidence storage chain to verify the existence of the electronic document, and the electronic document full life cycle identification system is specifically characterized in that: determining corresponding business evidence by using a business serial number, wherein each operation link corresponds to a behavior evidence, determining evidence-storing events by using operation events in each operation link, forming an evidence-storing chain of the business according to the operation time sequence, providing business evidence-storing, node evidence-storing and event evidence-storing functions by using a chained evidence-storing platform, forming an event for each operation of an electronic file, using the event as a minimum unit in an evidence-storing system, using a plurality of events as one submission of a user, generating an evidence-storing node report for each submission, storing all evidence-storing node reports in a chained structure according to the time sequence of the business evidence-storing, wherein one business evidence-storing chain reflects the whole life cycle of the electronic file, the node records all events submitted at this time downwards, checks the whole flow of business operation processing of the file in the business evidence according to the evidence-storing number, generates an evidence-storing link, records an evidence-storing main body, an evidence-storing platform, an operation main body and an event operation type as events to the chained evidence-storing platform, sets event numbers to be associated with the node evidence-storing numbers, and backtracks a business-handling end to an end node by using the business serial number identification, and displays information in a node according to the time sequence of the evidence-storing operation information and the whole life cycle of the business evidence-storing system; the authenticity identification unit verifies the authenticity of the electronic data by verifying that the original file is not tampered, the digital signature is valid, the handwriting picture and the stamping picture are consistent, and the trusted timestamp; the electronic handwriting identification unit extracts signature handwriting information from an electronic file meeting the verification of existence and authenticity as a detection material to be compared and identified with a sample retention sample, and identifies the signature handwriting as an original handwriting signature.
2. The system of claim 1, wherein the electronic data presence authentication unit tracks and analyzes the flow path and operational record of the digital data of the electronic file based on the chain certification platform to determine the source of the data, the process and the associated operations for electronic file presence authentication; the authenticity identification unit adds signed information to complete the authenticity identification of the electronic data on the premise of not changing the file structure; the electronic handwriting identification unit adds electronic signature and seal related expansion information to complete handwriting identification on the premise of not changing the file structure.
3. The system of claim 1, wherein the forensic platform records operations using business forensics, behavioral forensics, and event forensics including, but not limited to, chain-stored, and calculates all signature bits HASH and data forensics HASH for node forensic reports comprising a series of events.
4. A system according to claim 2 or 3, characterized in that the number of times the electronic file is operated is determined by the number of nodes and the service name, the time of the deposit and the main body of the deposit are associated, wherein a service transaction is taken as a service deposit.
5. A system according to any of claims 1-3, characterized in that the authenticity verification unit adds an extension field and a signing field in the electronic document body, wherein the extension data added in the extension field comprises the original data, the auxiliary data and the presentation bit data, the signing field is added with signing information, a cryptographic public key, time, a signature value obtained by calculating a digital signature for the signing information, and finally a trusted timestamp is added; and (3) according to the added field information, carrying out electronic data authenticity identification, calculating an electronic file hash value for removing signature information, comparing the electronic file hash value with an original text hash value, verifying whether the electronic file is tampered, extracting signature information from the electronic file, verifying the original text hash value and signature value comprising a time stamp, extracting trusted time, and verifying consistency of a handwriting display position and a signature appearance handwriting, and a seal display position and a seal appearance.
6. A system according to any one of claims 1-3, characterized in that the signing information data structure is divided according to the file signing event, the signing domain is added for original handwriting signature, fingerprint seal and electronic signature, the original handwriting signature and seal signing information structure are the same, HASH value calculated by removing the data after signing information is used as original text HASH, the signed or seal-printed file is solidified in the signing information first field, the identification ID of the key is used as the signing information second field, the signing time is the signing information third field, and the cryptographic service unit is called to calculate the signature value according to the above signing information fields and store in the fourth field; the extension data includes: the method comprises the steps of setting a value of an operation entity identifier for uniquely identifying the operation entity, carrying out hash calculation on the identity card information of the operation entity to be used as an operation entity identity card hash value; the key fields included in the original handwriting signature comprise the duration of signing the handwriting, handwriting characteristic data, encrypting to generate a handwriting data hash value and handwriting pictures; the fingerprint and the seal comprise the fingerprint of the display position and the seal picture.
7. A system according to any one of claims 1-3, characterized in that the validity of the digital signature is verified at the server side, the electronic file is parsed, the electronic file identification ID, the original hash and the signature value are obtained from the signed information as parameters, and a cryptographic service request is constructed; sending a password service request to an SM9 server side; the SM9 server side calls an SM9 algorithm module to verify, and verifies whether the original text HASH and the signature value in the password request are consistent with the file HASH and the signature value corresponding to the file identifier.
8. A system according to any one of claims 1-3, characterized in that the validity of the digital signature is verified at the local side, the electronic file is parsed, and the file identification ID, signature value and original hash are obtained from the signed information; acquiring a main public key from a password service request; calculating to obtain a user public key according to the file identification ID and the master public key; and inputting the public key, the signature value and the original text hash value of the user as input parameters into a local verification module, and calling the local signature verification algorithm module to carry out signature verification so as to verify whether the electronic signature is valid.
9. The full life cycle identification method of the electronic file is characterized by comprising the steps of constructing an evidence storage platform by an electronic data existence identification unit to record the operation of the electronic file, and checking the evidence storage data and an evidence storage chain to verify the existence of the electronic file by transmitting and storing tracks of data among different systems, devices and networks, wherein the method is specifically as follows: determining corresponding business evidence by using a business serial number, determining an action evidence by using an operation event in each operation link, forming an evidence-storing chain of the business according to the operation time sequence, providing business evidence, node evidence and event evidence storing functions by using a chain evidence-storing platform, forming an event for each operation of an electronic file, using the event as a minimum unit in an evidence-storing system, using a plurality of events as one submission of a user, generating an evidence-storing node report for each submission, storing all evidence-storing node reports in a chain structure according to the time sequence of the business evidence, wherein one business evidence-storing chain reflects the whole life cycle of the electronic file, the node records all events submitted at this time downwards, checks the whole operation process of the file in the business evidence according to the evidence-storing number upwards, generates an evidence-storing link, records an evidence-storing main body, an evidence-storing platform, an operation main body and an event operation type as events to the chain evidence-storing platform, sets the event number to be associated with the node evidence-storing number, and backtracks a business-handling end to an end node by using a business serial number identifier, and displays information in a node according to the operation time sequence of the evidence-storing information and the whole life cycle of the business evidence-storing information; the authenticity identifying unit is used for identifying the electronic signature as the original handwriting signature by verifying whether the original file is tampered, whether the digital signature is valid, whether the handwriting picture and the stamping picture are consistent and credible timestamp, and extracting signature handwriting information from the electronic file meeting the presence and authenticity verification as a check material and comparing and identifying the signature handwriting information with a reserved sample.
10. The method according to claim 9, wherein the electronic data presence authentication unit tracks and analyzes the circulation path and operation record of the electronic document data based on the chain type certification platform to determine the source, process and related operations of the data for electronic document presence authentication; the authenticity identification unit adds signed information to complete the authenticity identification of the electronic data on the premise of not changing the file structure; the electronic handwriting identification unit adds electronic signature and seal related expansion information to complete handwriting identification on the premise of not changing the file structure.
11. The method of claim 9, wherein all signature bits HASH and data logging HASH are calculated for a node logging report comprising a series of events.
12. Method according to one of the claims 9-11, characterized in that the signing information data structure is divided according to the document signing event, the signing domain is added for the original handwriting signature, the stamp and the electronic signature, the original handwriting signature and the stamp signing information structure are the same, the HASH value calculated by the data after the signing information is removed is used as the original HASH, the signature or the stamp is solidified in the signing information first field, the identification ID of the key is used as the signing information second field, the signing time is the signing information third field, the cryptographic service unit is called to calculate the signature value according to the above signing information fields and stored in the fourth field.
13. An electronic device, comprising: a processor; and a memory storing a program, wherein the program comprises instructions that when executed by the processor cause the processor to perform the electronic file full lifecycle authentication method according to any one of claims 9-12.
14. A non-transitory computer readable storage medium storing computer instructions, wherein the computer instructions are for causing the computer to perform the electronic file full life cycle authentication method according to any one of claims 9-12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311399460.1A CN117390695B (en) | 2023-10-26 | 2023-10-26 | Electronic file full life cycle identification system, method, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311399460.1A CN117390695B (en) | 2023-10-26 | 2023-10-26 | Electronic file full life cycle identification system, method, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117390695A CN117390695A (en) | 2024-01-12 |
| CN117390695B true CN117390695B (en) | 2024-10-22 |
Family
ID=89464524
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311399460.1A Active CN117390695B (en) | 2023-10-26 | 2023-10-26 | Electronic file full life cycle identification system, method, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117390695B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106815716A (en) * | 2016-12-31 | 2017-06-09 | 重庆傲雄在线信息技术有限公司 | A kind of electronic record file forming method and system |
| CN110598460A (en) * | 2019-09-27 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain-based electronic signature method and device and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110868300B (en) * | 2019-05-17 | 2023-08-11 | 北京安妮全版权科技发展有限公司 | Block chain evidence-storing method and system |
| CN112597545B (en) * | 2020-12-28 | 2024-04-12 | 山西云时代研发创新中心有限公司 | Medical electronic contract evidence-preserving method based on blockchain technology |
| CN113886860B (en) * | 2021-12-06 | 2022-03-29 | 确信信息股份有限公司 | Electronic data security system and method based on mobile terminal |
| CN116128686A (en) * | 2022-07-08 | 2023-05-16 | 重庆市荣昌区公安局 | Remote inquiry system, method and storage medium based on signature handwriting document encryption |
-
2023
- 2023-10-26 CN CN202311399460.1A patent/CN117390695B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106815716A (en) * | 2016-12-31 | 2017-06-09 | 重庆傲雄在线信息技术有限公司 | A kind of electronic record file forming method and system |
| CN110598460A (en) * | 2019-09-27 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain-based electronic signature method and device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117390695A (en) | 2024-01-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108076057B (en) | Data security system and method based on block chain | |
| CN108206831B (en) | Electronic seal realization method, server, client and readable storage medium | |
| CN114586315A (en) | Decentralized data authentication | |
| CN109978688A (en) | The access control method and its contract generator and server of distributed common recognition system | |
| US20160021111A1 (en) | Method, Terminal Device, and Network Device for Improving Information Security | |
| CN102724044A (en) | Electronic evidence verification and preservation method | |
| CN103617402B (en) | A kind of multimedia electronic data forensic report and generation, methods of exhibiting and system | |
| WO2020143318A1 (en) | Data verification method and terminal device | |
| CN111259439B (en) | Intangible asset management service platform based on block chain and implementation method thereof | |
| CN115952560B (en) | Method, system, equipment and medium for verifying authenticity of electronic archive file based on original handwriting signature | |
| CN114172663B (en) | Business right determining method and device based on block chain, storage medium and electronic equipment | |
| CN117313122A (en) | Data sharing and exchanging management system based on block chain | |
| CN113610526A (en) | Data trust method and device, electronic equipment and storage medium | |
| CN112487042B (en) | Electric energy metering data processing method, device, computer equipment and storage medium | |
| CN111769956B (en) | Service processing method, device, equipment and medium | |
| CN109818965B (en) | Personal identity verification device and method | |
| CN103647650B (en) | Rule definition based automatic signature/signature verification device and method | |
| CN110598374B (en) | Block chain-based work registration method, apparatus and computer-readable storage medium | |
| CN117390695B (en) | Electronic file full life cycle identification system, method, equipment and medium | |
| CN113364763A (en) | Verifiable statement generation method and device, electronic equipment and storage medium | |
| CN113285934B (en) | Method and device for detecting IP (Internet protocol) of server cryptographic machine client based on digital signature | |
| CN113111283B (en) | Forensic server, forensic server method, storage medium, and program product | |
| CN109271811B (en) | Group signature-based electronic material evidence tamper-proof storage method | |
| WO2016172986A1 (en) | Data authentication method, device and system, and computer storage medium | |
| CN111260528B (en) | Real estate information verification method based on asymmetric algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: 401121 no.17-1, building 13, No.106, west section of Jinkai Avenue, Yubei District, Chongqing Applicant after: Chongqing Sign Digital Technology Co.,Ltd. Address before: 401121 no.17-1, building 13, No.106, west section of Jinkai Avenue, Yubei District, Chongqing Applicant before: CHONGQING AOS ONLINE INFORMATION TECHNOLOGY CO.,LTD. Country or region before: China |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |