CN106953877B

Movatterモバイル変換

Info

Publication number: CN106953877B
Application number: CN201710293292.6A
Authority: CN
Inventors: 徐茂兰; 甄诚
Original assignee: Guoxin Jianing Data Technology Co ltd
Current assignee: Guoxin Jianing Data Technology Co ltd
Priority date: 2017-04-28
Filing date: 2017-04-28
Publication date: 2020-10-30
Anticipated expiration: 2037-04-28
Also published as: CN106953877A

Abstract

The invention discloses a method, a system and a device for identifying security data. The method comprises the following steps: receiving an authentication request of a user for the secured data; generating material detection data according to the authentication request and the secured data aimed at by the authentication request; sending the material checking data and the evidence storing data packet corresponding to the preserved data to an authentication server; receiving an authentication report which is successfully generated and returned by the authentication server according to the material detection data and the evidence storage data packet; providing the authentication report to a user. The electronic evidence which can be kept by the user is authenticated, the reliability and the usability of the electronic evidence are improved, and the electronic evidence is convenient to store and use.

Description

Security data authentication method, system and device

Technical Field

The invention relates to the technical field of navigation, in particular to a method, a system and a device for identifying security data.

Background

Electronic evidence is different from traditional evidence types in law in aspects of expression form, preservation mode, safety and the like. Summarizing the various aspects, the characteristics of electronic evidence can be basically summarized as follows:

(1) the electronic evidence is technical. The high-tech of the electronic evidence is a double-edged sword, on one hand, the technical characteristic enables the electronic evidence to have the excellent characteristics of rapid collection, easy storage, small occupied space, convenient transmission and transportation, repeated reproduction and the like, but at the same time, the electronic evidence exists depending on certain technical equipment and technical means, the electronic evidence is a product of electronic technology, the electronic evidence can not exist or can not be reproduced after leaving the storage technology, the computer technology and the network technology, and the evidence extraction also needs corresponding electronic equipment and professionals, and has more complexity.

(2) The electronic evidence is complex. Many times, the electronic evidence not only is embodied in a text form, but also integrates various forms such as images, pictures, sounds, pictures and the like, and has stronger compound property and diversity of expression forms. Since it is propagated by computer and its network system, it is different from the traditional evidence, and there are some differences in use and identification.

(3) The electronic evidence is intangible, and the electronic evidence is a stack of '0' and '1' processed according to encoding rules, and the encoding data exists on the media medium in the forms of sound, light, electricity, magnetism and the like, is intangible which cannot be directly viewed, cannot be seen and is unknown, and can be displayed as visible tangible content only through specific equipment and technology.

(4) The electronic evidence is fragile, and due to the technical characteristics of the electronic evidence and the particularity of the preservation mode of the electronic evidence, the electronic evidence is extremely easy to be damaged from the outside in the processes of storage, transmission and use, such as invasion by viruses and hackers, interception, eavesdropping, interception, tampering, deletion and the like, so that the electronic evidence is invisible or even disappears. The vulnerability of electronic evidence causes difficulty in examining and identifying the electronic evidence, and is also a major motivator for indirect evidence by partial scholars and legislative bodies.

Electronic data preservation is a new industry, and at the present of the rapid development of the internet, the law hysteresis and the characteristic of electronic data evidence cause the legality of the electronic evidence to be questioned by the law. Compared with the rapid development of the internet, the electronic data preservation is lagged behind, and no legal electronic data preservation system is a big problem in the internet development process.

Aiming at the problems that the preservation of the electronic evidence in the present generation is blank, legal evidence of legal electronic evidence can not be conveniently and quickly generated, and when the situation of legal dispute occurs, a party needs to carry out judicial identification on the electronic evidence on electronic data, and the situation is very expensive, time-consuming, labor-consuming, long in waiting time, delayed in case and the like when the judicial identification is carried out.

Therefore, how to well preserve internet data and make the internet data become usable electronic evidence becomes a technical problem to be solved urgently.

Disclosure of Invention

In view of the above, the present invention has been developed to provide a secure data authentication method, system and apparatus that overcome, or at least partially address, the above-discussed problems.

In a first aspect, an embodiment of the present invention provides a security data authentication method, including:

receiving an authentication request of a user for the secured data;

generating material detection data according to the authentication request and the secured data aimed at by the authentication request;

sending the material checking data and the evidence storing data packet corresponding to the preserved data to an authentication server;

receiving an authentication report which is successfully generated and returned by the authentication server according to the material detection data and the evidence storage data packet;

providing the authentication report to a user.

In some optional embodiments, the receiving an authentication request of a user for secured data specifically includes:

receiving a signed protocol file sent by a user; or

And receiving a protocol signing request of a user, providing a protocol file for the user to sign, and acquiring the signed protocol file which is signed by the user online or uploaded after being signed offline.

In some optional embodiments, the generating the material testing data, and sending the material testing data and the warranty data packet corresponding to the secured data to the authentication server specifically include:

confirming whether the received protocol file is a valid protocol file, and generating material checking data according to the valid protocol file and the secured data aiming at the authentication request acquired from the database when the received protocol file is valid;

acquiring a security electronic certificate, user identity information and a security code corresponding to the secured data from a database to form a security data packet;

and sending the material detection data and the certificate storage data packet to a certificate identification server.

In some optional embodiments, the receiving an authentication report successfully generated and returned by the authentication server according to the material detection data and the evidence storing data packet specifically includes:

and receiving an authentication report which is generated and returned when the authentication server verifies the security verification information of the secured data according to the received material checking data and the received certificate storing data and passes the verification.

In some optional embodiments, the method further includes:

and receiving an authentication failure notice returned by the authentication server according to the successful authentication report of the material detection data and the authentication storage data packet, and informing the authentication failure notice to the user.

In a second aspect, an embodiment of the present invention provides a security data authentication apparatus, including:

the request receiving module is used for receiving an authentication request of a user for the preserved data;

the material detection generation module is used for generating material detection data according to the authentication request and the preserved data aimed at by the authentication request;

the data sending module is used for sending the material checking data and the evidence storing data packet corresponding to the preserved data to the authentication server;

the report receiving module is used for receiving an authentication report which is successfully generated and returned by the authentication server according to the material detection data and the evidence storage data packet;

a report providing module for providing the authentication report to a user.

In some optional embodiments, the request receiving module is specifically configured to:

receiving a signed protocol file sent by a user; or

In some optional embodiments, the material inspection generation module is specifically configured to: confirming whether the received protocol file is a valid protocol file, and generating material checking data according to the valid protocol file and the secured data aiming at the authentication request acquired from the database when the received protocol file is valid; accordingly, the method can be used for solving the problems that,

the data sending module is specifically configured to: acquiring a security electronic certificate, user identity information and a security code corresponding to the secured data from a database to form a security data packet; and sending the material detection data and the certificate storage data packet to a certificate identification server.

In some optional embodiments, the report receiving module is further configured to: receiving an authentication failure notice returned by the authentication server when the successful authentication report fails according to the material detection data and the authentication storage data packet; accordingly, the method can be used for solving the problems that,

the report providing module is specifically configured to: and notifying the authentication failure to the user.

The embodiment of the invention also provides a security data authentication system, which comprises: the system comprises a client, a certificate storage server and a certificate authentication server;

the client is used for sending an authentication request aiming at the preserved data to the certificate storage server and receiving an authentication report provided by the certificate storage server;

the certificate storing server comprises the security data certificate identifying device;

the authentication server is used for receiving the material checking data and the evidence storing data packet corresponding to the preserved data sent by the authentication server, and returning the authentication report to the evidence storing server after successfully generating the authentication report according to the material checking data and the evidence storing data packet.

The technical scheme provided by the embodiment of the invention has the beneficial effects that at least:

the method comprises the steps of carrying out authentication on the secured data submitted by a user, generating an authentication report for proving that the electronic evidence is usable, legal and effective, ensuring that the electronic data is original unmodified electronic data when in use by a mode of securing authentication information by electronic data at an authentication point, improving the reliability of the electronic evidence, further improving the real validity of the secured electronic data by storing the electronic certificate and securing the electronic certificate, providing convenience for obtaining the electronic evidence, reducing the time for obtaining the evidence and improving the legality and usability of the obtained electronic evidence.

Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:

FIG. 1 is a flowchart illustrating a method for securing Internet data according to an embodiment of the present invention;

FIG. 2 is a flowchart illustrating an implementation of a process for securing credential data according to an embodiment of the present invention;

FIG. 3 is a flowchart illustrating an implementation of a process for maintaining right data according to an embodiment of the present invention;

FIG. 4 is a flowchart illustrating a security data authentication method according to a second embodiment of the present invention;

FIG. 5 is a flowchart illustrating a specific implementation procedure for authenticating security data according to a second embodiment of the present invention;

fig. 6 is a schematic structural diagram of an internet data security system according to a third embodiment of the present invention;

fig. 7 is a schematic structural diagram of an internet data security device according to a third embodiment of the present invention;

FIG. 8 is a schematic structural diagram of a security data authentication system according to a fourth embodiment of the present invention;

fig. 9 is a schematic structural diagram of a security data authentication apparatus according to a fourth embodiment of the present invention.

Detailed Description

Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

In order to solve the problems that electronic evidence is difficult to preserve, preservation evidence is difficult, cost is extremely high, time and labor are wasted, waiting time is long and the like in the prior art, the embodiment of the invention provides an internet data preservation implementation method, which can timely preserve the electronic evidence, improve the usability and the legality of the preservation evidence, is convenient and quick to implement, and improves the convenience and the usability of preservation of the electronic evidence.

In order to solve the problems that electronic evidence is difficult to store and obtain, identification evidence is difficult, and judicial identification cost is very expensive, time and labor are wasted, waiting time is long and the like when real and effective electronic evidence needs to be obtained in the prior art, the embodiment of the invention provides a method for obtaining preservation data, which can be used for quickly obtaining the preserved electronic evidence, obtaining the real and available electronic evidence, reducing the operation time of an identification process, improving the availability and the legality of the preservation evidence, and enabling the electronic evidence to be obtained more conveniently and quickly, and enabling the identification process to be more convenient.

Example one

An embodiment of the present invention provides an internet data security method, a flow of which is shown in fig. 1, and the method includes the following steps:

step S101: and acquiring data to be preserved submitted by a user.

When the user has data to be preserved, the user can provide the data for the evidence storage server to store and preserve, the user can upload electronic data with preservation requirements to the evidence storage server to store and preserve the evidence, and also can upload some issued data existing on the internet, such as infringement behavior data which possibly infringes own intellectual property, to the evidence storage server to store and preserve the purpose of maintaining the right after intercepting.

Correspondingly, when the certificate storing server acquires the data to be protected submitted by the user, at least one file to be protected issued or stored by the user can be acquired; or, at least one file to be secured, submitted by the user and issued by other users intercepted from the network, may also be acquired, including at least one of the following files: pictures intercepted from the network, screen capture files for browsing network information, and certification files for accessing the network.

Step S102: and generating the security verification information of the data to be secured.

After the data to be saved is acquired by the evidence storage server, the security verification information which can uniquely confirm the integrity and the legality of the security data is generated, the security verification information can confirm that the secured electronic data is the original data, and when the electronic data changes, the corresponding security verification information changes along with the electronic data, so that the electronic data can be confirmed to be the original electronic data through the security verification information.

When the security check information is generated, the logical operation may be performed on the data to be secured to obtain the hash value corresponding to the data to be secured. Since hash values calculated for different data are different, whether the original electronic data is the electronic data can be confirmed by the hash values.

Step S103: and generating a certificate storing electronic certificate information combination according to the data to be protected and the user information.

And the certificate storing server combines the data to be saved and the user information requesting to save the data to obtain a certificate storing electronic certificate information combination.

Optionally, when the data to be preserved is at least one file to be preserved issued or stored by the user, a combination of certificate-storing electronic certificate information including the submitted user information and the information of the file to be preserved is generated.

Optionally, when the data to be preserved is at least one file to be preserved, which is issued by another user and intercepted from the network, a combination of certificate-storing electronic certificate information including the intercepted user information and the submitted user information and the file information to be preserved is generated. The electronic data can be directly intercepted and uploaded on line from the network, and can also be manually realized off line and uploaded.

Step S104: and sending the record information combination comprising the security verification information, the certificate storing electronic certificate information combination, the user identification information and the certificate storing code to the certificate authenticating server.

The certificate storing server obtains user identification information according to the user information, endows the data to be protected with certificate storing codes which are beneficial to searching, and then combines the generated security verification information with the certificate storing electronic certificate information and sends the obtained user identification information and certificate storing code combination to the certificate identifying server.

Step S105: and acquiring a security electronic certificate which is generated and returned by the evidence storage server after the security verification information is successfully recorded according to the recorded information combination.

After the authentication server receives the recorded information combination, according to a preset recording rule, verifying the matching and the legality of the security verification information, the stored electronic certificate information combination and the user identification information which are included in the recorded information combination, and recording the security verification information when the verification is passed; and after the recording is successful, sending the security electronic certificate to a certificate storage server. The certificate storage server obtains the security electronic certificate returned after the certification server successfully records the records, and the process is ended.

Optionally, when the authentication server fails to record, a registration failure notification is returned, and the authentication server receives the registration failure notification returned after the authentication server fails to record, and ends the registration process or sends the registration information combination to the authentication server again.

Step S106: and storing the data to be stored, the electronic certificate for storing the certificate and the electronic certificate for storing the certificate.

And after receiving the security electronic certificate, the certificate storage server stores the received security electronic certificate, the data to be protected and the generated certificate storage electronic certificate together so as to be convenient for a subsequent user to obtain the electronic certificate.

The electronic data security method provided by the embodiment of the invention can be used for protecting the electronic data issued or stored by the user, namely the user can store the electronic data. The electronic data issued by other users and acquired on the internet can also be saved, namely the user saves the electronic data of the right to be protected. The respective specific implementation processes are described as follows:

fig. 2 shows a specific implementation flow of the above electronic data preservation method, which is described with respect to an implementation process of a user for storing electronic data, and specifically includes the following steps:

step S201: the user submits data that needs to be credited.

When the user has the data needing to store the certificate, the data are submitted to a certificate storage server. And the certificate storage server acquires the certificate storage data submitted by the user as the data to be preserved.

For example, a user may upload his own files with intellectual property rights, certain personal files with legal effectiveness, to a credentialing server.

Step S202: the certificate storing server acquires user information for submitting certificate storing data.

And after the user submits the certificate storing data, the certificate storing server acquires the user information. The user information may include user identification information, such as: the user's Universal Unique Identifier (UUID) in the database. The user information may also include user identity information and the like.

Step S203: and generating a hash value corresponding to the evidence storing data.

The step obtains the hash value of the generated certificate storing data in a logic operation mode, and the hash value is used as the security check information of the certificate storing data.

When a user submits a single file, the single file is directly subjected to logic calculation to obtain a hash value. When a user submits a plurality of files, the files can be compressed and combined, and logic calculation is carried out on the compressed and combined files to obtain a hash value.

Step S204: and generating a certificate storing electronic certificate information combination.

When a user submits a single file, an information combination containing user information and file information is generated according to the single file and the user information and serves as an information combination in the electronic certificate for storing certificates.

When a user submits a plurality of files, the files can be compressed and combined, and an information combination containing user information and file information is generated according to the compressed and combined files and user information and is used as an information combination in the certificate-storing electronic certificate.

The user information here generally refers to information of a user who submits credential data.

Step S205: and determining the UUID of the user in the database according to the user information.

When a user stores secure electronic data in a certificate storing server, a UUID uniquely corresponding to each user can be available in a database for storing the electronic data, and the UUID can be acquired from user information.

Step S206: and obtaining the evidence-storing code.

When the user stores the security electronic data in the certificate storing server, each security data can be coded in the database for storing the electronic data, so that the user can search conveniently.

The execution sequence of step S203, step S204, step S205, and step S206 is not sequential, and may be executed simultaneously.

Step S207: and sending the hash value, the combination of the certificate storing electronic certificate information, the UUID and the combination of the certificate storing code to the certificate server.

The certificate storing server acquires information such as the hash value, the certificate storing electronic certificate information combination, the UUID and the certificate storing code, combines the information into a record information combination, and sends the record information combination and the record information combination to the certificate identifying server for record processing.

Step S208: and the authentication server records the hash value.

If the record is successful, go to step S209, and if the record is failed, return to step S207.

Optionally, when the filing fails, the user may also be notified that the filing fails and the certificate storing process is ended, and if the user needs to continue to store the certificate, the certificate storing process may be restarted.

Step S209: the authentication server generates and returns a security electronic certificate to the certificate storage server.

And the authentication server generates a security electronic certificate after the successful record of the hash value and sends the generated electronic certificate to the certificate storage server.

Step S210: the certificate storing server stores the certificate storing data, the certificate storing electronic certificate and the security electronic certificate.

Step S211: and finishing storing the certificate.

Fig. 3 shows another specific implementation flow of the above electronic data preservation method, which is described with respect to an implementation process of preserving the electronic data with right-keeping function by a user, and specifically includes the following steps:

step S301: the user intercepts the picture from the network.

When browsing network information, the user can intercept the picture which the user wants to preserve.

Step S302: and acquiring a screen capture file when a user browses the network.

When a user browses network information, if the user wants to preserve the content displayed on the webpage, the user can acquire a screenshot file in a screenshot mode.

Step S303: a certification document of a user accessing a network is obtained.

When a user accesses a network, a valid certificate of accessing a Uniform Resource Locator (URL) can be obtained as a certificate file of accessing the network.

The execution sequence of the step S301, the step S302 and the step S303 is not sequential.

When a user browses network information and finds that the behavior of infringing on own intellectual property rights exists on the Internet, the accessed content can be intercepted as the evidence of the right of maintenance by intercepting pictures, intercepting screen display content, acquiring access evidence and the like.

Step S304: the user submits the right data.

And when acquiring the possible right-keeping data, the user submits the right-keeping data to a certificate storing server. And the certificate storage server acquires the right-maintaining data submitted by the user as the data to be preserved.

For example, when the user finds out the behavior existing on the internet that may infringe his own intellectual property, the user may collect the evidence of the relevant information in the network and upload the information to the evidence storage server as the evidence of later possible right litigation.

Step S305: and the certificate storage server acquires the user information for submitting the dimensional right data.

And after the user submits the right maintaining data, the certificate storing server acquires the user information. The user information may include user identification information, such as: the user's Universal Unique Identifier (UUID) in the database. The user information may also include user identity information and the like.

Optionally, the certificate storing server may obtain and record user information of the intercepted user, in addition to the user information of the submitting user. Similarly, the user information of the intercepted user may include user identification information, such as UUID, and may also include user identity information, etc.

Step S306: and generating a hash value corresponding to the right maintaining data.

The step obtains the hash value of the generated right maintaining data in a logic operation mode to be used as the preservation check information of the right maintaining data.

Step S307: and generating a certificate storing electronic certificate information combination.

The user information may include information of the user submitting the deposit certificate data, may also include user information of the intercepted user, or both.

Step S308: and determining the UUID of the user in the database according to the user information.

Step S309: and obtaining the evidence-storing code.

The execution sequence of the step S306, the step S307, the step S308, and the step S309 is not sequential, and may be executed simultaneously.

Step S310: and sending the hash value, the combination of the certificate storing electronic certificate information, the UUID and the combination of the certificate storing code to the certificate server.

Step S311: and the authentication server records the hash value.

If the record is successful, go to step S312, and if the record is failed, return to step S310.

Step S312: the authentication server generates and returns a security electronic certificate to the certificate storage server.

Step S313: the certificate storing server stores the certificate storing data, the certificate storing electronic certificate and the security electronic certificate.

Step S314: and finishing storing the certificate.

In the method of the first embodiment, data that the user wants to save the certificate and the right-keeping data that the user may use may be saved, so that the user can use the data as an electronic proof later. When used as electronic evidence, the system can provide an authentication report for the user to prove the validity and validity of the electronic evidence, and the authentication process of the security data is described in detail in the following example two.

Example two

The second embodiment of the present invention provides a method for authenticating security data, which authenticates an electronic evidence secured by a user, provides an evidence validity proof for the user, and improves the usability and effectiveness of the electronic evidence, and the process is shown in fig. 4, and includes the following steps:

step S401: and receiving an authentication request of a user for the secured data.

The certificate storing server receives a signed protocol file sent by a user; or the certificate storing server receives the agreement signing request of the user, provides the agreement file for the user to sign, and acquires the signed agreement file which is signed by the user online or signed offline and uploaded.

In this step, when the user wants to authenticate the secured data, an authentication request is sent to the authentication server. The user can directly sign the protocol file and then transmit the signed protocol file to the certificate storing server, namely, the user is considered to send an authentication request; or the user can send a file acquisition request to the certificate storing server in advance, download the related protocol file, and after signing, transmit the file to the certificate storing server to realize sending the certificate identifying request; or the user sends a file acquisition request to the certificate storing server in advance and signs the protocol file on line to realize the sending of the certificate identifying request.

The signed agreement document may include at least one of a commitment letter, an agent agreement, and a commitment agreement.

Step S402: and generating material detection data according to the authentication request and the secured data aimed at by the authentication request.

After receiving the authentication request, the certificate storing server firstly confirms whether the received protocol file is a valid protocol file.

And when the confirmation is valid, generating the material checking data according to the protocol file for confirming the validity and the secured data aiming at the authentication request acquired from the database.

Optionally, the user may be prompted when the confirmation is invalid and allowed to resend the signed agreement document.

Step S403: and sending the material checking data and the evidence storing data packet corresponding to the preserved data to an authentication server.

The card storage server acquires a security electronic certificate, user identity information and a card storage code corresponding to the secured data from a database to form a card storage data packet; and sending the material checking data and the certificate storing data packet to the certificate authenticating server.

Step S404: and receiving an authentication report which is successfully generated and returned by the authentication server according to the material detection data and the evidence storage data packet.

After the certificate storage server sends the material detection data and the certificate storage data packet to the certificate identification server, the certificate identification server can detect whether the preserved data changes, if the preserved data does not change, the preserved data is regarded as a possible electronic evidence, and an identification report is generated; if a change occurs, no authentication report is generated. And after the authentication server successfully generates an authentication report, sending the authentication report to the authentication storage server.

When the authentication report is successfully generated, the certificate storing server receives the authentication report which is generated and returned when the authentication server verifies the security verification information of the secured data according to the received material checking data and the certificate storing data and the verification passes.

Optionally, when the authentication report is not successfully generated, the authentication server returns an authentication failure notification message to the certificate storing server, and the certificate storing server receives the authentication failure notification message.

Step S405: the authentication report is provided to the user.

The credentialing server provides the received authentication report to the user, proving the legitimacy of the user's security data, and the availability as electronic evidence.

Optionally, the certificate storing server may further receive a certificate authentication failure notification returned by the certificate authenticating server when the successful authentication report of the material checking data and the certificate storing data packet fails, and provide the certificate authentication failure notification to the user.

A specific implementation flow of the above-mentioned security data authentication method is shown in fig. 5, which respectively illustrates operations that the user side, the authentication server and the authentication server need to execute, and mainly includes the following processes:

(1) the user short signs the agreement document and requests authentication for the secured data.

In this process, the user needs to sign an agreement. Signing can be done either in an online or offline manner.

For example, as shown in FIG. 5, download and sign a letter, get and sign an agent agreement online, download and sign a letter.

And sending the signed commission letter, the proxy protocol and the commission agreement to a certificate storage server, and realizing the purpose through a client installed on a computer terminal or a mobile terminal.

(2) And generating material detection data and evidence storage data packets and requesting an authentication report.

The process is realized by a storage server, and the authentication server acquires an effective entrusting letter, an agent protocol and an entrusting protocol, acquires the secured data and generates material detection data. The authentication server generates an authentication data packet comprising an authentication electronic certificate, user identity information (such as user real name information) and an authentication code, and the authentication data packet can also be generated by offline operation and uploaded to the authentication server.

And the certificate storing server sends the material checking data and the certificate storing data packet to the certificate authenticating server to request an authentication report.

(3) And generating and sending an authentication report.

The step is completed by the authentication server, and the authentication server can verify the originality of the preserved data in the material checking data and verify the validity and validity of the certificate storing electronic certificate, the user identity information and the certificate storing code in the certificate storing data packet. And when the preserved data is the original data and is not modified, the data is proved to be available and is valid electronic evidence, an authentication report is produced, and otherwise, the authentication report is not generated.

And when the authentication report is failed to be generated, sending an authentication report generation failure notification message to the certificate storage server.

When the authentication server verifies the originality of the data, the authentication server may check the data through the security check information, for example, through a hash value of the secured data.

(4) The certificate storing server receives the authentication report or the authentication report generation failure notification message and provides the message to the user.

When the certificate storing server receives the authentication report sent by the certificate authenticating server, the record background is updated, the authentication report generation success notification message is sent to the user, the authentication report is generated on line and is provided for the user, for example, a paper piece can be mailed, and an electronic version scanning piece can also be provided.

The deposit server receives the authentication report sent by the authentication server to generate a failure notification message, forwards the failure notification message to the user, and performs subsequent processing, for example, customer service personnel can communicate with the user.

(5) And the user receives the authentication report or generates a failure notification message by the authentication report, and performs subsequent processing.

In the step, a user can use a client to realize operation, and waits for receiving an authentication report when receiving an authentication report generation success notification message sent by a certificate storing server; the user receives the authentication report sent by the authentication server to generate a failure notification message, and performs subsequent processing, such as reapplication for authentication or communication with customer service for processing.

In practical use, the authentication process is that the user actually initiates a request to a judicial authentication center according to the existing electronic certificate for storing the certificate in the system, and solicits the other party to generate a judicial authentication report with more legal effectiveness for the own security document.

EXAMPLE III

Based on the same inventive concept, a third embodiment of the present invention provides an internet electronic data security system, whose structure is shown in fig. 6, including: aclient 601, acertificate storage server 602 and acertificate authority 603.

Theclient 601 is configured to submit the data to be secured to thecertificate storing server 602.

Thecertificate storage server 602 comprises an internet data security implementation device, and is used for acquiring data to be secured submitted by a user and generating security verification information of the data to be secured; generating a certificate storing electronic certificate information combination according to the data to be protected and the user information; sending the record information combination including the security verification information, the certificate storing electronic certificate information combination, the user identification information and the certificate storing code to theauthentication server 603; acquiring a security electronic certificate which is generated and returned by theauthentication server 603 after the security verification information is successfully filed according to the filing information combination; and storing the data to be stored, the electronic certificate for storing the certificate and the electronic certificate for storing the certificate.

Theauthentication server 603 is configured to receive the filing information combination sent by theauthentication server 602, and to perform filing on the security verification information according to the filing information combination, and generate and return a security electronic certificate after successful filing.

The configuration of the internet electronic data security device is shown in fig. 7, and includes: adata acquisition module 701, afirst generation module 702, asecond generation module 703, a combinedsending module 704, acertificate acquisition module 705 and adata storage module 706.

Adata obtaining module 701, configured to obtain data to be secured submitted by a user.

Thefirst generating module 702 is configured to generate security verification information of data to be secured.

And asecond generating module 703, configured to generate a certificate storing electronic certificate information combination according to the to-be-saved data and the user information.

And thecombination sending module 704 is configured to send a filing information combination including the security verification information, the certificate storing electronic certificate information combination, the user identification information, and the certificate storing code to the certificate server.

Thecertificate obtaining module 705 is configured to obtain a security electronic certificate that is generated and returned by the authentication server after the security verification information is successfully filed according to the filing information combination.

And the datacertificate storing module 706 is configured to store the data to be preserved, the electronic certificate for storing the certificate, and the electronic certificate for storing the certificate.

Preferably, thedata obtaining module 701 is specifically configured to obtain at least one to-be-secured file that is submitted by a user and is issued or stored by the user; or acquiring at least one file to be saved submitted by a user and issued by other users intercepted from the network, wherein the file to be saved comprises at least one of the following files: pictures intercepted from the network, screen capture files for browsing network information, and certification files for accessing the network.

Preferably, thesecond generating module 703 is specifically configured to generate a combination of certificate-storing electronic certificate information including the submitted user information and the information of the file to be saved, when the data to be saved is at least one file to be saved issued or stored by the second generating module; when the data to be preserved is at least one file to be preserved, which is issued by other users and intercepted from the network, the combination of the certificate storing electronic certificate information including the intercepted user information and the submitted user information and the file information to be preserved is generated.

Preferably, the certificate acquisition module is specifically configured to acquire a security electronic certificate returned after the authentication server is successfully filed; receiving a failure registration notice returned after the authentication server fails to register; after receiving the record information combination, the authentication server verifies the matching and legality of the security verification information, the storage electronic certificate information combination and the user identification information in the record information combination according to a preset record rule, and records the security verification information when the verification is passed; accordingly, the method can be used for solving the problems that,

and the combination sending module is also used for ending the record process or sending the record information combination to the authentication server again according to the record failure notification received by the certificate acquisition module.

Example four

Based on the same inventive concept, a security data authentication system according to a fourth embodiment of the present invention is shown in fig. 8, and includes:client 801,certificate storage server 802 andcertificate identification server 803.

Aclient 801, configured to send an authentication request for secured data to thecertificate server 802, and receive an authentication report provided by thecertificate server 802.

Theauthentication server 802 includes a secured data authentication device for receiving an authentication request of a user for secured data; generating material detection data according to the authentication request and the secured data aimed at by the authentication request; sending the material checking data and the evidence storing data packet corresponding to the preserved data to theauthentication server 803; receiving an authentication report which is successfully generated and returned by theauthentication server 803 according to the material detection data and the evidence storage data packet; the authentication report is provided to the user.

Theauthentication server 803 is configured to receive the material checking data and the certificate storing data packet corresponding to the secured data sent by theauthentication server 802, generate an authentication report according to the material checking data and the certificate storing data packet, and return the authentication report to thecertificate storing server 802.

Based on the same inventive concept, a fourth embodiment of the present invention further provides a security data authentication apparatus, which is shown in fig. 9 and includes: arequest receiving module 901, a material detectinggeneration module 902, adata transmission module 903, areport receiving module 904 and areport providing module 905.

Arequest receiving module 901, configured to receive an authentication request of a user for secured data.

The materialinspection generation module 902 is configured to generate material inspection data according to the authentication request and the secured data targeted by the authentication request.

And thedata sending module 903 is configured to send the material checking data and the certificate storing data packet corresponding to the secured data to the certificate server.

And areport receiving module 904, configured to receive an authentication report that is successfully generated and returned by the authentication server according to the material testing data and the evidence storing data packet.

Areport providing module 905 for providing the authentication report to the user.

Preferably, therequest receiving module 901 is specifically configured to receive a signed protocol file sent by a user; or receiving a protocol signing request of a user, providing the protocol file for the user to sign, and acquiring the signed protocol file which is signed by the user online or uploaded after being signed offline.

Preferably, the material-checkinggenerating module 902 is specifically configured to determine whether the received protocol file is a valid protocol file, and when the received protocol file is determined to be valid, generate material-checking data according to the valid protocol file and the secured data corresponding to the authentication request acquired from the database; accordingly, the method can be used for solving the problems that,

thedata sending module 903 is specifically configured to obtain a security electronic certificate, user identity information, and a security code corresponding to the secured data from the database, and form a security data packet; and sending the material checking data and the certificate storing data packet to the certificate authenticating server.

Preferably, thereport receiving module 904 is further configured to receive an authentication failure notification returned by the authentication server when the report fails to be successfully authenticated according to the inspection data and the certificate storing data packet; accordingly, the method can be used for solving the problems that,

thereport providing module 905 is specifically configured to notify the providing user of the authentication failure.

With regard to the system and apparatus in the above embodiments, the specific manner in which the respective modules perform operations has been described in detail in relation to the embodiments of the method, and will not be elaborated upon here.

The method, the system and the device of the embodiment of the invention carry out preservation on the electronic data, carry out identification and verification on the legality of the preserved electronic data as the electronic evidence, more conveniently provide electronic data preservation for common users, and can conveniently provide the legality identification evidence of the evidence when the legal intellectual property of the users or the electronic data involved in legal disputes are taken as the evidence.

By using the security system to secure electronic data, when a user encounters infringement and generates legal disputes, the secured data can be rapidly authenticated by law. The judicial identification certificate of the electronic evidence can be obtained by the user only through simple procedures and online application without long waiting, so that the expensive offline electronic judicial identification of the electronic evidence by the user independently is avoided. Thereby providing convenience to users, courts, parties, and the like.

For example, the deposit certificate server of the system can be used for helping the intellectual property main body to realize the online protection and maintenance functions of the intellectual property! The intellectual property body includes individuals and also includes enterprises and public institutions and the like. The certificate storage server is linked with an authentication server of an electronic data judicial authentication center, and the agency judicial authentication center provides an electronic certificate with legal effectiveness; and linking the judicial appraisal center and the intellectual property main body to initiate an online filling service of the judicial appraisal report.

For a certain electronic data with intellectual property rights of an intellectual property right main body, the system registers and protects the electronic data with intellectual property rights through online certificate storing operation and issues an electronic certificate with legal effectiveness at the same time; for some intellectual property owner right behaviors infringed on the Internet, the system records the infringement behaviors through online evidence obtaining operation and issues electronic certificates with legal effectiveness to guarantee the reality and the effectiveness of the infringement behaviors. For the electronic data and infringement records of the existing electronic version certificate, the system initiates a judicial appraisal report request to a judicial appraisal center by an agent intellectual property body through an online appraisal operation. Provide more authoritative secondary protection for the user's intellectual property and right-maintaining process!

The system is a new data security process, a user stores data in a certificate storage server, and the intellectual property system provides certificate storage, right maintenance and certificate identification functions for the user and judicial identification service of electronic evidences of the user. The system creates a new era of electronic evidence preservation, and has the following main advantages: providing multiple services, storing certificates, maintaining rights and identifying certificates for users; the certificate storing function is used for the user, the electronic data of the user is stored in the certificate storing server, the information of the data is recorded in a judicial authentication center, the legality of the data of the user can be verified through the recorded information, and the user data is prevented from being tampered; the user carries out judicial identification on the data through the system, and compared with judicial identification under a pure line, the operation is simpler and quicker.

The system and the method of the invention provide daily preservation of electronic data for individuals or enterprises, ensure the legality of the data, ensure the legal effect when the individuals or the enterprises use the electronic evidence as the evidence, provide users for authentication operation, generate an electronic evidence judicial authentication certificate with legal effect, and provide users with evidence obtaining and right maintaining operation when the users find infringement behaviors.

The method saves the electronic data of the user to a special certificate storage server instead of being independently stored in an individual system of the user or an enterprise; preserving electronic data, wherein the electronic data independently exist in a certificate storage server, and data file verification information and the like are filed in a judicial appraisal center; the electronic judicial assessment report is applied more conveniently when legal disputes occur, the time for issuing the certificate is shorter, and the certificate issuing cost is lower.

Unless specifically stated otherwise, terms such as processing, computing, calculating, determining, displaying, or the like, may refer to an action and/or process of one or more processing or computing systems or similar devices that manipulates and transforms data represented as physical (e.g., electronic) quantities within the processing system's registers and memories into other data similarly represented as physical quantities within the processing system's memories, registers or other such information storage, transmission or display devices. Information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.

It should be understood that the specific order or hierarchy of steps in the processes disclosed is an example of exemplary approaches. Based upon design preferences, it is understood that the specific order or hierarchy of steps in the processes may be rearranged without departing from the scope of the present disclosure. The accompanying method claims present elements of the various steps in a sample order, and are not intended to be limited to the specific order or hierarchy presented.

In the foregoing detailed description, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments of the subject matter require more features than are expressly recited in each claim. Rather, as the following claims reflect, invention lies in less than all features of a single disclosed embodiment. Thus, the following claims are hereby expressly incorporated into the detailed description, with each claim standing on its own as a separate preferred embodiment of the invention.

Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.

The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. Of course, the processor and the storage medium may reside as discrete components in a user terminal.

For a software implementation, the techniques described herein may be implemented with modules (e.g., procedures, functions, and so on) that perform the functions described herein. The software codes may be stored in memory units and executed by processors. The memory unit may be implemented within the processor or external to the processor, in which case it can be communicatively coupled to the processor via various means as is known in the art.

What has been described above includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the aforementioned embodiments, but one of ordinary skill in the art may recognize that many further combinations and permutations of various embodiments are possible. Accordingly, the embodiments described herein are intended to embrace all such alterations, modifications and variations that fall within the scope of the appended claims. Furthermore, to the extent that the term "includes" is used in either the detailed description or the claims, such term is intended to be inclusive in a manner similar to the term "comprising" as "comprising" is interpreted when employed as a transitional word in a claim. Furthermore, any use of the term "or" in the specification of the claims is intended to mean a "non-exclusive or".

Claims

1. A method for authenticating security data, comprising:

the certificate storing server receives an authentication request of a user for the preserved data;

the certificate storing server generates material detecting data according to the certificate identifying request and the preserved data aimed by the certificate identifying request;

the certificate storing server sends the certificate storing data packet corresponding to the material detecting data and the preserved data to the certificate authenticating server;

the certificate storage server receives an authentication report which is successfully generated and returned by the authentication server according to the material detection data and the certificate storage data packet;

the certificate storing server provides the authentication report to a user;

the certificate storing data packet is composed of a security electronic certificate corresponding to the secured data, user identity information and a certificate storing code which are acquired from a database.

2. The method as claimed in claim 1, wherein said receiving a user authentication request for secured data comprises:

receiving a signed protocol file sent by a user; or

3. The method according to claim 2, wherein the generating of the material testing data and the sending of the certification data packet corresponding to the material testing data and the secured data to the certification server specifically comprise:

4. The method according to claim 1, wherein the receiving of the authentication report successfully generated and returned by the authentication server according to the material detection data and the evidence storing data packet comprises:

5. The method of any of claims 1-4, further comprising:

6. A secured data authentication device, comprising:

the data sending module is used for sending the material checking data and the evidence storing data packet corresponding to the preserved data to the authentication server; the certificate storing data packet is composed of a security electronic certificate corresponding to the secured data, user identity information and a certificate storing code which are acquired from a database;

a report providing module for providing the authentication report to a user.

7. The apparatus of claim 6, wherein the request receiving module is specifically configured to:

receiving a signed protocol file sent by a user; or

8. The apparatus of claim 7, wherein the test material generation module is specifically configured to: and confirming whether the received protocol file is a valid protocol file, and generating material checking data according to the valid protocol file and the secured data aiming at the authentication request acquired from the database when the received protocol file is valid.

9. The apparatus of any of claims 6-8, wherein the report receiving module is further configured to: receiving an authentication failure notice returned by the authentication server when the successful authentication report fails according to the material detection data and the authentication storage data packet; accordingly, the method can be used for solving the problems that,

10. A system for authenticating security data, comprising: the system comprises a client, a certificate storage server and a certificate authentication server;

the deposit server comprises a secured data authentication device according to any one of claims 6 to 9;

the authentication server is used for receiving the material checking data sent by the evidence storage server and the evidence storage data packet corresponding to the preserved data, and returning the authentication report to the evidence storage server after successfully generating the authentication report according to the material checking data and the evidence storage data packet.