CN115688183A - Cloud-signed electronic certificate cochain evidence storing and obtaining identification method - Google Patents

Abstract

The invention discloses a cloud-signed electronic certificate chain evidence-uploading evidence-storing and evidence-taking authentication method, which is based on a secondary security system, a third-party evidence-storing block chain and an industry block chain platform, wherein the secondary security system is used for carrying out data acquisition and hash calculation on an electronic certificate which is signed by a cloud, the third-party evidence-storing block chain is used for storing a hash value of the electronic certificate, and the industry block chain platform is used for storing a source data file and the hash value of the electronic certificate and forming an evidence-storing record; the method comprises a chain link forensics process and a forensics authentication process of cloud signing electronic certificates. The method realizes the credible verification and verification service of the electronic certificate based on the block chain technology, ensures the real credibility, tamper resistance and traceability of business data, is convenient for relevant personnel to quickly verify the data in possible judicial disputes, and improves the judicial efficiency.

Description

Translated fromChinese

一种云签署电子凭证的上链存证和取证鉴定方法A cloud-signed electronic certificate storage and identification method on the chain

技术领域technical field

本发明属于电子凭证存取证技术领域，尤其涉及一种云签署电子凭证的上链存证和取证鉴定方法。The invention belongs to the technical field of depositing and obtaining electronic certificates, and in particular relates to a cloud-signed electronic certificate storage and identification method on chain.

背景技术Background technique

随着信息技术的发展，基于互联网模式形成的电子商务、在线金融、电子合同、电子交易等应用逐渐成为企业的核心业务模式与经营资产，在交易过程中会产生结算单据、过程文件等大量电子凭证，对于涉及到的电子凭证一般采用电子签署方式，然而经过签署的电子凭证往往以电子数据的形式存储于计算机或其它类似载体内，容易被合成和篡改，使其丧失了真实性，因此如何保证获取的电子凭证的真实性和可靠性是目前存在的技术问题。With the development of information technology, applications such as e-commerce, online finance, electronic contracts, and electronic transactions based on the Internet model have gradually become the core business models and operating assets of enterprises. During the transaction process, a large number of electronic transactions such as settlement documents and process documents will be generated. Vouchers, for the electronic vouchers involved, electronic signatures are generally used. However, signed electronic vouchers are often stored in computers or other similar carriers in the form of electronic data, and are easy to be synthesized and tampered with, making them lose their authenticity. Therefore, how to Ensuring the authenticity and reliability of the obtained electronic certificates is a technical problem at present.

发明内容Contents of the invention

本发明的目的在于提供一种云签署电子凭证的上链存证和取证鉴定方法，以解决上述技术问题。The purpose of the present invention is to provide a cloud-signed electronic certificate up-chain deposit and evidence identification method to solve the above technical problems.

为了实现上述目的，本发明的方案是：In order to achieve the above object, the solution of the present invention is:

本发明公开了一种云签署电子凭证的上链存证和取证鉴定方法，所述方法基于二级保全系统、第三方存证区块链以及行业区块链平台，所述二级保全系统用于对完成云签署的电子凭证进行数据采集以及哈希计算，所述第三方存证区块链用于存证电子凭证的哈希值，所述行业区块链平台用于存证电子凭证的源数据文件以及哈希值并形成存证记录；其特征在于，所述方法包括云签署电子凭证的上链存证过程和取证鉴定过程；The invention discloses a cloud-signed electronic certificate storage and identification method on the chain. The method is based on a secondary security system, a third-party certificate storage block chain and an industry block chain platform. For data collection and hash calculation of electronic certificates that have been signed by the cloud, the third-party certificate storage blockchain is used to store the hash value of the electronic certificate, and the industry blockchain platform is used to store the hash value of the electronic certificate. The source data file and the hash value form a certificate deposit record; it is characterized in that the method includes an on-chain certificate deposit process and a evidence collection and identification process of cloud-signed electronic certificates;

所述云签署电子凭证的上链存证过程包括以下步骤：The on-chain deposit process of the cloud-signed electronic certificate includes the following steps:

第一步：所述二级保全系统通过证据采集接口对完成云签署的电子凭证进行数据采集，并将采集到的源数据文件进行存储；Step 1: The secondary security system collects data from the cloud-signed electronic certificate through the evidence collection interface, and stores the collected source data files;

第二步：所述二级保全系统对采集到的源数据文件进行哈希计算得到哈希值；Step 2: the secondary security system performs hash calculation on the collected source data files to obtain a hash value;

第三步：所述二级保全系统将哈希值传送至所述第三方存证区块链，所述第三方存证区块链接收到哈希值后加盖时间戳并存证；同时将源数据文件、哈希值依次传送至所述行业区块链平台的各节点区块链，形成电子凭证的存证记录；Step 3: The secondary security system transmits the hash value to the third-party certificate storage block chain, and the third-party certificate deposit block chain receives the hash value and stamps the time stamp and deposits the certificate; The source data file and the hash value are sequentially transmitted to each node blockchain of the industry blockchain platform to form a deposit record of the electronic certificate;

所述云签署电子凭证的取证鉴定过程包括以下步骤：The forensic identification process of the cloud-signed electronic certificate includes the following steps:

第一步：对所述二级保全系统进行证据提取，所述二级保全系统将源数据文件发送至所述第三方存证区块链，所述第三方存证区块链计算源数据文件的哈希值并与保存的哈希值进行对比，若相同，则出具第三方存证报告；Step 1: Extract evidence from the secondary security system, the secondary security system sends the source data file to the third-party certificate storage blockchain, and the third-party certificate storage blockchain calculates the source data file The hash value is compared with the saved hash value, and if they are the same, a third-party evidence deposit report will be issued;

第二步：电子凭证的存证记录从所述行业区块链平台的各节点区块链依次反馈至所述二级保全系统，根据电子凭证的存证记录出具行业存证报告；Step 2: The deposit records of electronic certificates are fed back to the secondary security system in sequence from each node blockchain of the industry blockchain platform, and an industry certificate deposit report is issued according to the deposit records of electronic certificates;

第三步：由第三方存证报告与行业存证报告共同证明上链的电子凭证数据未被篡改。Step 3: The third-party certificate deposit report and the industry certificate deposit report jointly prove that the electronic certificate data on the chain has not been tampered with.

进一步的是，所述第三方存证区块链包括时间戳系统、一级保全系统与鉴定机构，所述时间戳系统用于加盖时间戳，所述一级保全系统与鉴定机构用于存证哈希值。Further, the third-party certificate deposit blockchain includes a time stamp system, a first-level security system and an authentication institution, the time stamp system is used to add time stamps, and the first-level security system and the authentication institution are used to store certificate hash value.

进一步的是，在上链存证过程中，所述二级保全系统将哈希值传送至所述时间戳系统，加盖时间戳后传送至所述一级保全系统存证，所述一级保全系统将哈希值同步至所述鉴定机构存证。Further, during the chain deposit process, the secondary security system transmits the hash value to the time stamp system, and after stamping the time stamp, transmits the hash value to the primary security system for deposit. The security system synchronizes the hash value to the verification agency for deposit.

进一步的是，在取证鉴定过程中，所述二级保全系统将源数据文件发送至所述一级保全系统,同时提交至所述鉴定机构，所述一级保全系统计算源数据文件的哈希值并与存证的哈希值进行对比，若相同，则出具数据存证报告；所述鉴定机构计算源数据文件的哈希值并与存证的哈希值进行对比，若相同，则出具数据鉴定报告；数据存证报告与数据鉴定报告共同构成第三方存证报告。Further, in the process of forensic identification, the secondary security system sends the source data file to the primary security system, and submits it to the identification agency at the same time, and the primary security system calculates the hash of the source data file value and compare it with the hash value of the stored certificate, if they are the same, issue a data storage report; Data identification report; data evidence storage report and data identification report together constitute a third-party evidence storage report.

进一步的是，所述源数据文件为完成云签署的电子凭证的结构化源数据、PDF源文件。Further, the source data file is the structured source data and PDF source file of the cloud-signed electronic certificate.

进一步的是，所述第三方存证区块链为CA机构存证区块链。Further, the third-party evidence-depositing blockchain is a CA institution-depositing blockchain.

进一步的是，所述电子凭证的存证记录包括哈希值和存证编号。Further, the deposit record of the electronic certificate includes a hash value and a deposit number.

本发明的有益效果是：本发明所述的一种云签署电子凭证的上链存证和取证鉴定方法基于区块链技术实现了电子凭证的可信存证与核验服务，保障了业务数据的真实可信、防篡改以及可追溯性，在可能出现的司法纠纷中，便于相关人员快速进行数据核验，提高司法效率。The beneficial effect of the present invention is that: a cloud-signed electronic certificate storage and evidence identification method based on the blockchain technology in the present invention realizes credible deposit and verification services of electronic certificates, and ensures the security of business data. Authentic and credible, tamper-proof and traceable, in the event of possible judicial disputes, it is convenient for relevant personnel to quickly conduct data verification and improve judicial efficiency.

下面结合附图和实施例对本发明作进一步详细描述。The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

附图说明Description of drawings

图1为实施例一的上链存证流程示意图；Figure 1 is a schematic diagram of the process of depositing certificates on the chain in Embodiment 1;

图2为实施例一的取证鉴定流程示意图。FIG. 2 is a schematic diagram of the forensic identification process in Embodiment 1.

具体实施方式Detailed ways

本发明公开了一种云签署电子凭证的上链存证和取证鉴定方法，所述方法基于二级保全系统、第三方存证区块链以及行业区块链平台，其中二级保全系统用于对完成云签署的电子凭证进行数据采集以及哈希计算，二级保全系统具备证据采集接口，当电子凭证完成云签署后，由二级保全系统的证据采集接口对其源数据文件包括生成的结构化源数据、PDF源文件等进行采集；二级保全系统接收到源数据文件后，先进行保存并对其进行哈希计算得到哈希值，哈希值是通过对原始信息进行加密运算得到的一组固定长度二进制值，原始信息中任意一个字节的改变会导致哈希值发生变化，因此可以用来验证源数据文件是否被篡改。第三方存证区块链用于存证电子凭证的哈希值，行业区块链平台用于存证电子凭证的源数据文件以及哈希值并形成存证记录，包括哈希值和存证编号。具体的，第三方存证区块链包括时间戳系统、一级保全系统与鉴定机构，时间戳系统用于加盖时间戳，一级保全系统与鉴定机构用于存证哈希值。The invention discloses a cloud-signed electronic certificate storage and identification method on the chain. The method is based on a secondary security system, a third-party storage blockchain and an industry blockchain platform, wherein the secondary security system is used for Perform data collection and hash calculation on the cloud-signed electronic certificate. The secondary security system has an evidence collection interface. When the electronic certificate is cloud-signed, the evidence collection interface of the secondary security system includes the generated structure for the source data file. Collect source data, PDF source files, etc.; after receiving the source data files, the secondary security system first saves them and performs hash calculation on them to obtain the hash value. The hash value is obtained by encrypting the original information A set of fixed-length binary values. A change in any byte in the original information will cause a change in the hash value, so it can be used to verify whether the source data file has been tampered with. The third-party certificate storage blockchain is used to store the hash value of the electronic certificate, and the industry blockchain platform is used to store the source data file and hash value of the electronic certificate and form a certificate record, including the hash value and the certificate serial number. Specifically, the third-party certificate storage blockchain includes a time stamp system, a first-level security system and an authentication agency. The time stamp system is used to add time stamps, and the first-level security system and the authentication agency are used to store certificate hash values.

其中，二级保全系统包括机构及应用管理模块、用户管理模块、系统配置模块、模板管理模块、证据采集模块、证据管理模块以及统计模块；所述机构及应用管理模块用于系统管理员根据使用机构的实际情况设置相关机构及应用信息；用户管理模块用于系统管理员为应用创建管理员，每个应用只创建一个管理员，该管理员是使用应用信息中的联系人信息制作数字证书；系统配置模块用于配置与一级保全系统之间安全通讯的SSL通讯证书以及时间戳服务；模板管理模块用于管理电子凭证的取证模板，包括模板编辑、模板销毁等；证据采集模块用于业务系统通过证据采集接口对完成云签署的电子凭证进行数据采集并留档存储，同时对采集到的源数据文件计算形成哈希值；证据管理模块用于证据查看以及取证管理，证据查看包括根据输入条件（包括存单号、应用id等）进行查询，展示查询结果以及下载证据包括存证附件、数据存证报告等；取证管理包括取证申请、取证审计以及证据提取等，取证申请用于根据存单号、回单号或筛选结果进行取证申请，并且可以对已申请的取证行为进行进度跟踪，查询取证结果及下载相关报告等；取证审计用于对机构、应用、时间等信息进行查询，且可以对查询出来的信息进行导出；证据提取用于查询证据、将证据导出，以及在取证时将证据提交到一级保全系统中；统计模块用于二级保全系统根据时间等要素统计期间所存证的数据总数，以便后期与一级保全数据进行核对，支持以机构、应用为条件统计存证数量。Among them, the secondary security system includes an organization and application management module, a user management module, a system configuration module, a template management module, an evidence collection module, an evidence management module, and a statistics module; The actual situation of the organization sets relevant organization and application information; the user management module is used by the system administrator to create an administrator for the application, and only one administrator is created for each application, and the administrator uses the contact information in the application information to create a digital certificate; The system configuration module is used to configure the SSL communication certificate and time stamp service for secure communication with the first-level security system; the template management module is used to manage the evidence collection templates of electronic certificates, including template editing, template destruction, etc.; the evidence collection module is used for business Through the evidence collection interface, the system collects and stores the electronic certificates signed by the cloud, and at the same time calculates the hash value of the collected source data files; the evidence management module is used for evidence viewing and evidence collection management. Evidence viewing includes Conditions (including deposit receipt number, application id, etc.) to query, display query results and download evidence including deposit certificate attachments, data certificate deposit reports, etc.; evidence collection management includes evidence collection application, evidence collection audit, and evidence extraction, etc. , receipt number or screening results to apply for evidence collection, and can track the progress of the applied forensics behavior, query the results of evidence collection and download related reports, etc.; forensics audit is used to query information such as organization, application, time, etc., and can The queried information is exported; evidence extraction is used to query evidence, export evidence, and submit evidence to the first-level security system when collecting evidence; the statistical module is used for the second-level security system to count the data stored during the period based on time and other elements The total number is used to check with the first-level security data in the later stage, and it supports the statistics of the number of certificates based on the organization and application.

一级保全系统包括存证模块和取证模块，存证模块用于接收二级保全系统上传的哈希值，哈希值由时间戳系统加盖时间戳后进行存证固化；取证模块用于取证比对，具体来说，在需要取证时，由二级保全系统将源数据文件发送至一级保全系统，一级保全系统自动比对源数据文件与存证哈希值之间关系，比对成功后出具第三方存证报告。The first-level security system includes a certificate deposit module and a evidence collection module. The certificate deposit module is used to receive the hash value uploaded by the secondary security system. Comparison, specifically, when evidence is needed, the second-level security system sends the source data file to the first-level security system, and the first-level security system automatically compares the relationship between the source data file and the hash value of the stored evidence, and compares A third-party evidence deposit report will be issued upon success.

所述方法包括云签署电子凭证的上链存证过程和电子凭证的取证鉴定过程。The method includes a cloud-signed electronic certificate on-chain certificate deposit process and an electronic certificate forensic identification process.

其中，云签署电子凭证的上链存证过程包括以下步骤：Among them, the on-chain storage process of cloud-signed electronic certificates includes the following steps:

第一步：二级保全系统通过证据采集接口对完成云签署的电子凭证进行数据采集，并将采集到的源数据文件进行存储；Step 1: The secondary security system collects data from the cloud-signed electronic certificate through the evidence collection interface, and stores the collected source data files;

第二步：二级保全系统对采集到的源数据文件进行哈希计算得到哈希值；Step 2: The secondary security system performs hash calculation on the collected source data files to obtain the hash value;

第三步：二级保全系统将哈希值传送至第三方存证区块链，第三方存证区块链接收到哈希值后加盖时间戳并存证；同时将源数据文件、哈希值依次传送至行业区块链平台的各节点区块链，形成电子凭证的存证记录；Step 3: The secondary security system transmits the hash value to the third-party certificate storage blockchain, and the third-party certificate deposit blockchain link receives the hash value and stamps the time stamp and deposits the certificate; at the same time, the source data file, hash The value is transmitted to each node blockchain of the industry blockchain platform in turn to form a record of electronic certificate storage;

云签署电子凭证的取证鉴定过程包括以下步骤：The forensic identification process of cloud-signed electronic certificates includes the following steps:

第一步：对所述二级保全系统进行证据提取，二级保全系统将源数据文件发送至第三方存证区块链，第三方存证区块链计算源数据文件的哈希值并与保存的哈希值进行对比，若相同，则出具第三方存证报告；Step 1: Extract evidence from the secondary security system, the secondary security system sends the source data file to the third-party certificate storage blockchain, and the third-party certificate storage blockchain calculates the hash value of the source data file and compares it with The stored hash values are compared, and if they are the same, a third-party evidence deposit report will be issued;

第二步：电子凭证的存证记录从行业区块链平台的各节点区块链依次反馈至二级保全系统，根据电子凭证的存证记录出具行业存证报告；Step 2: The deposit records of electronic certificates are fed back to the secondary security system in sequence from the blockchain of each node of the industry blockchain platform, and an industry certificate report is issued according to the deposit records of electronic certificates;

第三步：由第三方存证报告与行业存证报告共同证明上链的电子凭证数据未被篡改。Step 3: The third-party certificate deposit report and the industry certificate deposit report jointly prove that the electronic certificate data on the chain has not been tampered with.

在上链存证过程中，二级保全系统将哈希值传送至时间戳系统，加盖时间戳后传送至一级保全系统存证，一级保全系统将哈希值同步至鉴定机构存证。在取证鉴定过程中，二级保全系统将源数据文件发送至一级保全系统，一级保全系统计算源数据文件的哈希值并与保存的哈希值进行对比，若相同，则出具数据存证报告；同理，将源数据文件提交至鉴定机构，鉴定机构计算源数据文件的哈希值并与一级保全系统传输的哈希值进行对比，若相同，则出具数据鉴定报告；数据存证报告与数据鉴定报告共同构成第三方存证报告。In the process of storing certificates on the chain, the secondary security system transmits the hash value to the time stamp system, and after stamping the time stamp, it is sent to the primary security system for deposit, and the primary security system synchronizes the hash value to the authentication institution for deposit . In the process of forensic identification, the secondary security system sends the source data file to the primary security system, and the primary security system calculates the hash value of the source data file and compares it with the stored hash value. similarly, submit the source data file to the appraisal institution, and the appraisal institution calculates the hash value of the source data file and compares it with the hash value transmitted by the first-level security system. If they are the same, a data appraisal report will be issued; the data storage The attestation report and the data appraisal report together constitute the third-party attestation report.

实施例一Embodiment one

本实施例为上述云签署电子凭证的上链存证和取证鉴定方法的应用实例。This embodiment is an application example of the above cloud-signed electronic certificate on-chain certificate storage and forensic identification method.

本实施例所述方法基于二级保全系统、第三方存证区块链以及行业区块链平台，本实施例中的第三方存证区块链为CA机构存证区块链，包括时间戳系统、一级保全系统与鉴定机构，鉴定机构为国家信息中心电子数据司法鉴定中心；行业区块链平台包括冀北从链、国网链、国网电商司法链以及天平链。The method described in this embodiment is based on a secondary security system, a third-party certificate storage blockchain, and an industry blockchain platform. The third-party certificate storage blockchain in this embodiment is a CA institution certificate storage blockchain, including a timestamp System, first-level security system and appraisal institution, the appraisal institution is the Electronic Data Judicial Appraisal Center of the National Information Center; the industry blockchain platform includes the Hebei Congchain, the State Grid Chain, the State Grid E-commerce Judicial Chain and the Tianping Chain.

本实施例所述方法包括云签署电子凭证的上链存证过程和取证鉴定过程。The method described in this embodiment includes the on-chain certificate deposit process and the forensic identification process of cloud-signed electronic certificates.

其中，如图1所示，云签署电子凭证的上链存证过程包括以下步骤：Among them, as shown in Figure 1, the on-chain storage process of cloud-signed electronic certificates includes the following steps:

第一步：二级保全系统通过证据采集接口对完成云签署的电子凭证进行数据采集，并将采集到的源数据文件进行存储；Step 1: The secondary security system collects data from the cloud-signed electronic certificate through the evidence collection interface, and stores the collected source data files;

第二步：二级保全系统对采集到的源数据文件进行哈希计算得到哈希值；Step 2: The secondary security system performs hash calculation on the collected source data files to obtain the hash value;

第三步：二级保全系统将哈希值传送至CA机构存证区块链，CA机构存证区块链的时间戳系统对其加盖时间戳后传送至一级保全系统存证，一级保全系统将哈希值同步至国家信息中心电子数据司法鉴定中心存证。二级保全系统同时将源数据文件、哈希值传送至冀北从链，经由冀北从链依次在国网链、国网电商司法链上传递，最后由国网电商司法链向天平链传递哈希值，形成天平链存证记录，包括天平链哈希值和天平链存证编号。Step 3: The secondary security system transmits the hash value to the CA institution's certificate deposit blockchain, and the time stamp system of the CA institution's certificate deposit blockchain stamps it with a time stamp and then sends it to the first-level security system for deposit. The high-level security system synchronizes the hash value to the National Information Center Electronic Data Forensic Center for evidence storage. The secondary security system simultaneously transmits the source data files and hash values to the Jibei slave chain, which is passed on the State Grid chain, the State Grid e-commerce judicial chain, and finally the State Grid e-commerce judicial chain to Tianping The chain transfers the hash value to form a Tianping Chain certificate record, including the Tianping Chain hash value and the Tianping Chain certificate number.

如图2所示，云签署电子凭证的取证鉴定过程包括以下步骤：As shown in Figure 2, the forensic identification process of cloud-signed electronic certificates includes the following steps:

第一步：对二级保全系统进行证据提取，二级保全系统将源数据文件发送至CA机构存证区块链的一级保全系统，同时提交至国家信息中心电子数据司法鉴定中心进行哈希值比对。具体为二级保全系统通过SSL双向加密的方式将源数据文件传送至一级保全系统，一级保全系统会计算哈希值并与保存记录的哈希值进行自动核验，若相同则转入人工审核，人工审核通过后将出具数据存证报告并发送至二级保全系统。国家信息中心电子数据司法鉴定中心与一级保全系统验证机制同理，根据接收到的源数据文件和一级保全系统同步传输的哈希值进行比对验证，若相同则出具数据鉴定报告。由于国家信息中心电子数据司法鉴定中心内部规则要求，一般是线下刻盘提供证据资料进行比对。Step 1: Extract evidence from the secondary security system. The secondary security system sends the source data files to the primary security system of the CA agency deposit blockchain, and submits them to the National Information Center Electronic Data Forensic Center for hashing value comparison. Specifically, the second-level security system transmits the source data files to the first-level security system through SSL two-way encryption. The first-level security system will calculate the hash value and automatically verify it with the hash value of the saved record. If it is the same, it will be transferred to manual Review, after the manual review is passed, a data storage report will be issued and sent to the secondary security system. The Electronic Data Judicial Identification Center of the National Information Center is the same as the verification mechanism of the first-level security system. It compares and verifies the received source data file and the hash value transmitted synchronously by the first-level security system, and issues a data identification report if they are the same. Due to the requirements of the internal rules of the Electronic Data Forensic Center of the State Information Center, evidence and materials are generally provided offline for comparison.

第二步：天平链存证记录通过国网电商司法链、国网链、冀北从链依次反馈，最终反馈到二级保全系统，形成电子凭证的存证记录。根据天平链存证记录， 国网电商司法鉴定中心出具行业存证报告。Step 2: Tianping Chain's evidence deposit records are fed back through the State Grid E-Commerce Judicial Chain, State Grid Chain, and Hebei Secondary Chain in turn, and finally fed back to the secondary security system to form an electronic certificate deposit record. According to the evidence deposit records of Tianping Chain, the State Grid E-Commerce Judicial Appraisal Center issued an industry certificate deposit report.

第三步：由数据存证报告、数据鉴定报告与行业存证报告共同证明上链的电子凭证数据未被篡改，共同保证电子凭证的法律效力。Step 3: The data storage report, data appraisal report and industry certification report jointly prove that the electronic voucher data on the chain has not been tampered with, and jointly guarantee the legal effect of the electronic voucher.

最后应说明的是，以上所述仅用以说明本发明的技术方案而非限制，尽管参照较佳布置方案对本发明进行了详细说明，本领域的普通技术人员应当理解，可以对本发明的技术方案进行修改或者等同替换，而不脱离本发明技术方案的精神和范围。Finally, it should be noted that the above description is only used to illustrate the technical solution of the present invention and not to limit it. Although the present invention has been described in detail with reference to the preferred arrangement scheme, those of ordinary skill in the art should understand that the technical solution of the present invention can be Modifications or equivalent replacements can be made without departing from the spirit and scope of the technical solutions of the present invention.

Claims (7)

1. A cloud signing electronic certificate chain-loading evidence-storing and evidence-taking authentication method is based on a secondary security system, a third party evidence-storing block chain and an industry block chain platform, wherein the secondary security system is used for carrying out data acquisition and hash calculation on an electronic certificate which is signed by a cloud, the third party evidence-storing block chain is used for storing a hash value of the electronic certificate, and the industry block chain platform is used for storing a source data file and the hash value of the electronic certificate and forming an evidence-storing record; the method is characterized by comprising a chain deposit evidence process and a forensics identification process of cloud signing electronic certificates;

the cloud signing electronic certificate uplink chain deposit process comprises the following steps:

the first step is as follows: the secondary security system acquires data of the electronic certificate which is signed by the cloud through an evidence acquisition interface and stores the acquired source data file;

the second step is that: the secondary security system performs hash calculation on the acquired source data file to obtain a hash value;

the third step: the second-level security system transmits the hash value to the third-party certificate-storing block chain, and the third-party certificate-storing block chain adds a timestamp and verifies after receiving the hash value; meanwhile, sequentially transmitting the source data file and the hash value to each node block chain of the industry block chain platform to form a storage record of the electronic certificate;

the evidence obtaining and identifying process of the cloud signed electronic certificate comprises the following steps:

the first step is as follows: the second-level security system extracts evidence, sends the source data file to the third-party evidence storage block chain, calculates the hash value of the source data file and compares the hash value with the stored hash value, and if the hash value is the same, issues a third-party evidence storage report;

the second step: the evidence storing record of the electronic certificate is sequentially fed back to the secondary security system from each node block chain of the industry block chain platform, and an industry evidence storing report is issued according to the evidence storing record of the electronic certificate;

the third step: and the third party evidence storing report and the industry evidence storing report jointly prove that the electronic certificate data of the uplink is not tampered.

2. The method of claim 1, wherein the third party chain of evidence blocks comprises a timestamp system for timestamping, a primary security system and an authentication mechanism for forensic hash values.

3. The method of claim 2, wherein during the process of uploading the certificate, the secondary security system transmits the hash value to the time stamp system, the time stamp system transmits the hash value to the primary security system for storing the certificate, and the primary security system synchronizes the hash value to the certificate authority for storing the certificate.

4. The method of claim 3, wherein during forensic authentication, the secondary security system sends source data files to the primary security system and submits them to the authentication authority, the primary security system calculates hash values of the source data files and compares them with the hash values of the certificates, and if they are the same, issues a data forensic report; the identification mechanism calculates the hash value of the source data file and compares the hash value with the hash value of the certificate, and if the hash value is the same as the hash value of the certificate, a data identification report is issued; the data evidence storing report and the data authentication report together form a third party evidence storing report.

5. The method of claim 1, wherein the source data file is a structured source data, PDF source file of a cloud signed electronic certificate.

6. The method of claim 1, wherein the third party blockchain is a CA agency blockchain of evidence deposit and evidence collection.

7. The method as claimed in claim 1, wherein the certificate record of the electronic certificate includes a hash value and a certificate number.

Images