CN112152812A - File tracing and tamper-proof method based on cryptography - Google Patents
File tracing and tamper-proof method based on cryptography Download PDFInfo
- Publication number
- CN112152812A CN112152812A CN202010376639.5A CN202010376639A CN112152812A CN 112152812 A CN112152812 A CN 112152812A CN 202010376639 A CN202010376639 A CN 202010376639A CN 112152812 A CN112152812 A CN 112152812A
- Authority
- CN
- China
- Prior art keywords
- file
- hash
- signature
- recorded
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/103—Workflow collaboration or project management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Human Resources & Organizations (AREA)
- Strategic Management (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Entrepreneurship & Innovation (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Mining & Analysis (AREA)
- General Business, Economics & Management (AREA)
- Tourism & Hospitality (AREA)
- Quality & Reliability (AREA)
- Economics (AREA)
- Operations Research (AREA)
- Marketing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a cryptography-based file tracing and anti-tampering method, which is used for solving the possible cheating behaviors of personnel on files in an OA (office automation) system, a file management system and the like. The method comprises the following steps: (1) the system generates a public and private key for each user, wherein the private key is held by the user, and the public key needs to be recorded in the system; (2) the uploading user must use a private key to sign the file each time the file is uploaded; (3) after each file is uploaded, the system needs to calculate and merge hash values of file data and signature data; (4) for a file uploaded to a system, the hash of the current file, the hash of a previous version, a modifier and a modifier signature need to be recorded; (5) the system should keep the file data of each version for tracing and checking.
Description
Technical Field
The invention belongs to the field of file tracing and data security, and particularly relates to a method for tracing a file and preventing the file from being randomly tampered based on cryptography.
Background
In traditional office management, each file needs to be strictly analyzed and interpreted, and is continuously modified in a paper form, so that the working efficiency is reduced, the workload of workers is increased, and meanwhile, the problem of modification error or file information loss is easily caused, so that the information in the file has a leak. The office automation oa (office automation) system has improved office efficiency and can realize automatic management of various files. The office automation utilizes modern equipment and informatization technology to replace partial manual or repetitive business activities of office workers, processes office affairs and business information with high quality and high efficiency, realizes high-efficiency utilization of information resources, further achieves the purposes of improving productivity and assisting decision, and improves working efficiency and quality and working environment to the maximum extent.
However, at the same time, there are still some problems in file replication and file management using the OA system. For example, in a budget declaration process, a document submitted by a submitter is sent to a management layer through an OA system for approval, and the management layer leader confirms that the document is correct and then performs approved approval. After the leader is returned, the document can be maliciously extracted by an operator in the background of the OA system, and the declaration amount of the document is modified. Such cheating may not be detected by others, but greatly compromises the benefits and data security of the company.
Therefore, the invention provides a file tracing and anti-tampering method based on cryptography, which can prevent malicious modification behaviors of background personnel when a file is circulated in an OA system and ensure the authenticity of the file in the whole office link.
Disclosure of Invention
The invention provides a cryptography-based file tracing and anti-tampering method, which is used for solving the possible cheating behaviors in file management of an OA system, a file management system and the like. The method is characterized in that:
(1) each user capable of operating files in the system must use an asymmetric encryption algorithm supported by the system to generate a public and private key, wherein the private key is held by the user, and the public key needs to be recorded in the system;
(2) the uploading user must use a private key to sign the file each time the file is uploaded;
(3) after each file is uploaded, the system needs to calculate and merge hash values of file data and signature data;
(4) for a file uploaded to a system, the file information to be recorded needs to additionally record the following information besides common basic information, such as file name, file size, file format, timestamp, and the like:
(4a) and (3) hashing: the hash value obtained in the step (3);
(4b) the previous version hash: if the file is a version which is modified or updated for a certain file in the system, the hash value recorded by the previous version needs to be recorded, and if the file is submitted for the first time, the information does not need to be recorded;
(4c) the modifier: uploading the file at this time;
(4d) and modifying the person signature: the signature data obtained in the step (2) is verified by the system by using the public key of a modifier after the file is uploaded, and the signature data is stored in the system after the verification is passed;
(5) in order to ensure that the files of each version can be traced and verified, the system should keep the file data of each version and should not use file covering operation when updating the files;
(6) if in some workflows, the file does not need to be changed, but a consultant or a passer-by needs to be recorded, signature calculation and hash calculation are still performed except that a new file does not need to be uploaded.
The system for managing the files by using the method provided by the invention has the following steps of tracing and tamper-proof verification:
(1) acquiring file data and file information of the latest version or the specified version of the file;
(2) finding out a corresponding user public key by using the modified person data in the file information, and verifying the signature information;
(3) after the signature verification is passed, combining the file data and the signature data to perform Hash calculation, comparing the Hash calculation with the Hash recorded in the file information, and if the Hash is consistent with the Hash recorded in the file information, indicating that the file is not tampered;
(4) and (3) if the source tracing is required, obtaining the hash of the previous file recorded in the file information, searching the hash field matched with the file in the system, and verifying the searched file by repeating the steps (2) and (3).
Furthermore, a private key of a user is used for signing during file uploading, and in order to improve the signing efficiency, the file can be subjected to hash operation first, and then the generated hash is signed. Correspondingly, when the file is verified, the file is subjected to hash calculation, and then the hash is used for signature verification.
Preferably, in order to ensure that data such as file hash and signature are not maliciously changed by operation and maintenance personnel, block chain technology can be used for storing the hash and signature data. Because the blockchain system is not suitable for storing larger data such as files, and the working efficiency is greatly influenced, the files are still stored on the original file server, and hash, signature data and the like of the files are stored in the blockchain. And when verification is needed, acquiring the file hash and the file signature from the chain, and verifying.
The invention provides a file tracing method based on cryptography, which can be applied to a system or a platform with higher requirements on file authenticity or file modification history tracing, and utilizes a hash algorithm and a digital signature to carry out version judgment and modification tracing on a file, thereby reducing the behavior that internal personnel directly modify the file through a background without regulation.
Drawings
FIG. 1 is a diagram illustrating a data structure of file information and a file tracing according to the present invention;
fig. 2 is a schematic diagram of file data and source tracing according to an embodiment of the present invention.
Detailed description of the preferred embodiments
In the following description, numerous technical details are set forth in order to provide a better understanding of the present application, but it will be apparent to those of ordinary skill in the art that the present invention is not limited to these technical details and that various changes and modifications can be made based on the following embodiments.
FIG. 2 is a schematic diagram of a company OA system using the method of the present invention to implement document management file tracing.
File a requiring two-layer approval by a department leader and a company leader is submitted by an administrator user1, and the administrator signs the file by using a private key privateKey1 to obtain signature data sign1= signature (file a, privateKey 1).
After the file is uploaded to the system as a checklist attachment, the system calculates the hash value hash1= hash for the file (FileA + sign 1).
The approval sheet is passed to the hands of a department leader 2 through the OA system stream, and the user2 first requires the system to verify that the document has been tampered with after uploading. The system extracts accessory information of the approval list, finds public key data publicKey1 stored in the system according to an uploader user1 registered in an accessory file, and verifies signature (valid (FileA, sign1, publicKey 1)) of signature sign1, wherein the verification shows that the signature of the user1 in the current system record is correct. And calculating a hash 1' = hash (FileA + sign 1), and comparing the hash with the hash1 stored in the system, wherein if the hash is consistent, the file or the signature is not tampered. After confirming that the document is the original document uploaded by the user1, the leader user2 approves the approval sheet. The leader signs the comments at the corresponding positions of the documents and uploads the comments again, obtains a signature sign2 and a file hash2 according to the same algorithm, and records a hash1 in a hash field of a previous version in order to show that the leader 2 modifies and approves the files uploaded by the user 1.
Similarly, the examination and approval list is transferred to the company leader user3 from the user2, the user3 can know that the file is uploaded by the user1 through the traceability information, and the file is examined and approved for the first time through the user2, and the file can be known not to be maliciously tampered in the transfer process through signature verification and hash comparison, so that the examination and approval can be performed with confidence.
The foregoing is directed to embodiments of the present invention, and it is understood that various changes and modifications may be made by those skilled in the art without departing from the spirit and scope of the invention.
Claims (3)
1. A file tracing and tamper-proofing method based on cryptography is characterized in that:
(1) each user capable of operating files in the system must use an asymmetric encryption algorithm supported by the system to generate a public and private key, wherein the private key is held by the user, and the public key needs to be recorded in the system;
(2) the uploading user must use a private key to sign the file each time the file is uploaded;
(3) after each file is uploaded, the system needs to calculate and merge hash values of file data and signature data;
(4) for the file uploaded to the system, the following information needs to be additionally recorded:
(4a) and (3) hashing: the hash value obtained in the step (3);
(4b) the previous version hash: if the file is a version which is modified or updated for a certain file in the system, the hash value recorded by the previous version needs to be recorded, and if the file is submitted for the first time, the information does not need to be recorded;
(4c) the modifier: uploading the file at this time;
(4d) and modifying the person signature: the signature data obtained in the step (2) is verified by the system by using the public key of a modifier after the file is uploaded, and the signature data is stored in the system after the verification is passed;
(5) in order to ensure that the files of each version can be traced and verified, the system should keep the file data of each version and should not use file covering operation when updating the files;
(6) if in some workflows, the file does not need to be changed, but a consultant or a passer-by needs to be recorded, signature calculation and hash calculation are still performed except that a new file does not need to be uploaded.
2. The method for file tracing and tamper-proofing based on cryptography according to claim 1, wherein the tracing and tamper-proofing verification steps are as follows:
(1) acquiring file data and file information of the latest version or the specified version of the file;
(2) finding out a corresponding user public key by using the modified person data in the file information, and verifying the signature information;
(3) after the signature verification is passed, combining the file data and the signature data to perform Hash calculation, comparing the Hash calculation with the Hash recorded in the file information, and if the Hash is consistent with the Hash recorded in the file information, indicating that the file is not tampered;
(4) and (3) if the source tracing is required, obtaining the hash of the previous file recorded in the file information, searching the hash field matched with the file in the system, and verifying the searched file by repeating the steps (2) and (3).
3. The method as claimed in claim 1, wherein the file information is certified by using a block chain technique in order to ensure that data such as file hash and signature are not maliciously changed by operation and maintenance personnel.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010376639.5A CN112152812B (en) | 2020-05-07 | 2020-05-07 | File tracing and tamper-proof method based on cryptography |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010376639.5A CN112152812B (en) | 2020-05-07 | 2020-05-07 | File tracing and tamper-proof method based on cryptography |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112152812A true CN112152812A (en) | 2020-12-29 |
CN112152812B CN112152812B (en) | 2021-05-25 |
Family
ID=73891474
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010376639.5A Active CN112152812B (en) | 2020-05-07 | 2020-05-07 | File tracing and tamper-proof method based on cryptography |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112152812B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112966306A (en) * | 2021-04-02 | 2021-06-15 | 西安慧博文定信息技术有限公司 | Processing method and device for blind verification file |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101488171A (en) * | 2008-12-16 | 2009-07-22 | 安徽和安信息科技有限公司 | File authentication method based on separating electronic label |
CN105930234A (en) * | 2016-05-25 | 2016-09-07 | 华中科技大学 | Traceability information-based data reconstruction system and method |
CN107196934A (en) * | 2017-05-18 | 2017-09-22 | 电子科技大学 | A kind of cloud data managing method based on block chain |
CN107360156A (en) * | 2017-07-10 | 2017-11-17 | 广东工业大学 | P2P network method for cloud storage based on block chain under a kind of big data environment |
CN107508801A (en) * | 2017-08-04 | 2017-12-22 | 安徽智圣通信技术股份有限公司 | A kind of file tamper-proof method and device |
CN107948182A (en) * | 2017-12-06 | 2018-04-20 | 上海格尔安全科技有限公司 | A kind of WEB application configuration file tamper resistant method based on PKI |
CN109064063A (en) * | 2018-09-11 | 2018-12-21 | 北京工商大学 | A kind of food safety risk Source Tracing system and method based on block chain |
CN109255713A (en) * | 2018-11-12 | 2019-01-22 | 裴若含 | In a kind of block chain network in certain time period book keeping operation power acquisition methods |
CN109658048A (en) * | 2018-11-06 | 2019-04-19 | 王亚萍 | A kind of circulation of official document monitoring method and system |
CN110298193A (en) * | 2019-06-10 | 2019-10-01 | 中电科大数据研究院有限公司 | Information sharing system and method based on block chain |
-
2020
- 2020-05-07 CN CN202010376639.5A patent/CN112152812B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101488171A (en) * | 2008-12-16 | 2009-07-22 | 安徽和安信息科技有限公司 | File authentication method based on separating electronic label |
CN105930234A (en) * | 2016-05-25 | 2016-09-07 | 华中科技大学 | Traceability information-based data reconstruction system and method |
CN107196934A (en) * | 2017-05-18 | 2017-09-22 | 电子科技大学 | A kind of cloud data managing method based on block chain |
CN107360156A (en) * | 2017-07-10 | 2017-11-17 | 广东工业大学 | P2P network method for cloud storage based on block chain under a kind of big data environment |
CN107508801A (en) * | 2017-08-04 | 2017-12-22 | 安徽智圣通信技术股份有限公司 | A kind of file tamper-proof method and device |
CN107948182A (en) * | 2017-12-06 | 2018-04-20 | 上海格尔安全科技有限公司 | A kind of WEB application configuration file tamper resistant method based on PKI |
CN109064063A (en) * | 2018-09-11 | 2018-12-21 | 北京工商大学 | A kind of food safety risk Source Tracing system and method based on block chain |
CN109658048A (en) * | 2018-11-06 | 2019-04-19 | 王亚萍 | A kind of circulation of official document monitoring method and system |
CN109255713A (en) * | 2018-11-12 | 2019-01-22 | 裴若含 | In a kind of block chain network in certain time period book keeping operation power acquisition methods |
CN110298193A (en) * | 2019-06-10 | 2019-10-01 | 中电科大数据研究院有限公司 | Information sharing system and method based on block chain |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112966306A (en) * | 2021-04-02 | 2021-06-15 | 西安慧博文定信息技术有限公司 | Processing method and device for blind verification file |
Also Published As
Publication number | Publication date |
---|---|
CN112152812B (en) | 2021-05-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11182726B2 (en) | Blockchain-based system for analyzing and tracking work performance | |
US10810683B2 (en) | Hierarchical meta-ledger transaction recording | |
CN107566118B (en) | Cloud auditing method capable of dynamically revoking lightweight user and dynamically updating data | |
JP3260524B2 (en) | Digital signature generation method | |
ES2893822T3 (en) | A computer-implemented method and system for life cycle tracking of certified documents and computer programs thereof | |
CN110113334B (en) | Contract processing method and device based on block chain and storage medium | |
CN111259439B (en) | Intangible asset management service platform based on block chain and implementation method thereof | |
CN111881109B (en) | Database mergeable ledgers | |
KR20180066500A (en) | Apparatus and Method for signing electronic contract using digital official seal | |
JP4836735B2 (en) | Electronic information verification program, electronic information verification apparatus, and electronic information verification method | |
US20230206219A1 (en) | Identification token, systems and methods for identification and identity verification. | |
CN111797426B (en) | Method and system for distrust notification service | |
CN112152812B (en) | File tracing and tamper-proof method based on cryptography | |
CN110192212B (en) | Digital asset platform | |
CN114981773A (en) | Conflict-free version control | |
CN106471510A (en) | Compound document accesses | |
CN115150150B (en) | Information recording method based on block chain technology | |
JP2009015445A (en) | Document management system and document management method | |
US20080163346A1 (en) | Customized untrusted certificate replication | |
JP4663292B2 (en) | Electronic document storage management system, electronic document storage management method, and electronic document storage management program | |
CN109271811B (en) | Group signature-based electronic material evidence tamper-proof storage method | |
JP2005135072A (en) | Secure document exchange system, document approval method, document exchange management method and program therefor | |
CN116127427B (en) | Office document processing method and system | |
TWI569166B (en) | Data verification method | |
WO2022079940A1 (en) | Registrant terminal, holder terminal, method, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |