技术领域technical field
本发明属于信息安全的消息鉴别(message authentication)与抗抵赖(non-repudiation)技术领域,特别是一种面向电子记录的证据管理与服务系统。The invention belongs to the technical field of message authentication and non-repudiation of information security, in particular to an electronic record-oriented evidence management and service system.
背景技术Background technique
随着网络与信息技术的发展,目前存在各种通过互联网提供特定服务的应用系统,如网上购物、交易、招投标、支付等系统,它们由特定的服务提供商或运营商负责运行。这些网络应用系统在提供服务的过程中会产生大量的电子记录数据,如订单、合同、标书、支付凭证等。这些电子记录的重要用途之一是在出现纠纷时作为法律证据。但是,由于电子记录本身的特点,其作为有效的法律证据还有许多问题有待解决,比如,由于电子记录易于伪造和篡改,因此,如何确定其原发性、真实性(即是否是真实存在的)和完整性(是否被伪造),如何确定、证实其源发者(是谁产生、提交的)、参与者(记录的产生过程中有谁参与了),并使得记录的源发者、参与者无法抵赖该记录由其产生、有其参与,都是需要解决的重要问题。确定电子记录的原发性、真实性和完整性属于消息鉴别的问题,确定、证实其源发者、参与者使其无法抵赖其行为属于抗抵赖问题。目前,对于电子数据,解决这两个问题的最有效手段是数字签名(digital signature)。With the development of network and information technology, there are various application systems that provide specific services through the Internet, such as online shopping, transaction, bidding, payment and other systems, which are operated by specific service providers or operators. These network application systems will generate a large amount of electronic record data in the process of providing services, such as orders, contracts, bidding documents, payment vouchers, etc. One of the important uses of these electronic records is as legal evidence in the event of a dispute. However, due to the characteristics of electronic records themselves, there are still many problems to be solved as effective legal evidence. ) and integrity (whether it has been forged), how to determine and verify its originator (who generated and submitted it), participant (who participated in the generation process of the record), and make the originator and participant of the record It is impossible for the reader to deny that the record was produced and participated in by him, which are important issues that need to be resolved. Determining the originality, authenticity and integrity of electronic records is a matter of message identification, and determining and verifying its originator and participants so that they cannot deny their actions is a matter of non-repudiation. At present, for electronic data, the most effective means to solve these two problems is digital signature.
数字签名是建立在公开密钥加密技术基础上的一种安全技术,它能鉴别和保证电子数据的原发性、真实性和完整性,并提供抗抵赖的证据。而公开密钥加密技术又是建立在公开密钥加密算法基础上的一种密码技术。公开密钥加密算法又称为非对称密钥加密算法,它使用一对密钥进行信息加密、解密,其中一个不公开,称为私钥,由密钥对的拥有者(或实体)安全保存,可用于数字签名(或信息解密);另一个公开发布,称为公钥,任何人都可通过一定的途径获得,可用于数字签名的验证(或信息加密)。Digital signature is a security technology based on public key encryption technology, which can identify and guarantee the originality, authenticity and integrity of electronic data, and provide evidence of non-repudiation. The public key encryption technology is a cryptographic technology based on the public key encryption algorithm. Public key encryption algorithm is also known as asymmetric key encryption algorithm, which uses a pair of keys to encrypt and decrypt information, one of which is not public, called the private key, which is kept safely by the owner (or entity) of the key pair , which can be used for digital signature (or information decryption); the other is publicly released, called public key, which can be obtained by anyone through certain channels and can be used for digital signature verification (or information encryption).
数字签名具有如下特性:1)只有私钥的拥有者才能对数据签名,而任何人都可以用公钥验证签名的有效性;2)对原数据的任何修改,都使得签名验证失败,从而能鉴别和保证数据的完整性,确定数据的真实性,及发现针对被签名数据的任何篡改;3)签名值无法伪造,即其他人都无法伪造私钥拥有者的数字签名而能被公钥验证通过,换言之,如果某个数字签名被公钥验证通过,是有效的,那么,就可以确定这个签名一定是由私钥拥有者实施的,数据一定来自于、产生于私钥拥有者,从而能确定数据的原发性及源发者(或参与者),实现抗抵赖的目的。目前最常用的非对称密钥加密算法有RSA、DSA和ECC椭圆算法(elliptic curve cryptography,ECC)。Digital signatures have the following characteristics: 1) Only the owner of the private key can sign the data, and anyone can use the public key to verify the validity of the signature; 2) Any modification to the original data will make the signature verification fail, so that Identify and ensure the integrity of the data, determine the authenticity of the data, and discover any tampering with the signed data; 3) The signature value cannot be forged, that is, no one else can forge the digital signature of the private key owner and can be verified by the public key Passed, in other words, if a digital signature is verified by the public key and is valid, then it can be determined that the signature must be implemented by the owner of the private key, and the data must come from and be generated by the owner of the private key, so that Determine the originality and source (or participant) of the data to achieve the purpose of non-repudiation. Currently the most commonly used asymmetric key encryption algorithms are RSA, DSA and ECC elliptic algorithm (elliptic curve cryptography, ECC).
基于公开密钥加密算法的数字签名技术真正要获得应用,还必须解决公钥的安全发布问题。为了实现公钥的安全、可靠发布,防止假冒,人们提出了公开密钥基础安全技术体系,即Public KeyInfrastructure(PKI)。在PKI中,由一个称为证书认证机构(Certification Authority,CA)的实体通过一个证书认证系统(称为CA系统)为公开密钥对的拥有者签发数字证书(简称证书)。数字证书是一组电子信息,它上面有公钥、公钥拥有者名称(主体名Subject Name)、证书签发者名称(Issuer Name,即证书认证机构)、证书序列号、证书密钥用途等信息,并由证书认证机构的私钥数字签名,该签名的有效性可经证书认证机构的公钥验证(证书认证机构的公钥也是通过一种特定的、称为CA证书的公钥证书发布,并可通过一定的安全途径获得)。通过数字证书可实现公钥(或公开密钥对)与密钥对拥有者(私钥)的有效绑定。If the digital signature technology based on the public key encryption algorithm is to be applied, the issue of public key security release must be solved. In order to realize the safe and reliable release of the public key and prevent counterfeiting, people have proposed the public key basic security technology system, that is, Public Key Infrastructure (PKI). In PKI, an entity called a Certificate Authority (CA) issues a digital certificate (referred to as a certificate) for the owner of a public key pair through a certificate authentication system (called a CA system). A digital certificate is a set of electronic information on which there are information such as the public key, the name of the owner of the public key (Subject Name), the name of the certificate issuer (Issuer Name, that is, the certificate certification authority), the serial number of the certificate, and the purpose of the certificate key. , and digitally signed by the private key of the certification authority, the validity of the signature can be verified by the public key of the certification authority (the public key of the certification authority is also issued through a specific public key certificate called a CA certificate, and can be obtained through certain secure channels). The effective binding of the public key (or public key pair) and the key pair owner (private key) can be realized through digital certificates.
有了数字证书后,就能安全地实现电子数据的数字签名和签名验证:任何人都可以通过一定的安全途径产生一个公开密钥对,然后向CA认证机构申请、签发一张包含有公钥及公钥拥有者信息的数字证书,然后用证书对应的私钥对数据签名;任何其他人都可以通过公开途径安全地获得签名者的证书,然后用证书上的公钥验证数字签名的有效性。With the digital certificate, the digital signature and signature verification of electronic data can be safely realized: anyone can generate a public key pair through a certain secure way, and then apply to the CA certification authority to issue a certificate containing the public key. and the digital certificate of the public key owner information, and then use the private key corresponding to the certificate to sign the data; anyone else can safely obtain the signer's certificate through public channels, and then use the public key on the certificate to verify the validity of the digital signature .
目前,包括中国在内的许多国家都颁布了电子签名法,从而在法律上确定了数字签名的法律有效性和地位。因此,通过电子记录的数字签名,能够解决电子记录作为证据在原发性、真实性和完整性,以及抗抵赖能力等方面面临的问题,从而使得电子记录能够成为真正有效的法律证据。At present, many countries, including China, have promulgated electronic signature laws, thus legally determining the legal validity and status of digital signatures. Therefore, the digital signature of electronic records can solve the problems faced by electronic records as evidence in terms of originality, authenticity, integrity, and non-repudiation capabilities, so that electronic records can become truly effective legal evidence.
电子记录根据其数据格式及其数据存储方式有多种不同的形式,不同形式的电子记录的数字签名方式会有所不同,总地说来电子记录常见的形式有这么几种:文件型记录、表单型记录、表单+文件混合型记录。There are many different forms of electronic records according to their data formats and data storage methods. The digital signature methods of different forms of electronic records will be different. Generally speaking, there are several common forms of electronic records: file records, Form type record, form+file mixed type record.
文件型记录,即以电子文件形式存在的记录,如以Word文件、Excel文件、PDF文件等形式存在的记录,这种形式的记录的特点是:不但记录的内容有格式(根据内容需要定义、组织的内容格式),而且,文件数据本身往往有专门的文件格式或数据结构(如Word、PDF属于格式文件);对于文件型记录的数字签名,其签名数据(即签名结果)通常是嵌入到文件数据结构本身之中,如结合电子图章嵌入到Word文档中(称为电子签章),具体嵌入方法可以是(由相应的数字签名应用开发商)自定义的(如Word电子签章)或者采用标准方法(如PDF文档的数字签名)。File-type records, that is, records in the form of electronic files, such as records in the form of Word files, Excel files, PDF files, etc. The characteristics of this form of records are: not only the content of the record has a format (defined according to the needs of the content, content format of the organization), and the file data itself often has a special file format or data structure (such as Word, PDF belongs to the format file); for the digital signature of the file record, its signature data (that is, the signature result) is usually embedded in the In the file data structure itself, if an electronic seal is embedded into a Word document (called an electronic signature), the specific embedding method can be customized (by the corresponding digital signature application developer) (such as a Word electronic signature) or Use standard methods (such as digital signatures for PDF documents).
表单(Form)型记录,由多个记录字段(field)组成,每个字段描述了对应对象或事物的一个属性(attribute),如描述一个人的记录通常包含有名字(name)、性别(sex)、年龄(age)等字段用于描述一个人的相关属性(特性)。表单(Form)型记录通常保存在关系数据库中(relational database),这时表单型记录的每个字段与数据库表(table)的某个字段或列(field or column)对应,并由其保存数据;一个表单型记录可能保存在多张数据库表中,与一条或多条数据库记录(database record)对应;由于这种记录数据通常与信息系统中人机交互界面中的、称为表单(Form)的输入输出数据对应,因此称为表单型记录;对表单型记录的全部或部分数据(即全部或部分字段)可以进行数字签名,在对表单型记录进行签名时,通常将要数字签名的记录数据内容(即被签名的记录字段)以name1=value1&name2=value2...“名值对”的形式表示,其中的name1、name2...对应记录一个字段名(或字段ID),value1、value2...对应字段中存放的值,然后对该名值对数据进行数字签名(即计算散列值,然后对散列值使用私钥加密);在表单型记录中,签名数据(即签名结果)本身又通常作为记录的一个字段保存在记录中(该存放签名数据的字段称为数字签名字段、简称签名字段),且一条记录可以有多个数字签名字段,而数字签名可以嵌套,即一个数字签名字段所对应的数字签名内容(即名值对)可以包含其他的数字签名字段(的数据)。Form (Form) type records are composed of multiple record fields (fields), and each field describes an attribute (attribute) of a corresponding object or thing. For example, a record describing a person usually includes a name (name), gender (sex) ), age (age) and other fields are used to describe the relevant attributes (characteristics) of a person. Form (Form) type records are usually stored in a relational database (relational database), at this time each field of the form type record corresponds to a certain field or column (field or column) of the database table (table), and the data is saved by it ;A form-type record may be stored in multiple database tables, corresponding to one or more database records; because this record data is usually associated with the human-computer interaction interface in the information system, it is called a form (Form) The input and output data correspond to each other, so it is called a form record; all or part of the data (that is, all or part of the fields) of the form record can be digitally signed. When signing a form record, the record data to be digitally signed is usually The content (that is, the signed record field) is expressed in the form of name1=value1&name2=value2..."name-value pair", where name1, name2... correspond to a field name (or field ID) of the record, value1, value2. ..The value stored in the corresponding field, and then digitally sign the data for the name value (that is, calculate the hash value, and then encrypt the hash value with a private key); in the form record, sign the data (that is, the signature result) It is usually saved in the record as a field of the record (the field storing the signature data is called the digital signature field, referred to as the signature field), and a record can have multiple digital signature fields, and digital signatures can be nested, that is, a The digital signature content (that is, the name-value pair) corresponding to the digital signature field may contain other digital signature fields (data).
表单+文件混合型记录,对于这种形式的电子记录,它的部分数据以表单型记录形式存在(表单型记录数据部分),并通常保存在关系数据库中,另一部分数据以一个或多个文件的形式存在(如Word文档,称为文件型记录数据部分),而表单型记录部分的记录数据与文件型部分的记录数据的关联有两种方式:一是将一个文件本身的整个数据作为表单型记录部分的某个字段的内容(该字段称为文件数据字段),二是仅将获取文件的URL(Uniform Resource Locator)作为表单型记录部分的某个字段的内容(该字段称为文件URL字段),而文件本身的数据是另外单独存放的(存放在任何地方,如本地计算机文件目录、数据库或网络中);对表单+文件混合型记录的数字签名存在两种可能,一是文件部分的某一文件的数据内容有单独的数字签名,且数字签名保存(嵌入)在文件数据中(即按前面所述的文件型记录的签名方式进行数字签名),二是将某一文件的数据作为表单型记录部分的一个相应字段的内容,然后按表单型记录的签名方式将文件数据包含在数字签名中。Form + file hybrid records, for this form of electronic records, part of its data exists in the form of form records (form record data part), and is usually stored in a relational database, and another part of the data is stored in one or more files There are two ways to associate the record data of the form-type record part with the record data of the file-type part: one is to use the entire data of a file itself as a form The content of a field in the form-type record (this field is called the file data field), and the second is to only use the URL (Uniform Resource Locator) to obtain the file as the content of a field in the form-type record (this field is called the file URL field), while the data of the file itself is stored separately (stored anywhere, such as a local computer file directory, database or network); there are two possibilities for digital signatures of form + file hybrid records, one is the file part The data content of a certain file has a separate digital signature, and the digital signature is saved (embedded) in the file data (that is, the digital signature is performed according to the signature method of the file-type record mentioned above), and the second is that the data of a certain file As the content of one of the corresponding fields of the form record part, the file data is then included in the digital signature in the same way that the form record is signed.
虽然,通过对电子记录的数字签名,能使得其成为有效的、具有抗赖能力的法律证据,但在实际应用中,还是存在一定的问题,比如说,通常情况下,商家与客户之间通过网络信息系统开展电子商务活动的电子记录是保存在属于商家的系统中的,一旦出现纠纷,商家可以轻易销毁对己不利的证据。解决这一问题的一种途径是由可信的、独立的第三方保存记录数据;但这又面临着另一个问题,商家与客户之间商务活动的记录有可能涉及到敏感信息,如涉及商业秘密,因此,商家通常是不愿意将有关记录数据交由第三方保存的。因此,在应用数字签名技术的同时,如何做到既能保护商家的敏感信息,又能防止商家(或电子商务服务提供商、运营商)恶意删除记录,是一个亟待解决的问题,这也是本发明要解决的问题。Although digital signatures on electronic records can make them effective and non-repudiable legal evidence, there are still certain problems in practical applications. The electronic records of e-commerce activities carried out by the network information system are stored in the system belonging to the merchant. Once a dispute arises, the merchant can easily destroy the evidence against itself. One way to solve this problem is to keep record data by a trusted and independent third party; but this faces another problem, the records of business activities between merchants and customers may involve sensitive information, such as business Therefore, merchants are usually unwilling to hand over the relevant record data to a third party for storage. Therefore, while applying digital signature technology, how to protect the sensitive information of merchants and prevent merchants (or e-commerce service providers, operators) from maliciously deleting records is an urgent problem to be solved. Invention to solve the problem.
发明内容Contents of the invention
本发明的目的是提供一种通过数字签名保证电子记录的原发性、完整性,提供记录产生过程中有关参与方及相关活动内容的不可抵赖性证明,并通过记录分离存储技术在保护有关方的敏感或私密信息的前提下,防止产生电子记录的应用系统的服务提供商或运营商在出现纠纷时销毁有关记录证据的面向电子记录的证据管理与服务系统。The purpose of the present invention is to provide a way to ensure the originality and integrity of electronic records through digital signatures, provide non-repudiation proofs for relevant parties and related activities in the process of record generation, and protect relevant parties through record separation and storage technology. Under the premise of sensitive or private information, it is an electronic record-oriented evidence management and service system that prevents service providers or operators of application systems that generate electronic records from destroying relevant record evidence in case of disputes.
本发明针对的电子记录是保存在关系数据库中的表单型记录,以及将文件数据作为表单型记录部分的字段内容进行数字签名、且签名数据保存在表单型记录部分的字段中的表单+文件混合型记录。The electronic record targeted by the present invention is a form-type record stored in a relational database, and a form+file hybrid in which the file data is digitally signed as the field content of the form-type record part, and the signature data is stored in the field of the form-type record part type record.
为了实现上述目的,本发明所采用的技术方案是:In order to achieve the above object, the technical solution adopted in the present invention is:
一种面向电子记录的证据管理与服务系统,包括前置系统、中心系统、集成API(Application Programming Interface,应用编程接口)三部分,其特点是:An electronic record-oriented evidence management and service system, including front-end system, central system, and integrated API (Application Programming Interface, application programming interface) three parts, its characteristics are:
所述前置系统与产生电子记录的应用系统设置在同一地方(即同一网络或数据中心,也即“前置”于应用系统本地),所述前置系统包括前置记录数据库、前置系统记录存储与取证管理服务器、前置系统记录配置信息三部分:The front-end system is set in the same place as the application system that generates the electronic record (that is, the same network or data center, that is, "front-end" in the local application system), and the front-end system includes a front-end record database, a front-end system Record storage and forensics management server, pre-system record configuration information in three parts:
前置记录数据库:用于保存应用系统产生的经数字签名的电子记录数据中的需要在应用系统本地保存的记录数据部分,即保存一条完整电子记录中需应用系统本地保存的记录字段;Pre-record database: used to save the record data part of the digitally signed electronic record data generated by the application system that needs to be saved locally in the application system, that is, to save the record fields that need to be saved locally in the application system in a complete electronic record;
前置系统记录存储与取证管理服务器:在应用系统所在地负责记录数据的存储和取证管理,以及前置系统记录配置信息管理,包括将应用系统产生的记录数据的本地存储部分保存在本端的前置记录数据库中,将需要在中心系统中保存的记录数据部分传送到远端的中心系统并由其保存到中心记录数据库中;当在应用系统本地进行记录取证与验证时,根据查询条件,从本端的前置记录数据库中查询、获取所需的记录数据的应用系统本地保存部分,并连接远端的中心系统,获取记录数据的第三方保存部分,然后组合形成完整的记录,并通过记录的数字签名验证记录的有效性;当在中心系统进行记录取证操作时,接收来自远端的中心系统的记录查询请求,在本端前置记录数据库中查询、获取远端的中心系统所需的本端前置记录数据库中保存的记录数据部分,将获取的结果返回到远端的中心系统;Front-end system record storage and forensics management server: responsible for the storage of record data and forensics management at the location of the application system, as well as the management of front-end system record configuration information, including saving the local storage part of the record data generated by the application system in the local front-end In the record database, part of the record data that needs to be saved in the central system is transmitted to the remote central system and saved in the central record database; The local storage part of the application system that queries and obtains the required record data in the pre-record database at the end, and connects to the remote central system to obtain the third-party storage part of the record data, and then combines to form a complete record, and through the number of records Signature verifies the validity of the record; when performing record forensics operations in the central system, it receives a record query request from the remote central system, and queries and obtains the local data required by the remote central system in the local pre-record database. The part of the record data saved in the pre-record database returns the obtained results to the remote central system;
前置系统记录配置信息:设置有前置系统进行记录存储、取证和验证操作所需的关于记录类的信息,包括:每个记录类的唯一标识和命名,每个记录类的记录包含有哪些字段、每个字段的数值类型是什么、哪个或哪些字段是数字签名字段、签名字段覆盖的记录字段列表、记录的哪些字段保存在本端的前置记录数据库中以及这些字段保存在哪个或哪些数据库表中、相关数据库表之间的关联、连接关系、哪些字段保存在远端的中心系统的中心记录数据库中、远端中心系统的中心系统记录存储与取证管理服务器的服务地址、端口、访问方法与协议等;特别地,前置系统记录配置信息中的一项重要内容是指明,本端前置记录数据库中保存的记录数据是如何与远端的中心记录数据库中保存的对应记录数据唯一对应的(即如何通过本端的记录数据在远端的中心记录数据库中查找、获取唯一对应的记录数据,从而通过两部分的记录数据构成完整记录数据)。所述记录配置信息是围绕记录类组织的,即每个记录类都有专门的前面所述的描述信息,而所述记录类是指在某一特定应用服务过程产生的、具有相同内容属性(即包含相同记录字段)的所有记录实例(具体的记录)的集合。前置系统记录配置信息由系统管理员通过前置系统记录存储与取证管理服务器的人机界面进行设置。Front-end system record configuration information: set the information about the record class required by the front-end system for record storage, forensics and verification operations, including: the unique identification and naming of each record class, and what records are included in each record class Fields, what is the value type of each field, which or which fields are digital signature fields, a list of record fields covered by signature fields, which fields of the record are saved in the local pre-record database, and which database or databases these fields are saved in In the table, the association between related database tables, the connection relationship, which fields are stored in the central record database of the remote central system, the central system record storage of the remote central system and the service address, port, and access method of the forensics management server In particular, an important content of the front-end system record configuration information is to indicate how the record data stored in the local front-end record database uniquely corresponds to the corresponding record data stored in the remote central record database (that is, how to search and obtain the unique corresponding record data in the remote central record database through the record data at the local end, so as to form complete record data through two parts of record data). The record configuration information is organized around record classes, that is, each record class has special description information as described above, and the record class refers to the records generated in a specific application service process with the same content attributes ( That is, a collection of all record instances (specific records) that contain the same record field). The front-end system record configuration information is set by the system administrator through the man-machine interface of the front-end system record storage and evidence collection management server.
中心系统位于可信第三方的数据中心,用于集中保存来自不同地方、不同应用系统产生的记录数据中的需第三方保存的数据部分,以及进行记录取证和验证。中心系统包括中心记录数据库、中心系统记录存储与取证管理服务器、中心系统记录配置信息三部分:The central system is located in the data center of a trusted third party, which is used to centrally save the data that needs to be kept by a third party among the recorded data generated by different places and different application systems, and to perform record forensics and verification. The central system includes three parts: the central record database, the central system record storage and evidence collection management server, and the central system record configuration information:
中心记录数据库:集中保存不同地方的应用系统产生的电子记录数据中的需要在第三方保存的数据部分,即保存一条完整电子记录中需第三方保存的记录字段。Central record database: centrally save the data part of the electronic record data generated by application systems in different places that needs to be kept by a third party, that is, save the record fields that need to be kept by a third party in a complete electronic record.
中心系统记录存储与取证管理服务器:在第三方数据中心负责记录数据的存储和取证管理,以及中心系统记录配置信息管理,包括接收来自前置系统(的前置系统记录存储与取证管理服务器)提交的记录数据保存请求(仅包含完整记录数据的第三方保存部分),并将记录数据保存在中心记录数据库中;当在中心系统(即第三方)进行记录取证与验证时,根据查询条件,从中心记录数据库中获取本端保存的记录数据部分,并连接远端的前置系统的前置系统记录存储与取证管理服务器,从远端的前置记录数据库中获取对应的记录数据的其他部分(即应用系统本地保存部分),组合形成完整的记录,然后通过记录的数字签名验证记录的有效性;当在远端的前置系统进行取证操作时,接收远端的前置系统的前置系统记录存储与取证管理服务器提交的记录查询请求,在中心记录数据库中查询、获取前置系统的前置系统记录存储与取证管理服务器所需的本端中心记录数据库中保存的记录数据部分,将获取的结果返回到远端的前置系统的前置系统记录存储与取证管理服务器。Central system record storage and forensics management server: responsible for record data storage and forensics management in the third-party data center, as well as central system record configuration information management, including receiving submissions from the front-end system (front-end system record storage and forensics management server) record data storage request (only including the third-party storage part of the complete record data), and store the record data in the central record database; The central record database obtains the part of the record data saved at the local end, and connects the front-end system record storage and forensics management server of the remote front-end system, and obtains other parts of the corresponding record data from the remote front-end record database ( That is, the local storage part of the application system), combined to form a complete record, and then verify the validity of the record through the digital signature of the record; when the forensics operation is performed on the remote front-end system, the front-end system of the remote front-end system The record query request submitted by the record storage and forensics management server queries and obtains the part of record data stored in the local central record database required by the front-end system record storage and forensics management server in the central record database. The results are returned to the front-end system record storage and forensics management server of the remote front-end system.
中心系统记录配置信息:设置有中心系统进行记录存储、取证所需的关于记录的信息。中心系统记录配置信息由系统管理员通过中心系统记录存储与取证管理服务器的人机界面进行设置。中心系统记录配置信息包含的内容与设置方式与前置系统记录配置类似,其差别主要在于,1)中心系统记录配置信息不是针对一个地方、一个应用系统产生的电子记录,而是针对不同地方的不同应用系统产生的电子记录;2)配置信息中涉及的远端系统及组件,即中心系统、中心系统记录存储与取证管理服务器及中心记录数据库,分别变为相应的前置系统、前置系统记录存储与取证管理服务器及前置记录数据库;3)每个记录类都需要指定对应的远端前置系统是哪一个,以及对应的前置系统记录存储与取证管理服务器的服务地址、端口、访问方法和协议。Central system record configuration information: set the record information required by the central system for record storage and evidence collection. The central system record configuration information is set by the system administrator through the man-machine interface of the central system record storage and evidence collection management server. The content and setting methods of the central system record configuration information are similar to those of the front-end system record configuration. The main difference is that 1) the central system record configuration information is not for electronic records generated by one place or one application system, but for different places. Electronic records generated by different application systems; 2) The remote systems and components involved in the configuration information, that is, the central system, the central system record storage and forensics management server, and the central record database, respectively become the corresponding front-end systems and front-end systems Record storage and forensics management server and front-end record database; 3) Each record category needs to specify which remote front-end system is corresponding, as well as the service address, port, Access methods and protocols.
集成API:用于应用系统向前置系统的前置系统记录存储与取证管理服务器传送、提交记录数据,进行与记录数据存储操作相关的操作。Integration API: used for the application system to transmit and submit record data to the front-end system record storage and forensics management server of the front-end system, and perform operations related to record data storage operations.
所述应用系统是指在提供服务过程中产生电子记录数据(如订单、合同、标书、支付凭证等)的各类信息系统(如网上购物、交易、招投标、支付等系统等)。The application system refers to various information systems (such as online shopping, transaction, bidding, payment, etc.) that generate electronic record data (such as orders, contracts, tenders, payment vouchers, etc.) in the process of providing services.
所述前置系统可以有多个,分别位于不同应用系统的所在地。There may be multiple front-end systems, which are respectively located at locations of different application systems.
所述本端指当前正在执行记录存储、取证操作的前置系统或中心系统一侧,所述远端是指相对于本端而言的系统另一端。The local end refers to the front-end system or the central system that is currently performing record storage and forensics operations, and the remote end refers to the other end of the system relative to the local end.
所述前置系统、中心系统要处理(存储、查询、取证及验证)的记录类不止一个,因此,所述应用系统与前置系统之间、前置系统与中心系统之间相互进行记录数据传送与交换时,需要指明传送、交换的记录数据所属的记录类。The front-end system and the central system need to process (storage, query, obtain evidence, and verify) more than one type of records. Therefore, the application system and the front-end system, and between the front-end system and the central system record data mutually. When transmitting and exchanging, it is necessary to specify the record class to which the transmitted and exchanged record data belongs.
基于所述面向电子记录的证据管理与服务系统的电子记录存储方法如下:The electronic record storage method based on the electronic record-oriented evidence management and service system is as follows:
A1.应用系统提供服务的过程中的参与方(如订购方、投标人、支付人等)使用其数字证书的私钥对服务过程中产生的电子记录(如订单、合同、标书、支付凭证等)进行数字签名,然后将签名后的记录数据提交给应用系统;A1. Participants in the process of providing services by the application system (such as orderers, bidders, payers, etc.) use the private key of their digital certificates to electronic records generated during the service process (such as orders, contracts, tenders, payment vouchers, etc.) ) for digital signature, and then submit the signed record data to the application system;
A2.应用系统直接将需要保存在本地的记录数据部分保存在前置记录数据库中,然后通过集成API将需要保存在中心系统的记录数据部分提交到本端的前置系统记录存储与取证管理服务器进行处理;或者,通过集成API将全部记录数据提交到本端的前置系统记录存储与取证管理服务器进行处理;A2. The application system directly saves the part of the record data that needs to be stored locally in the pre-record database, and then submits the part of the record data that needs to be saved in the central system to the local front-end system record storage and forensics management server through the integrated API. processing; or, submit all recorded data to the local front-end system record storage and forensics management server for processing through the integrated API;
A3.前置系统记录存储与取证管理服务器接收到应用系统提交的记录数据存储请求后,确定请求是仅将部分记录数据保存到远端的中心系统还是处理全部记录数据,若该请求是仅将部分记录数据保存到远端的中心系统,则转入A4,否则,转入A5;A3. After the front-end system record storage and forensics management server receives the record data storage request submitted by the application system, it determines whether the request is to save only part of the record data to the remote central system or process all the record data. Part of the recorded data is saved to the remote central system, then transfer to A4, otherwise, transfer to A5;
A4.前置系统记录存储与取证管理服务器通过本端的前置系统记录配置信息确定需要存储的记录数据中的哪些记录字段需要传送到远端的中心系统的中心记录数据库中保存,并确定远端中心系统的中心系统记录存储与取证管理服务器的服务地址、端口、访问方法和协议,然后,通过相应的访问方法和协议将相应的记录数据部分传送到远端中心系统的中心系统记录存储与取证管理服务器,之后处理过程转入A6执行;A4. The front-end system record storage and forensics management server determines which record fields in the record data to be stored need to be transmitted to the central record database of the remote central system through the local front-end system record configuration information, and determines the remote The central system of the central system records the service address, port, access method and protocol of the management server, and then transmits the corresponding record data part to the central system of the remote central system for record storage and forensics through the corresponding access method and protocol Management server, after which the process is transferred to A6 for execution;
A5.前置系统记录存储与取证管理服务器根据本端的前置系统记录配置信息确定接收到的需要存储的记录数据中的哪些记录字段需要保存在本端的前置记录数据库中,保存在哪个或哪些数据库表中,以及有关数据库表之间的关联、连接关系,然后,形成相应的数据库数据存储语句,将所述记录数据的本端保存部分保存到前置记录数据库中,之后,进一步地查看本端的前置系统记录配置信息,确定接收到的要存储的记录数据中的哪些记录字段需要传送到远端的中心系统保存,确定远端中心系统的中心系统记录存储与取证管理服务器的服务地址、端口、访问方法和协议,然后,通过相应的访问方法和协议将接收到的要存储的记录数据的远端保存部分传送到远端中心系统的中心系统记录存储与取证管理服务器;A5. The front-end system record storage and forensics management server determines which record fields in the received record data to be stored need to be stored in the local front-end record database according to the local front-end system record configuration information, and which one or which ones are stored In the database table, as well as the association and connection relationship between the relevant database tables, and then form a corresponding database data storage statement, save the local storage part of the record data in the pre-record database, and then further check the local The front-end system record configuration information, determine which record fields in the received record data to be stored need to be transmitted to the remote central system for storage, and determine the service address of the central system record storage and forensics management server of the remote central system, Port, access method and protocol, and then, through the corresponding access method and protocol, transmit the received remote storage part of the record data to be stored to the central system record storage and evidence collection management server of the remote central system;
A6.中心系统的中心系统记录存储与取证管理服务器接收到前置系统的前置系统记录存储与取证管理服务器提交的记录数据保存请求后,通过查看中心系统记录配置信息,确定需要将记录保存在哪个或哪些数据库表中,以及有关数据库表之间的关联、连接关系,然后,形成相应的数据库数据存储语句,将记录数据保存在中心记录数据库中,之后返回成功或失败的提示。A6. After the central system record storage and forensics management server of the central system receives the record data storage request submitted by the front-end system record storage and forensics management server of the front-end system, it determines that the records need to be saved in the central system by checking the record configuration information. Which or which database tables, as well as the association and connection relationship between the relevant database tables, and then form the corresponding database data storage statement, save the record data in the central record database, and then return a success or failure prompt.
在出现纠纷需要举证时,取证管理员可登录所述面向电子记录的证据管理与服务系统进行记录取证与验证。记录取证与验证既可在中心系统进行,也可在前置系统进行。When a dispute arises and evidence needs to be presented, the evidence collection administrator can log in to the electronic record-oriented evidence management and service system for record collection and verification. Record forensics and verification can be carried out either in the central system or in the front-end system.
中心系统进行的记录取证与验证方法如下:The record collection and verification methods carried out by the central system are as follows:
B1.取证管理员登录中心系统的中心系统记录存储与取证管理服务器,输入记录查询条件,查询某个记录类中的记录,查询条件中只包含该记录类的记录在中心记录数据库中保存的记录字段;B1. Forensics administrators log in to the central system record storage and forensics management server of the central system, enter record query conditions, and query records in a certain record category. The query conditions only include records of this record category stored in the central record database. field;
B2.中心系统记录存储与取证管理服务器根据中心系统记录配置信息,确定要查询的记录保存在中心记录数据库的哪个或哪些数据库表中,以及相关数据库表间的关联、连接关系,然后再根据查询条件,形成相应的数据库查询语句,在中心记录数据库中查询、搜索并返回符合条件的记录数据;B2. The central system record storage and forensics management server, according to the central system record configuration information, determines which or which database tables in the central record database the records to be queried are stored in, as well as the association and connection relationship between related database tables, and then according to the query Conditions, form the corresponding database query statement, query, search and return the record data that meets the conditions in the central record database;
B3.若查询结果无记录数据返回,则取证结束,若查询结果有记录数据,即有一条或多条记录数据(每条记录仅包含记录数据的本端保存部分),则取证管理员通过点击鼠标查看其中一条记录的详情;B3. If there is no record data returned in the query result, the evidence collection is over. If there is record data in the query result, that is, there are one or more record data (each record only contains the local storage part of the record data), the evidence collection administrator clicks Click the mouse to view the details of one of the records;
B4.中心系统记录存储与取证管理服务器查看中心系统记录配置信息中的当前需要查看详情的记录所对应的记录类的相关描述信息,确定该记录的哪些字段保存在远端的前置记录数据库中,对应的远端前置系统记录存储与取证管理服务器的服务地址、端口、访问方法和协议是什么,确定该记录的本端数据部分与远端的前置记录数据库中保存的对应记录数据部分的唯一对应方式并形成查询搜索条件,然后,连接远端的前置系统记录存储与取证管理服务器,请求查询、获取保存在前置记录数据库中的对应记录数据部分;B4. The central system record storage and forensics management server checks the relevant description information of the record class corresponding to the record that needs to view details in the central system record configuration information, and determines which fields of the record are stored in the remote pre-record database. , what is the service address, port, access method, and protocol of the corresponding remote front-end system record storage and forensics management server, and determine the local data part of the record and the corresponding record data part saved in the remote front-end record database The only corresponding way to form a query search condition, and then connect to the remote front-end system record storage and forensics management server, request query, and obtain the corresponding record data part stored in the front-end record database;
B5.远端的前置系统记录存储与取证管理服务器接收到另一端的中心系统的中心系统记录存储与取证管理服务器提交的记录查询、获取请求后,通过前置系统记录配置信息确定要查询的记录数据保存在前置记录数据库的哪个或哪些数据库表中,以及有关数据库表之间的关联、连接关系,然后再根据另一端提交的记录查询搜索条件,形成数据库的记录查询、搜索语句,查询前置记录数据库,然后将查询结果返回到中心系统记录存储与取证管理服务器;B5. After the remote front-end system record storage and forensics management server receives the record query and acquisition request submitted by the central system record storage and forensics management server of the central system at the other end, it determines the query to be queried through the front-end system record configuration information The record data is stored in which or which database tables of the pre-record database, as well as the association and connection relationship between the relevant database tables, and then query the search conditions according to the records submitted by the other end to form the record query, search statement, and query of the database Pre-record the database, and then return the query results to the central system record storage and evidence collection management server;
B6.中心系统记录存储与取证管理服务器在获得远端前置系统记录存储与取证管理服务器返回的查询结果后,将本端获得的记录数据部分和远端返回的对应的记录数据部分组合,形成一条完整的记录;B6. After the central system record storage and forensics management server obtains the query result returned by the remote front-end system record storage and forensics management server, it combines the record data part obtained by the local end with the corresponding record data part returned by the remote end to form a complete record;
B7.中心系统记录存储与取证管理服务器进一步根据中心系统记录配置信息中对第6步骤获得的完整记录所属记录类的描述信息检查获得的完整记录数据是否空缺记录字段数据,记录数据中属于两端同时保存的记录字段的数据内容是否一致;B7. The central system record storage and forensics management server further checks whether the obtained complete record data is vacant according to the description information of the record category of the complete record obtained in step 6 in the central system record configuration information, and the record data belongs to both ends Whether the data content of the record fields saved at the same time is consistent;
B8.中心系统记录存储与取证管理服务器进一步查看中心系统记录配置信息,根据中心系统记录配置信息中对第6步骤获得的完整记录所属记录类的描述信息,确定该记录的哪个或哪些字段是数字签名字段,以及数字签名字段覆盖的记录字段列表是什么,然后据此验证该记录的签名字段的数字签名数据的有效性;B8. The central system record storage and forensics management server further checks the central system record configuration information, and determines which or which fields of the record are numbers according to the description information of the record category of the complete record obtained in step 6 in the central system record configuration information. What is the signature field, and the list of record fields covered by the digital signature field, and then verify the validity of the digital signature data of the signature field of the record;
B9.中心系统记录存储与取证管理服务器根据步骤B7和步骤B8的检查、验证结果报告第6步骤获得的完整记录的记录详情,如所有记录字段的数据内容是什么,是否有记录字段空缺数据,步骤B2和步骤B5分别获得的、同一记录同时保存在中心记录数据库和前置记录数据库中的记录字段的数据内容是否一致及不一致的字段是哪个或哪些,哪个记录字段是数字签名字段,记录的数字签名是否有效,记录数据是否被修改,签名证书是否可信及签名证书的相关信息(如签名者信息)等。B9. The central system record storage and evidence collection management server reports the record details of the complete record obtained in step 6 according to the inspection and verification results of step B7 and step B8, such as what is the data content of all record fields, whether there are vacant data in record fields, Whether the data content of the record fields obtained in steps B2 and B5 respectively, and the same record stored in the central record database and the pre-record database at the same time are consistent and which field or fields are inconsistent, which record field is a digital signature field, and which record field is the digital signature field. Whether the digital signature is valid, whether the recorded data has been modified, whether the signature certificate is credible, and the relevant information of the signature certificate (such as signer information), etc.
在以上步骤B9进行记录的数字签名验证时,对于所述同时保存在中心记录数据库和前置记录数据库中的记录字段,签名验证时的数据内容中的对应字段采用的是保存在中心记录数据库中的相应记录字段数据。When the digital signature verification of the record is performed in the above step B9, for the record fields stored in the central record database and the pre-record database at the same time, the corresponding fields in the data content during signature verification are stored in the central record database. The corresponding record field data for .
在以上步骤B5,若前置系统记录存储与取证管理服务器无法根据中心系统记录存储与取证管理服务器提交的查询请求查询到对应的记录数据,即前置系统记录存储与取证管理服务器返回的查询结果为空,则可以断定,或者要查询获取的、保存在前置记录数据库中的记录数据已被删除,或者中心记录数据库中保存的对应记录数据是伪造的。In the above step B5, if the front-end system record storage and forensics management server cannot query the corresponding record data according to the query request submitted by the central system record storage and forensics management server, that is, the query result returned by the front-end system record storage and forensics management server If it is empty, it can be concluded that either the record data to be queried and stored in the pre-record database has been deleted, or the corresponding record data stored in the central record database is forged.
若以上步骤B2和步骤B5分别获得的、同时保存在中心记录数据库和前置记录数据库中的某一记录字段的数据内容存在不一致,则可断定某一端记录数据库中保存的相应记录字段被修改,具体是哪一端保存的记录字段被修改,可通过相应的数字签名作进一步地判断,具体判断的方式如下:If there is inconsistency in the data content of a record field obtained in the above steps B2 and B5 respectively and stored in the central record database and the pre-record database at the same time, it can be concluded that the corresponding record field stored in the record database at one end has been modified, Specifically which end of the saved record field is modified can be further judged through the corresponding digital signature. The specific judgment method is as follows:
若所述记录字段包含在某一数字签名字段中,且该签名字段的数字签名验证获得通过,即签名有效,则可以断定保存在前置记录数据库中的所述记录字段数据被篡改;若所述记录字段包含在某一数字签名字段中,而该签名字段的数字签名验证没获得通过,即签名无效,则进一步地,使用所述记录字段保存在前置记录数据库中的数据进行对应的数字签名验证,若数字签名验证获得通过,则可以断定保存在中心记录数据库中的所述记录字段数据被修改,否则,需要采用其他手段进行进一步的判断。If the record field is included in a digital signature field, and the digital signature verification of the signature field is passed, that is, the signature is valid, it can be concluded that the record field data stored in the pre-record database has been tampered with; if the If the above-mentioned record field is included in a certain digital signature field, and the digital signature verification of the signature field is not passed, that is, the signature is invalid, then further, use the data stored in the pre-record database of the record field to carry out the corresponding digital signature verification. Signature verification, if the digital signature verification is passed, it can be concluded that the record field data stored in the central record database has been modified, otherwise, other means need to be used for further judgment.
在前置系统进行记录取证与验证的操作与执行过程与在中心系统进行的是一个对称的过程,即只需将所述执行过程中的中心系统、中心系统记录存储与取证管理服务器、中心记录数据库、中心系统记录配置信息承担的角色和操作,与对应的前置系统、前置系统记录存储与取证管理服务器、前置记录数据库、前置系统记录配置信息所承担的角色和操作进行对调即可。The operation and execution process of recording evidence collection and verification in the front-end system is a symmetrical process with that in the central system, that is, only the central system, central system record storage and forensics management server, central record The roles and operations undertaken by the database and central system record configuration information are swapped with the roles and operations undertaken by the corresponding front-end system, front-end system record storage and forensics management server, front-end record database, and front-end system record configuration information. Can.
虽然在中心系统和前置系统进行的记录取证与验证操作的执行过程几乎是完全一样的,实现的功能也是一样的,但两者的记录取证范围是有差别的:通过中心系统(的中心系统记录存储与取证管理服务器)能对分布在不同地方的不同应用系统产生的电子记录进行取证和验证,而通过前置系统(的前置系统记录存储与取证管理服务器)只能对本地应用系统产生的记录进行取证和验证。Although the execution process of record forensics and verification operations in the central system and front-end system is almost exactly the same, and the functions realized are the same, but the scope of record forensics between the two is different: through the central system (the central system Record storage and forensics management server) can collect evidence and verify electronic records generated by different application systems distributed in different places, while the front-end system (the front-end system record storage and forensics management server) can only generate electronic records for local application systems forensics and verification of records.
前置系统、中心系统除了保存其需要保存的原记录本身的部分数据外,可以根据记录取证的需要,在保存原记录数据的同时生成并保存相应的记录附加描述信息,如记录数据接收或保存时间,记录签名者信息(可从记录签名数据中的签名者数字证书从获取)等,这些附加记录描述信息保存在额外增加的、称为附加记录字段的记录字段中,方便记录数据存储端的系统进行记录搜索、取证;这些附加记录字段可以与原记录数据保存在同一数据库表中,也可以保存在单独的记录数据库表中。增加了记录附加描述信息字段后,保存在前置记录数据库和中心记录数据库中的记录将包含原记录数据字段(仅部分)和附加记录字段,它们构成了本端数据库中的一条“完整”记录(仍仅包含原记录的部分数据)。所述记录数据存储端的系统指正在进行记录数据存储的前置系统或中心系统。In addition to saving some data of the original record itself that the front-end system and the central system need to save, they can generate and save corresponding additional description information of the record while saving the original record data according to the needs of record evidence collection, such as record data receiving or saving Time, record signer information (can be obtained from the digital certificate of the signer in the record signature data), etc. These additional record description information are stored in an additional record field called an additional record field, which is convenient for the system at the storage end of the record data Conduct record search and forensics; these additional record fields can be stored in the same database table as the original record data, or can be stored in a separate record database table. After adding the additional description information field of the record, the records saved in the pre-record database and the central record database will contain the original record data field (only part) and the additional record field, which constitute a "complete" record in the local database (still only contains partial data from the original record). The system at the record data storage end refers to a front-end system or a central system that is storing record data.
增加了记录附加描述信息后,前置系统记录配置信息和中心系统记录配置需要相应地描述某个记录类有哪些附加记录字段、这些附加记录字段保存在哪个或哪些数据库表中。After the additional record description information is added, the front-end system record configuration information and the central system record configuration need to describe which additional record fields a certain record class has, and which database table(s) these additional record fields are stored in.
增加了记录附加描述信息后,前面所述的电子记录存储过程的步骤A5将变为:“前置系统记录存储与取证管理服务器根据本端的前置系统记录配置信息确定接收到的需要存储的记录数据中的哪些数据字段需要保存在本端的前置记录数据库中,确定需要存储的记录有哪些附加记录字段并产生相应的附加记录字段数据,然后再根据本端的前置系统记录配置信息进一步确定需要保存在本端的原记录数据字段和附录记录字段应保存在哪个或哪些数据库表中,以及有关数据库表之间的关联、连接关系,然后,形成相应的数据库数据存储语句,将所述记录数据的本端保存部分及附加记录字段保存到前置记录数据库中,之后,...″;所述步骤A6将变为:“中心系统的中心系统记录存储与取证管理服务器接收到前置系统的前置系统记录存储与取证管理服务器提交的记录数据保存请求后,通过查看中心系统记录配置信息,确定要存储的记录有哪些附加记录字段数据并产生相应的字段数据,然后再根据中心系统记录配置信息进一步确定需要将原记录数据字段及附加记录字段保存在哪个或哪些数据库表中,...”。After the additional description information of the record is added, step A5 of the above-mentioned electronic record storage process will become: "The front-end system record storage and forensics management server determines the received records that need to be stored according to the local front-end system record configuration information. Which data fields in the data need to be stored in the local pre-record database, determine which additional record fields the records need to store and generate corresponding additional record field data, and then further determine the needs according to the local pre-system record configuration information Which or which database tables should be stored in the original record data fields and appendix record fields stored at the local end, and the association and connection relationship between relevant database tables, and then form a corresponding database data storage statement, and store the record data The part saved at the local end and the additional record field are saved in the pre-record database, after that, ... "; the step A6 will become: "The central system record storage and evidence collection management server of the central system receives the pre-system After setting up the record data storage request submitted by the system record storage and forensics management server, by checking the central system record configuration information, determine which additional record field data the records to be stored have and generate corresponding field data, and then record the configuration information according to the central system To further determine which database table or tables the original record data fields and additional record fields need to be saved in,...".
增加了记录附加描述信息后,前面所述的中心系统进行的记录取证与验证过程的步骤B1变为:“取证管理员登录中心系统的中心系统记录存储与取证管理服务器,输入记录查询条件,查询某个记录类中的记录,查询条件中只包含该记录类的记录在中心记录数据库中保存的记录字段和附加记录字段”;另外,所述步骤B5中的远端的前置系统记录存储与取证管理服务器返回的记录数据查询结果将只包含前置记录数据库中保存的原记录数据字段,不包含附加记录字段。After the additional description information of the record is added, the step B1 of the record forensics and verification process performed by the central system described above becomes: "The forensics administrator logs in to the central system record storage and forensics management server of the central system, enters the record query conditions, and queries For records in a certain record class, the query conditions only include the record fields and additional record fields stored in the central record database for the records of this record class”; in addition, the remote front-end system record storage in the step B5 and The record data query result returned by the forensics management server will only contain the original record data fields saved in the pre-record database, and will not contain additional record fields.
本发明采用了记录数据分离存储方式,除非第三方参与作弊(而第三方假定是独立的、可信的),拥有或运行应用系统的服务提供商或运营商将无法通过删除记录否认某一事件、行为的存在;同时由于数字签名的存在,使得任何对记录数据的修改都能被发现。The present invention adopts the separate storage method of record data, unless a third party participates in cheating (and the third party is assumed to be independent and credible), the service provider or operator who owns or runs the application system will not be able to deny a certain event by deleting the record , the existence of behavior; at the same time, due to the existence of digital signatures, any modification to recorded data can be found.
本发明的创新之处在于:将数字签名技术和记录分离存储技术相结合,一方面为电子记录提供作为证据所需要的抗抵赖能力,另一方面,在保护有关方的私密信息的前提下,能有效防止产生电子记录的应用系统的拥有者或运营商删除、销毁记录证据。The innovation of the present invention lies in: the combination of digital signature technology and record separation storage technology, on the one hand, provide electronic records with the anti-repudiation ability required as evidence; It can effectively prevent the owner or operator of the application system that generates the electronic record from deleting and destroying the record evidence.
附图说明Description of drawings
图1为本发明的整体结构框图。Fig. 1 is the overall structural block diagram of the present invention.
具体实施方式Detailed ways
下面结合附图对本发明作进一步的详细描述。The present invention will be described in further detail below in conjunction with the accompanying drawings.
本发明的面向电子记录的证据管理与服务系统的整体结构如图1所示,本发明包括前置系统、中心系统、集成API三部分,其中,前置系统包括前置记录数据库、前置系统记录存储与取证管理服务器、前置系统记录配置信息三部分;中心系统包括中心记录数据库、中心系统记录存储与取证管理服务器、中心系统记录配置信息三部分。关于前置系统、中心系统、集成API及其组成部分的功能在前面的发明内容中已做了详细描述,在此不再重复。The overall structure of the electronic record-oriented evidence management and service system of the present invention is shown in Figure 1. The present invention includes three parts: a front-end system, a central system, and an integrated API. There are three parts: record storage and forensics management server, and front-end system record configuration information; the central system includes three parts: central record database, central system record storage and forensic management server, and central system record configuration information. The functions of the front-end system, the central system, the integration API and their components have been described in detail in the foregoing summary of the invention, and will not be repeated here.
所述前置记录数据库和中心记录数据库(统称记录数据库)的具体实施可采用各种现有的关系数据库系统,如Oracle、SQL Server、MySQL、DB2等。每个记录类的记录数据,根据实际需要可以保存在数据库的一张或多张对应的表中。The specific implementation of described pre-record database and central record database (collectively referred to as record database) can adopt various existing relational database systems, such as Oracle, SQL Server, MySQL, DB2 etc. The record data of each record class can be stored in one or more corresponding tables of the database according to actual needs.
在所述的面向电子记录的证据管理与服务系统中,前置系统记录配置信息和中心系统记录配置信息(统称记录配置信息)起着非常重要的作用,记录存储、取证与验证操作的执行过程都依赖于它们。对于所述记录配置信息中记录信息的设定、描述技术的具体实现有多种方案,一种方案是采用XML(eXtensible Markup Language)或基于XML的其他可扩展的标记语言,如RDF/OWL(Resource DescriptionFramework/Web Ontology Language)等,定义相应的记录信息描述词汇(Vocabulary)或构词(Constructs)并赋予它们一定的语义和相应的数据格式,然后在此基础上对记录信息进行描述,这个方案的好处是扩展性好,缺点是相对比较复杂;另一种方案是采用关系数据库,即定义相应的数据库表,数据库表,数据库表的某个特定字段存放特定的记录描述信息,数据库一条或多条相关数据库记录对应于一个记录类的描述信息,采用这种方式的优点是简单,缺点是扩展性差。In the above-mentioned electronic record-oriented evidence management and service system, the pre-system record configuration information and the central system record configuration information (collectively referred to as record configuration information) play a very important role. The execution process of record storage, evidence collection and verification operations all depend on them. There are multiple schemes for the setting of record information in the record configuration information and the specific realization of description technology. One scheme is to adopt XML (eXtensible Markup Language) or other extensible markup languages based on XML, such as RDF/OWL ( Resource DescriptionFramework/Web Ontology Language), etc., define the corresponding record information description vocabulary (Vocabulary) or word formation (Constructs) and give them certain semantics and corresponding data formats, and then describe the record information on this basis, this scheme The advantage is that it has good scalability, but the disadvantage is that it is relatively complicated; another solution is to use a relational database, that is, define a corresponding database table, a database table, a specific field of the database table to store specific record description information, and one or more database tables A related database record corresponds to the description information of a record class. The advantage of using this method is simplicity, but the disadvantage is poor scalability.
利用所述的记录配置信息描述技术,记录配置信息的具体描述实施方式如下:Using the described recording configuration information description technology, the specific description implementation of the recording configuration information is as follows:
首先,描述中心或前置记录数据库中存放记录数据的每张数据库表的相关信息,包括,First, describe the relevant information of each database table that stores record data in the central or pre-record database, including,
1.1)数据库表的名称;1.1) The name of the database table;
1.2)数据库表中包含的字段(或列)的列表及字段的其相关信息,包括字段名称(或字段ID)、字段数值类型;1.2) A list of fields (or columns) contained in the database table and their related information, including field name (or field ID), field value type;
1.3)可选地,描述表的哪个或哪些字段是索引字段。1.3) Optionally, describe which field or fields of the table are index fields.
以上1.1)、1.2)、1.3)中所述的关于数据库表的信息,既可以手工设置,也可以通过程序查询相应的记录数据库获得;The information about the database tables described in 1.1), 1.2), and 1.3) above can be manually set, or can be obtained by querying the corresponding record database through a program;
其次,对每个记录类的如下基本信息进行描述或定义:Secondly, describe or define the following basic information of each record class:
2.1)记录类的名称和唯一标识(ID);2.1) The name and unique identification (ID) of the record class;
2.2)记录类中包含的字段的列表,及每个字段的有关信息,包括字段名称或标识(ID)、数值类型(如字串、整数、字节等),以及字段的内容类型;2.2) A list of fields contained in the record class, and information about each field, including the field name or identifier (ID), value type (such as string, integer, byte, etc.), and the content type of the field;
2.3)记录类中记录的附加记录字段的列表,及每个附加记录字段的有关信息,包括每个附加记录字段的名称、数值类型及附加记录字段类型;2.3) A list of additional record fields recorded in the record class, and information about each additional record field, including the name, value type and additional record field type of each additional record field;
2.4)记录类的哪些字段保存在本端的记录数据库中,哪些字段保存在远端的记录数据库中;2.4) Which fields of the record class are stored in the local record database, and which fields are stored in the remote record database;
2.5)记录数据在远端保存部分对应的前置系统或中心系统是哪个,对应的前置系统或中心系统记录存储与取证管理服务器的服务地址、端口、访问方法和协议是什么;2.5) Which front-end system or central system is the corresponding front-end system or central system for the remote storage of recorded data, and what is the service address, port, access method and protocol of the corresponding front-end system or central system record storage and forensics management server;
2.6)数字签名证书可信性验证对应的上级及根CA证书列表。2.6) List of superior and root CA certificates corresponding to digital signature certificate authenticity verification.
在以上记录类描述信息中,对记录的所有字段都要进行描述,无论该记录字段是保存在本端的记录数据库中还是保存在远端的记录数据库中。In the above record description information, all fields of the record must be described, regardless of whether the record field is stored in the local record database or in the remote record database.
所述2.2)中所述的字段内容类型是指:普通数据、数字签名、文件数据(即字段中直接存放文件数据)或文件URL(即字段中存放的是文件获取URL)之一。The field content type mentioned in 2.2) refers to one of: common data, digital signature, file data (that is, the file data is directly stored in the field) or file URL (that is, the file acquisition URL is stored in the field).
在以上记录类描述信息中,若某个字段的内容类型是数字签名字段,则需要进一步指明该数字签名字段对应的“名字对”形式的签名内容(即name1=value1&name2=value2...)中出现的记录字段的字段名及顺序,即给出该数字签名字段覆盖的记录字段的列表;有了关于记录数字签名的这些相关描述信息,在记录取证与验证过程中,前置系统或中心系统记录存储与取证管理服务器将能自动进行记录数字签名的签名验证。In the above record class description information, if the content type of a field is a digital signature field, it is necessary to further specify the signature content in the form of a "name pair" corresponding to the digital signature field (name1=value1&name2=value2...) The field name and order of the record fields that appear, that is, the list of record fields covered by the digital signature field is given; with these relevant description information about the record digital signature, in the process of record forensics and verification, the front-end system or central system The record storage and forensics management server will be able to automatically perform signature verification of record digital signatures.
在以上记录类描述信息中,若某个字段的内容类型是文件数据或文件URL,则需进一步指明相应文件的类型,如Word、PDF等。In the above record description information, if the content type of a field is file data or file URL, it is necessary to further specify the type of the corresponding file, such as Word, PDF, etc.
所述2.3)中的附加记录字段的类型,根据实际需要定;由于附加记录字段类型对于某个具体实施而言是预定义的,因此,前置系统记录存储与取证管理服务器、中心系统记录存储与取证管理服务器可根据附加记录字段的类型,以及需要存储的记录数据及相关的记录配置信息,自动生成相应的附加记录字段数据。The type of the additional record field in 2.3) is determined according to actual needs; since the additional record field type is predefined for a specific implementation, the pre-system record storage and evidence collection management server, central system record storage The forensics management server can automatically generate corresponding additional record field data according to the type of the additional record field, the record data to be stored and related record configuration information.
进一步地,记录配置信息还按如下方式描述每个记录类的记录数据与记录数据库表的对应关系:Furthermore, the record configuration information also describes the corresponding relationship between the record data of each record class and the record database table in the following manner:
3.1)记录类所对应的用于保存其记录数据的、所述记录配置信息所在端的记录数据库中一张或多张数据库表的名称;3.1) the name of one or more database tables in the record database at the end where the record configuration information is located corresponding to the record class for saving its record data;
3.2)记录类的保存在所述记录配置信息所在端的记录数据库中的每个记录字段,包括附加记录字段,与3.1)所述的该记录类所对应的数据库表的字段之间的对应关系,即哪个记录字段与哪个数据库表的哪个字段对应;3.2) Each record field of the record class stored in the record database at the end where the record configuration information is located, including additional record fields, and the corresponding relationship between the fields of the database table corresponding to the record class described in 3.1), That is, which record field corresponds to which field of which database table;
3.3)若所述记录类对应多张数据库表,则需进一步指明不同数据库表之间是如何通过数据库表的字段进行数据关联、数据库表连接的(从而生成一个大的逻辑数据库表),最简单的方式是指明两个表之间同时拥有的、具有唯一值特性的字段作为记录表关联、连接字段。3.3) If the record class corresponds to multiple database tables, it is necessary to further specify how to perform data association and database table connection between different database tables through the fields of the database tables (thus generating a large logical database table), the simplest The way is to indicate that the fields with unique value characteristics between the two tables are used as record table association and connection fields.
所述记录配置信息所在端,是指与所述前置系统记录配置信息或中心系统记录配置信息在同一侧的前置系统或中心系统;所述记录配置信息所在端的记录数据库是指对应的前置或中心记录数据库。The end where the record configuration information is located refers to the front-end system or the central system on the same side as the front-end system record configuration information or the central system record configuration information; the record database at the end where the record configuration information is refers to the corresponding front-end system local or central record database.
所述3.2)中所述的记录类的保存在所述记录配置信息所在端的记录数据库中的每个记录字段,包括附加记录字段,与数据库表的字段之间的对应关系,最简单的实施方法是名字对应,即一个记录字段与记录类对应的数据库表中具有相同名字的数据库表字段对应。Each record field of the record class described in 3.2) stored in the record database at the end of the record configuration information, including additional record fields, and the corresponding relationship between the fields of the database table, the simplest implementation method Name correspondence, that is, a record field corresponds to a database table field with the same name in the database table corresponding to the record class.
有了以上记录类的记录数据与记录数据库表之间的对应关系描述,以及相关数据库表之间的关联、连接关系描述,前置系统或中心系统记录存储与取证管理服务器在本端的记录数据库中进行记录数据存储或查询时,就能根据存储或查询条件,形成相应的数据库存储或查询SQL语句,进行相应的记录数据存储或查询,其中相关数据库表之间的关联、连接关系描述信息用于在存储或查询SQL语句中将关联的多张数据库表连接(JOIN)在一起。With the description of the corresponding relationship between the record data of the above record class and the record database table, as well as the description of the association and connection relationship between the related database tables, the record storage and forensics management server of the front-end system or central system will be in the record database of the local end. When storing or querying record data, the corresponding database storage or query SQL statement can be formed according to the storage or query conditions, and the corresponding record data storage or query can be performed. The association and connection relationship description information between related database tables is used for Connect multiple associated database tables (JOIN) together in the storage or query SQL statement.
如发明内容中所述,记录配置信息中的一项重要内容是指明:本端记录数据库中保存的记录数据是如何与远端的记录数据库中保存的对应记录数据唯一对应的(即如何通过本端的一条记录数据在远端的记录数据库中查找、获取对应的唯一记录数据)。这项描述内容之所以必需和重要,是因为在所述面向电子记录的证据管理与服务系统中,对于每条电子记录而言,前置记录数据库和中心记录数据库都只保存了完整记录的一部分数据,因此,在取证过程中,只有保存在两个记录数据库中的两部分对应记录数据组合起来才能构成完整的记录。要实现这一点,最关键的是如何表示保存在两个不同地方的两部分记录数据之间的一一对应的关系,基于这个一一对应的关系,从任何一端的记录数据库中获取一条仅包含部分数据的记录,都能从另一端的数据库中获得包含有其余数据的唯一的对用记录。对此问题的解决,本发明采用的具体实施方案如下:As mentioned in the summary of the invention, an important content in the record configuration information is to indicate how the record data stored in the local record database uniquely corresponds to the corresponding record data stored in the remote record database (that is, how to pass the A record data at the remote end is searched in the record database at the remote end to obtain the corresponding unique record data). The reason why this description is necessary and important is that in the electronic record-oriented evidence management and service system, for each electronic record, both the pre-record database and the central record database only save a part of the complete record Therefore, in the process of forensics, only the two parts of the corresponding record data stored in the two record databases are combined to form a complete record. To achieve this, the most critical thing is how to express the one-to-one relationship between the two parts of the record data stored in two different places. Based on this one-to-one relationship, a record containing only Part of the data records can obtain the only pair record containing the rest of the data from the database at the other end. To solve this problem, the specific implementation scheme adopted by the present invention is as follows:
无论保存在前置记录数据库中还是中心记录数据库中的记录数据,都有一个字段或多个字段的组合构成了在另一端数据库中查询、获得对应的唯一记录的搜索条件,该记录字段或记录字段组合称之为远端记录搜索键(即Remote Record Searching Key)(即该键可以是仅含一个字段,也可以是多个字段的组合),这个或这些构成远端记录搜索键的记录字段需要在前置记录数据库和中心记录数据库中同时保存;相应地,在前置系统记录配置信息和中心系统记录配置信息中,对于每个记录类,以字段列表的形式设定其本端保存的哪个或哪些字段构成了在远端记录数据库中搜索、获取对应的唯一记录的远端记录搜索键。Regardless of the record data stored in the pre-record database or the central record database, there is one field or a combination of multiple fields that constitutes the search condition for querying in the database at the other end and obtaining the corresponding unique record. The record field or record The combination of fields is called the Remote Record Searching Key (Remote Record Searching Key) (that is, the key can contain only one field or a combination of multiple fields), and this or these record fields that constitute the remote record search key It needs to be saved in the pre-record database and the central record database at the same time; correspondingly, in the front-end system record configuration information and the central system record configuration information, for each record type, set its local-saved value in the form of a field list Which field or fields constitute the remote record search key for searching and obtaining the corresponding unique record in the remote record database.
对于某个特定的记录类而言,前置记录数据库和中心记录数据库中保存的记录的构成远端记录搜索键的记录字段,既可以相同,也可以不同,但为了简便,可将它们都设置为记录在前置记录数据库中的记录主键(Primary Key)(因为记录数据是先在前置记录数据库中保存,后在中心记录数据库中保存,这样,在中心记录数据库进行记录存储操作时前置记录数据库中的记录主键已可得到)。另外,因为附加记录字段只在其所在的数据存储端有意义,因此,通常不能作为远端记录搜索键的构成部分。For a specific record type, the records stored in the pre-record database and the central record database can be the same or different, but for the sake of convenience, they can be set to It is the record primary key (Primary Key) recorded in the pre-record database (because the record data is first saved in the pre-record database and then saved in the central record database, so that when the central record database performs record storage operations, the pre-record record primary key in the record database is already available). In addition, since additional record fields are only meaningful on the data storage side where they are located, they usually cannot be used as part of the remote record search key.
基于所述远端记录搜索键,则发明内容所述记录取证与验证过程中的步骤B4中的所述的“...确定该记录数据与远端的前置记录数据库中保存的对应记录数据唯一对应方式...”的具体实施将是“确定该记录对应的远端记录搜索键...”。Based on the remote record search key, the "...determine the record data and the corresponding record data stored in the remote pre-record database" in step B4 in the record forensics and verification process of the summary of the invention The specific implementation of the unique corresponding way..." will be "determine the remote record search key corresponding to this record...".
前置系统记录存储与取证管理服务器、中心系统记录存储与取证管理服务器的具体开发实现可以采用任何成熟的网络信息系统开发技术,如J2EE、ASP.NET等;前置系统记录存储与取证管理服务器、中心系统记录存储与取证管理服务器采用的具体实施开发技术可以相同,也可以不同。The specific development and implementation of the front-end system record storage and forensics management server and the central system record storage and forensics management server can adopt any mature network information system development technology, such as J2EE, ASP.NET, etc.; the front-end system record storage and forensics management server 1. The specific implementation and development technologies adopted by the central system record storage and the forensics management server may be the same or different.
基于以上数据库、记录配置信息、前置系统和中心系统记录存储与取证管理服务器的具体实施技术,实现发明内容中所述的A1-A6的记录存储过程,B1-B9的记录取证与验证过程将不是一件困难的事情,本领域的专业技术人员都能依据所述相关内容实现。Based on the specific implementation technology of the above database, record configuration information, front-end system and central system record storage and evidence collection management server, the record storage process of A1-A6 described in the summary of the invention is realized, and the record evidence collection and verification process of B1-B9 will be It is not a difficult task, and those skilled in the art can realize it according to the related content.
集成API根据应用系统的开发技术不同,可采用相应的技术开发,如C/C++动态库、Windows COM/COM+、Java类包、C#类包等。The integrated API can be developed with corresponding technologies according to the different development technologies of the application system, such as C/C++ dynamic library, Windows COM/COM+, Java class package, C# class package, etc.
前置系统记录存储与取证管理服务器、中心系统记录存储与取证管理服务器、集成API之间的记录数据传送、交换协议可以基于TCP/IP、HTTP、Web Services等传输协议自定义,并采取一定的安全措施,如数据加密、数字签名等,保障数据传输过程中的数据私密性和完整性。Record data transmission and exchange protocols between front-end system record storage and forensics management server, central system record storage and forensics management server, and integrated API can be customized based on transmission protocols such as TCP/IP, HTTP, and Web Services, and adopt certain Security measures, such as data encryption, digital signature, etc., ensure data privacy and integrity during data transmission.
本说明书中未作详细描述的内容属于本领域专业技术人员公知的现有技术。The content not described in detail in this specification belongs to the prior art known to those skilled in the art.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210016396.XACN102624698B (en) | 2012-01-17 | 2012-01-17 | Evidence management and service system for electronic records |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210016396.XACN102624698B (en) | 2012-01-17 | 2012-01-17 | Evidence management and service system for electronic records |
| Publication Number | Publication Date |
|---|---|
| CN102624698A CN102624698A (en) | 2012-08-01 |
| CN102624698Btrue CN102624698B (en) | 2014-12-03 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210016396.XAExpired - Fee RelatedCN102624698B (en) | 2012-01-17 | 2012-01-17 | Evidence management and service system for electronic records |
| Country | Link |
|---|---|
| CN (1) | CN102624698B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014194471A1 (en)* | 2013-06-04 | 2014-12-11 | 安世盾信息技术(北京)有限公司 | Database evidence collection method and apparatus |
| CN104657359B (en)* | 2013-11-19 | 2017-10-31 | 孙燕群 | A kind of method that web page contents and style are recorded by network address |
| CN105790954B (en)* | 2016-03-02 | 2019-04-09 | 布比(北京)网络技术有限公司 | A kind of method and system constructing electronic evidence |
| CN107145574A (en)* | 2017-05-05 | 2017-09-08 | 恒生电子股份有限公司 | database data processing method, device and storage medium and electronic equipment |
| CN110309261B (en)* | 2019-05-15 | 2023-07-14 | 国网浙江浙电招标咨询有限公司 | Online generation and signature method of electronic bidding document and electronic bidding system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101165717A (en)* | 2006-10-17 | 2008-04-23 | 阿里巴巴公司 | Method and system for acquiring electronic evidence |
| US7447904B1 (en)* | 2001-11-14 | 2008-11-04 | Compass Technology Management, Inc. | Systems and methods for obtaining digital signatures on a single authoritative copy of an original electronic record |
| CN101510289A (en)* | 2009-03-31 | 2009-08-19 | 成都硅创科技有限公司 | Digital property right certificate and implementing method thereof |
| CN101833724A (en)* | 2010-04-01 | 2010-09-15 | 复旦大学 | System and Method for Preserving E-Commerce Data Messages and Forming Judicial Evidence via Other Parties |
| CN102195781A (en)* | 2011-05-30 | 2011-09-21 | 武汉理工大学 | Electronic evidence obtaining system based on electronic record correlated signature |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7665141B2 (en)* | 2004-11-24 | 2010-02-16 | Ghada Young | Origin and custody of copies from a stored electronic record verified page by page |
| AU2009204512B2 (en)* | 2008-01-07 | 2014-06-12 | Security First Corp. | Systems and methods for securing data using multi-factor or keyed dispersal |
| CN103238305A (en)* | 2010-05-28 | 2013-08-07 | 安全第一公司 | Accelerator system for use with secure data storage |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7447904B1 (en)* | 2001-11-14 | 2008-11-04 | Compass Technology Management, Inc. | Systems and methods for obtaining digital signatures on a single authoritative copy of an original electronic record |
| CN101165717A (en)* | 2006-10-17 | 2008-04-23 | 阿里巴巴公司 | Method and system for acquiring electronic evidence |
| CN101510289A (en)* | 2009-03-31 | 2009-08-19 | 成都硅创科技有限公司 | Digital property right certificate and implementing method thereof |
| CN101833724A (en)* | 2010-04-01 | 2010-09-15 | 复旦大学 | System and Method for Preserving E-Commerce Data Messages and Forming Judicial Evidence via Other Parties |
| CN102195781A (en)* | 2011-05-30 | 2011-09-21 | 武汉理工大学 | Electronic evidence obtaining system based on electronic record correlated signature |
| Title |
|---|
| Optimistic non-repudiable information exchange;Steve Kremer等;《Reference Proceedings of the Symposium on information theory in the Benelux》;20000531;第139-146页* |
| P J Skevington等.Trusted third parties in electronic commerce.《BT Technology Journal》.1997,第15卷(第2期),* |
| Steve Kremer等.Optimistic non-repudiable information exchange.《Reference Proceedings of the Symposium on information theory in the Benelux》.2000,* |
| Trusted third parties in electronic commerce;P J Skevington等;《BT Technology Journal》;19970430;第15卷(第2期);第39-44页* |
| 周璐.略论电子签名证据相关问题.《江汉大学学报(社会科学版)》.2011,第28卷(第2期),* |
| 浅谈电子商务中的安全技术;王海;《中国科技论文在线》;20060215;全文* |
| 王海.浅谈电子商务中的安全技术.《中国科技论文在线》.2006,* |
| 通用电子记录存储与取证系统研究;龙毅宏 等;《信息安全与通信保密》;20110831;第9卷(第8期);第44-49页* |
| 龙毅宏 等.通用电子记录存储与取证系统研究.《信息安全与通信保密》.2011,第9卷(第8期),* |
| Publication number | Publication date |
|---|---|
| CN102624698A (en) | 2012-08-01 |
| Publication | Publication Date | Title |
|---|---|---|
| AU2021206913B2 (en) | Systems and methods for distributed data sharing with asynchronous third-party attestation | |
| US11531981B2 (en) | Digital contracts in blockchain environments | |
| US20220207159A1 (en) | Systems and methods for privacy management using a digital ledger | |
| CN108665372B (en) | Information processing, inquiring and storing method and device based on block chain | |
| KR100497022B1 (en) | A method for inter-enterprise role-based authorization | |
| CN114365133A (en) | A system or method for implementing the right to be forgotten on a metadata-driven blockchain using secret sharing and consensus on reads | |
| US20230095123A1 (en) | Systems and Methods for Digitally Signed Contracts with Verifiable Credentials | |
| KR102280061B1 (en) | Corporation related certificate issue system and method using did based on blockchain | |
| US20200320622A1 (en) | Method and system for processing and documenting digital transactions | |
| CN112035895B (en) | A transaction-based electronic contract evidence collection method and system | |
| US12155776B1 (en) | Systems and methods for smart contracts including arbitration attributes | |
| CN102624698B (en) | Evidence management and service system for electronic records | |
| CN113597608B (en) | Trusted platform based on blockchain | |
| WO2022109850A1 (en) | Blockchain-based trusted platform | |
| US11301823B2 (en) | System and method for electronic deposit and authentication of original electronic information objects | |
| CN119885267A (en) | Data trusted computing framework based on alliance block chain | |
| WO2025002735A1 (en) | Blockchain transaction | |
| TW201411530A (en) | Electronic confirmation system and method | |
| CN111339036A (en) | Block chain-based electronic license full life cycle management method and device | |
| CN117729215A (en) | Trusted data sharing platform based on blockchain | |
| HK40066469A (en) | Blockchain-based trusted platform | |
| WO2025002725A1 (en) | Blockchain transaction | |
| CN116821954A (en) | Information processing method and device, electronic equipment and computer readable storage medium | |
| Johann et al. | EUROPEAN COMMISSION HORIZON 2020 LC-MG-1-4-2018 Grant agreement ID: 814951 | |
| Sharan | Cloud Security and REST APIs Developing in Web Application |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee | Granted publication date:20141203 Termination date:20170117 |