CN106936578B - Time stamp system and method for issuing time stamp - Google Patents
Time stamp system and method for issuing time stamp Download PDFInfo
- Publication number
- CN106936578B CN106936578B CN201511021263.1A CN201511021263A CN106936578B CN 106936578 B CN106936578 B CN 106936578B CN 201511021263 A CN201511021263 A CN 201511021263A CN 106936578 B CN106936578 B CN 106936578B
- Authority
- CN
- China
- Prior art keywords
- timestamp
- time
- issuing
- module
- issuing time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Abstract
The invention relates to the time stamp field, and discloses a time stamp system and a method for issuing time stamps, wherein the time stamp system comprises: the receiving module is used for receiving a timestamp application sent by a client; the time source module is used for acquiring issuing time corresponding to the timestamp application from the Beidou satellite, encrypting the issuing time and transmitting the encrypted issuing time to the security encryption module; the safety encryption module is used for decrypting the encrypted issuing time to obtain the issuing time; the management module is used for creating signer information according to the issuing time and the timestamp application; and the sending module is used for sending the signer information to the client. The time source board card encrypts the time original information in the time stamp system and then transmits the time original information, so that the time original information can be effectively and safely acquired.
Description
Technical Field
The invention relates to the field of time stamps, in particular to a time stamp system and a time stamp issuing method.
Background
The timestamp server is a set of timestamp authority system based on Public Key Infrastructure (PKI) technology, provides an external accurate and trusted timestamp service, and includes a timestamp device and a timestamp system. The system adopts an accurate time source and a high-strength and high-standard safety mechanism, provides functions of issuing, inquiring and verifying the timestamp, and meets the requirements of network application on the resistance to the repudiation and the auditability. The timestamp server can be widely applied to electronic government affairs and electronic business activities such as online transaction, electronic medical record, online bidding, online purchase of government, online declaration and digital intellectual property protection, and relates to electronic government affairs and electronic business systems in multiple aspects such as online transaction, online examination and approval, ERP, OA and electronic contract, and the timestamp server can guarantee the non-repudiation of content and issuers and the non-repudiation of time factors for business.
The timestamp server plays an important role in national information security as a very important component in a PKI system, so that the safety and reliability of the operation of the timestamp server must be ensured, in the prior art, a timestamp system is mainly based on an X86 platform, an accurate time source is acquired from a time source board card in a plaintext mode through an NTP protocol, and although the timestamp is transmitted in a machine, the timestamp server also has the risk of being stolen, so that a wrong timestamp is issued.
Disclosure of Invention
The invention aims to provide a time stamp system and a method for issuing a time stamp, which can effectively ensure the safe acquisition of time source information.
In order to achieve the above object, the present invention provides a time stamp system comprising: the receiving module is used for receiving a timestamp application sent by a client; the time source module is used for acquiring the issuing time corresponding to the timestamp application, encrypting the issuing time and transmitting the encrypted issuing time to the security encryption module; the safety encryption module is used for decrypting the encrypted issuing time to obtain the issuing time; the management module is used for creating signer information according to the issuing time and the timestamp application; and the sending module is used for sending the signer information to the client.
Preferably, the management module is further configured to create timestamp structure information according to the issuance time; the sending module is further configured to send the timestamp structure information to the client.
Preferably, the management module is further configured to: acquiring a hash algorithm and a plaintext hash value contained in the timestamp application; calculating a timestamp data value from the issuance time and the plaintext hash value using the hash algorithm; performing a signature operation on the timestamp data value using a signature algorithm to obtain a timestamp signature value; and creating the signer information according to the timestamp signature value.
Preferably, the time source module is further configured to acquire an issuing time corresponding to the timestamp application from a beidou satellite.
Accordingly, the present invention also provides a time stamping system, comprising: the receiving module is used for receiving a verification timestamp request sent by a client; a control module to: parsing the validation timestamp request to obtain signer information and timestamp structure information; verifying correctness of the timestamp data according to the signer information and the timestamp structure information; and the sending module is used for sending the verification result of the control module to the client.
Preferably, the control module is further configured to: and analyzing a timestamp signature value, a signature algorithm and a hash algorithm according to the signer information, and decrypting the timestamp signature value according to the signature algorithm to obtain a timestamp data value.
Preferably, the control module is further configured to: analyzing the issuing time and the plaintext hashed value according to the timestamp structure information; calculating a verification hash value from the issuance time and the plaintext hash value using the hash algorithm; comparing the verification hash value to the timestamp data value to obtain the verification result.
Correspondingly, the invention also provides a method for issuing the time stamp, which comprises the following steps: receiving a timestamp application sent by a client; acquiring issuing time corresponding to the timestamp application, encrypting the issuing time and transmitting the encrypted issuing time to a security encryption module; the safety encryption module decrypts the encrypted issuing time to obtain the issuing time; applying for obtaining signer information according to the issuing time and the timestamp; and sending the signer information to the client.
Preferably, the method further comprises: obtaining timestamp structure information according to the issuing time; and sending the timestamp structure information to the client.
Preferably, the method further comprises: acquiring a hash algorithm and a plaintext hash value contained in the timestamp application; calculating a timestamp data value from the issuance time and the plaintext hash value using the hash algorithm; performing a signature operation on the timestamp data value using a signature algorithm to obtain a timestamp signature value; and obtaining the signer information according to the timestamp signature value.
Through the technical scheme, the time source board card encrypts the time original information in the timestamp system and then transmits the time original information, so that the time original information can be effectively and safely acquired.
Additional features and advantages of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 shows a schematic structural diagram of a time stamping system provided by the present invention;
FIG. 2 is a schematic diagram of a time stamping system issuing time stamps;
FIG. 3 shows a schematic diagram of a timestamp verification principle; and
FIG. 4 is a flow chart illustrating a method of issuing a timestamp provided by the present invention.
Description of the reference numerals
100 client 200 time stamping system
300 Beidou satellite
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
Fig. 1 shows a schematic structural diagram of a time stamping system provided by the present invention. As shown in fig. 1, the present invention provides a time stamping system, comprising: a receiving module, configured to receive a timestamp application sent by the client 100; the time source module is used for acquiring issuing time corresponding to the timestamp application from the Beidou satellite 300, encrypting the issuing time and transmitting the encrypted issuing time to the security encryption module; the safety encryption module is used for decrypting the encrypted issuing time to obtain the issuing time; the management module is used for obtaining signer information according to the issuing time and the timestamp application; and a sending module, configured to send the signer information to the client 100.
FIG. 2 shows a schematic diagram of the principle of time stamping system issuing time stamps. As shown in fig. 2, in specific operation, the client 100 first performs a hash operation on the original data by using a hash algorithm to obtain a plaintext hash value H1, and then sends a timestamp application composed of the plaintext hash value H1, the hash algorithm, and the like to the timestamp system 200 through the API interface. Preferably, the hash algorithm here may be selected from the SM3 hash algorithm, but the present invention is not limited thereto.
The receiving module of the timestamp system 200 receives a timestamp application and transmits the timestamp application to the management module, the secure encryption module drives the time source board card through the RJ45 interface to acquire the issue time corresponding to the timestamp application from the beidou satellite 300, the time source board card encrypts the issue time and transmits the encrypted issue time to the secure encryption module, specifically, a secret key is generated and stored in time source board card hardware, the same secret key is stored in a password card, and the secret key and the time source board card are synchronized periodically. The key may be an SM4 symmetric key, and the cryptographic card may be an SJK1120-B cryptographic card, but the invention is not limited thereto. Here, the time source board card encrypts the issuing time and then transmits the encrypted issuing time to the security encryption module, so that the security acquisition of the time source information can be effectively ensured.
The secure encryption module communicates with the cipher card through the bus interface to decrypt the ciphertext D (T) transmitted by the time source board card through the SM4 symmetric key stored in the cipher card to obtain the issuance time T.
The management module performs Hash operation on a plaintext Hash value H1 and signing time T according to a Hash algorithm (for example, SM3 Hash algorithm) included in the timestamp application to obtain a new Hash value as a timestamp Hash value H2, wherein H2 is Hash (H1+ T), then the control module calls the password card to obtain a private key corresponding to the signature algorithm, and performs signature operation on the timestamp Hash value H2 by using the private key to obtain a timestamp signature value.
Further, the management module creates signer information, which may include the hash algorithm, the signature algorithm and the timestamp signature value, and may further include a timestamp serial number to uniquely distinguish the signer information. The management module may create time stamp structure information including the time stamp serial number, the hash value to which time stamp data needs to be added (i.e., the plaintext hash value H1), the issuance time T, the time stamp issuance information, and the like.
The signer information and the timestamp structure information constitute a timestamp return file and the timestamp return file is returned to the client 100 by the sending module of the timestamp system 200. The client 100 stores the time stamp return file and the textual data.
Here, the transmitting module and the receiving module may be integrated into a time stamp service interface, which may perform data communication with the client 100 through an API interface. Time stamp system issuance of a time stamp may be based on the Loongson 3A platform.
Further, the present invention also provides a time stamp system, comprising: the receiving module is used for receiving a verification timestamp request sent by a client; a control module to: parsing the validation timestamp request to obtain signer information and timestamp structure information; verifying correctness of the timestamp data according to the signer information and the timestamp structure information; and the sending module is used for sending the verification result of the control module to the client.
Fig. 3 shows a schematic diagram of the time stamp verification principle. As shown in fig. 3, the control module further parses the signer information to obtain a timestamp signature value, a signature algorithm and a hash algorithm, calls the cryptographic card to obtain a public key corresponding to the signature algorithm, and decrypts the timestamp signature value by using the public key to obtain a timestamp hash value H2'.
The control module further analyzes the time stamp structure information to obtain a plaintext hash value H1 and an issuing time T, and performs hash operation on the plaintext hash value H1 and the issuing time T by using a hash algorithm obtained by analyzing the signer information to obtain a verification hash value H2. Then, the calculated verification hash value H2 is compared with the analyzed time stamp hash value H2', a time stamp verification result is obtained according to whether the two are the same, and the verification result is sent to the client through a sending module.
FIG. 4 is a flow chart illustrating a method of issuing a timestamp provided by the present invention. As shown in fig. 4, the present invention further provides a method for issuing a timestamp, including: receiving a timestamp application sent by a client; acquiring issuing time corresponding to the timestamp application from a Beidou satellite, encrypting the issuing time and transmitting the encrypted issuing time to a security encryption module; the safety encryption module decrypts the encrypted issuing time to obtain the issuing time; applying for obtaining signer information according to the issuing time and the timestamp; and sending the signer information to the client.
The method for issuing a timestamp provided by the present invention is similar to the working principle and the benefits of the timestamp system shown in fig. 1, and is not described herein again.
The preferred embodiments of the present invention have been described in detail with reference to the accompanying drawings, however, the present invention is not limited to the specific details of the above embodiments, and various simple modifications can be made to the technical solution of the present invention within the technical idea of the present invention, and these simple modifications are within the protective scope of the present invention.
It should be noted that the various technical features described in the above embodiments can be combined in any suitable manner without contradiction, and the invention is not described in any way for the possible combinations in order to avoid unnecessary repetition.
In addition, any combination of the various embodiments of the present invention is also possible, and the same should be considered as the disclosure of the present invention as long as it does not depart from the spirit of the present invention.
Claims (6)
1. A time stamping system, comprising:
the receiving module is used for receiving a timestamp application sent by a client;
the time source module is used for acquiring the issuing time corresponding to the timestamp application, encrypting the issuing time and transmitting the encrypted issuing time to the security encryption module;
the safety encryption module is used for decrypting the encrypted issuing time to obtain the issuing time;
the management module is used for creating signer information according to the issuing time and the timestamp application, and comprises the following steps: acquiring a hash algorithm and a plaintext hash value contained in the timestamp application; calculating a timestamp data value from the issuance time and the plaintext hash value using the hash algorithm; performing a signature operation on the timestamp data value using a signature algorithm to obtain a timestamp signature value; and creating the signer information according to the timestamp signature value;
the management module is also used for creating timestamp structure information according to the issuing time, wherein the timestamp structure information comprises a timestamp serial number, a hash value needing to be added with timestamp data, the issuing time and timestamp issuing information; and
a sending module, configured to send the signer information and the timestamp structure information to the client.
2. The timestamp system of claim 1, wherein the time source module is further configured to obtain an issuance time corresponding to the timestamp application from a Beidou satellite.
3. A time stamping system, comprising:
the receiving module is used for receiving a verification timestamp request sent by a client;
a control module to:
parsing the verification timestamp request to obtain signer information and timestamp structure information, wherein the signer information and the timestamp structure information are the signer information and the timestamp structure information created according to the timestamp system of claim 1 or 2;
verifying correctness of the timestamp data according to the signer information and the timestamp structure information; and
and the sending module is used for sending the verification result of the control module to the client.
4. The timestamp system of claim 3,
the control module is further configured to:
resolving a timestamp signature value, a signature algorithm and a hash algorithm according to the signer information,
decrypting the timestamp signature value according to the signature algorithm to obtain a timestamp data value.
5. The timestamp system of claim 4, wherein the control module is further to:
analyzing the issuing time and the plaintext hashed value according to the timestamp structure information;
calculating a verification hash value from the issuance time and the plaintext hash value using the hash algorithm;
comparing the verification hash value to the timestamp data value to obtain the verification result.
6. A method of issuing a timestamp, the method comprising:
receiving a timestamp application sent by a client;
acquiring issuing time corresponding to the timestamp application, encrypting the issuing time and transmitting the encrypted issuing time to a security encryption module;
the safety encryption module decrypts the encrypted issuing time to obtain the issuing time;
creating signer information according to the issuing time and the timestamp application, comprising: acquiring a hash algorithm and a plaintext hash value contained in the timestamp application; calculating a timestamp data value from the issuance time and the plaintext hash value using the hash algorithm; performing a signature operation on the timestamp data value using a signature algorithm to obtain a timestamp signature value; and creating the signer information according to the timestamp signature value;
creating timestamp structure information according to the issuing time, wherein the timestamp structure information comprises a timestamp serial number, a hash value needing to be added with timestamp data, the issuing time and timestamp issuing information; and
and sending the signer information and the timestamp structure information to the client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511021263.1A CN106936578B (en) | 2015-12-30 | 2015-12-30 | Time stamp system and method for issuing time stamp |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511021263.1A CN106936578B (en) | 2015-12-30 | 2015-12-30 | Time stamp system and method for issuing time stamp |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106936578A CN106936578A (en) | 2017-07-07 |
| CN106936578B true CN106936578B (en) | 2020-02-18 |
Family
ID=59442586
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511021263.1A Active CN106936578B (en) | 2015-12-30 | 2015-12-30 | Time stamp system and method for issuing time stamp |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106936578B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108809657A (en) * | 2018-07-19 | 2018-11-13 | 沃通电子认证服务有限公司 | Timestamp method for anti-counterfeit, server and the storage medium of Email |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1547344A (en) * | 2003-12-17 | 2004-11-17 | 上海市高级人民法院 | Method of applying timestamp in remote signature system |
| CN101917273A (en) * | 2010-08-26 | 2010-12-15 | 四川大学 | ECC certificate-based ADS-B data authentication method |
| CN102647461A (en) * | 2012-03-29 | 2012-08-22 | 奇智软件(北京)有限公司 | Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol) |
| CN102916971A (en) * | 2012-10-31 | 2013-02-06 | 重庆君盾科技有限公司 | Electronic data curing system and method |
| CN103561044A (en) * | 2013-11-20 | 2014-02-05 | 无锡儒安科技有限公司 | Data transmission method and data transmission system |
| CN104506503A (en) * | 2014-12-08 | 2015-04-08 | 北京北邮国安技术股份有限公司 | Security certification system based on broadcast television one-way transmission network |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI484769B (en) * | 2006-05-09 | 2015-05-11 | 內數位科技公司 | Secure time functionality for a wireless device |
-
2015
- 2015-12-30 CN CN201511021263.1A patent/CN106936578B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1547344A (en) * | 2003-12-17 | 2004-11-17 | 上海市高级人民法院 | Method of applying timestamp in remote signature system |
| CN101917273A (en) * | 2010-08-26 | 2010-12-15 | 四川大学 | ECC certificate-based ADS-B data authentication method |
| CN102647461A (en) * | 2012-03-29 | 2012-08-22 | 奇智软件(北京)有限公司 | Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol) |
| CN102916971A (en) * | 2012-10-31 | 2013-02-06 | 重庆君盾科技有限公司 | Electronic data curing system and method |
| CN103561044A (en) * | 2013-11-20 | 2014-02-05 | 无锡儒安科技有限公司 | Data transmission method and data transmission system |
| CN104506503A (en) * | 2014-12-08 | 2015-04-08 | 北京北邮国安技术股份有限公司 | Security certification system based on broadcast television one-way transmission network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106936578A (en) | 2017-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220224551A1 (en) | Mutual authentication of confidential communication | |
| CN108650082B (en) | Encryption and verification method of information to be verified, related device and storage medium | |
| US10015159B2 (en) | Terminal authentication system, server device, and terminal authentication method | |
| RU2718689C2 (en) | Confidential communication control | |
| CN101340437B (en) | Time source regulating method and system | |
| EP3841702B1 (en) | Method, user device, management device, storage medium and computer program product for key management | |
| US20070257813A1 (en) | Secure network bootstrap of devices in an automatic meter reading network | |
| US20160294553A1 (en) | Information delivery system | |
| CN109547445A (en) | A kind of method and system that verifying client network requests are legal | |
| JPWO2010150813A1 (en) | Encryption key distribution system | |
| CN108259407B (en) | Symmetric encryption method and system based on timestamp | |
| US20200320178A1 (en) | Digital rights management authorization token pairing | |
| CN110932850B (en) | Communication encryption method and system | |
| CN105025019A (en) | Data safety sharing method | |
| CN112702318A (en) | Communication encryption method, decryption method, client and server | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| CN109905384B (en) | Data migration method and system | |
| CN111884811A (en) | Block chain-based data evidence storing method and data evidence storing platform | |
| CN114697040A (en) | Electronic signature method and system based on symmetric key | |
| CN108882030A (en) | A kind of monitor video classification encryption and decryption method and system based on time-domain information | |
| Orthacker et al. | Qualified mobile server signature | |
| CN112865965B (en) | Train service data processing method and system based on quantum key | |
| US20180227143A1 (en) | Procedes mis en oeuvre par un dispositif et dans un reseau, entite electronique associee | |
| CN113886793A (en) | Device login method, device, electronic device, system and storage medium | |
| CN106936578B (en) | Time stamp system and method for issuing time stamp |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |