CN112152812A - File tracing and tamper-proof method based on cryptography - Google Patents

File tracing and tamper-proof method based on cryptography Download PDF

Info

Publication number
CN112152812A
CN112152812A CN202010376639.5A CN202010376639A CN112152812A CN 112152812 A CN112152812 A CN 112152812A CN 202010376639 A CN202010376639 A CN 202010376639A CN 112152812 A CN112152812 A CN 112152812A
Authority
CN
China
Prior art keywords
file
hash
signature
recorded
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010376639.5A
Other languages
Chinese (zh)
Other versions
CN112152812B (en
Inventor
蔡维德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianmin Qingdao International Sandbox Research Institute Co ltd
Beijing Tiande Technology Co ltd
Original Assignee
Tianmin Qingdao International Sandbox Research Institute Co ltd
Beijing Tiande Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianmin Qingdao International Sandbox Research Institute Co ltd, Beijing Tiande Technology Co ltd filed Critical Tianmin Qingdao International Sandbox Research Institute Co ltd
Priority to CN202010376639.5A priority Critical patent/CN112152812B/en
Publication of CN112152812A publication Critical patent/CN112152812A/en
Application granted granted Critical
Publication of CN112152812B publication Critical patent/CN112152812B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • General Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Quality & Reliability (AREA)
  • Economics (AREA)
  • Operations Research (AREA)
  • Marketing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a cryptography-based file tracing and anti-tampering method, which is used for solving the possible cheating behaviors of personnel on files in an OA (office automation) system, a file management system and the like. The method comprises the following steps: (1) the system generates a public and private key for each user, wherein the private key is held by the user, and the public key needs to be recorded in the system; (2) the uploading user must use a private key to sign the file each time the file is uploaded; (3) after each file is uploaded, the system needs to calculate and merge hash values of file data and signature data; (4) for a file uploaded to a system, the hash of the current file, the hash of a previous version, a modifier and a modifier signature need to be recorded; (5) the system should keep the file data of each version for tracing and checking.

Description

File tracing and tamper-proof method based on cryptography
Technical Field
The invention belongs to the field of file tracing and data security, and particularly relates to a method for tracing a file and preventing the file from being randomly tampered based on cryptography.
Background
In traditional office management, each file needs to be strictly analyzed and interpreted, and is continuously modified in a paper form, so that the working efficiency is reduced, the workload of workers is increased, and meanwhile, the problem of modification error or file information loss is easily caused, so that the information in the file has a leak. The office automation oa (office automation) system has improved office efficiency and can realize automatic management of various files. The office automation utilizes modern equipment and informatization technology to replace partial manual or repetitive business activities of office workers, processes office affairs and business information with high quality and high efficiency, realizes high-efficiency utilization of information resources, further achieves the purposes of improving productivity and assisting decision, and improves working efficiency and quality and working environment to the maximum extent.
However, at the same time, there are still some problems in file replication and file management using the OA system. For example, in a budget declaration process, a document submitted by a submitter is sent to a management layer through an OA system for approval, and the management layer leader confirms that the document is correct and then performs approved approval. After the leader is returned, the document can be maliciously extracted by an operator in the background of the OA system, and the declaration amount of the document is modified. Such cheating may not be detected by others, but greatly compromises the benefits and data security of the company.
Therefore, the invention provides a file tracing and anti-tampering method based on cryptography, which can prevent malicious modification behaviors of background personnel when a file is circulated in an OA system and ensure the authenticity of the file in the whole office link.
Disclosure of Invention
The invention provides a cryptography-based file tracing and anti-tampering method, which is used for solving the possible cheating behaviors in file management of an OA system, a file management system and the like. The method is characterized in that:
(1) each user capable of operating files in the system must use an asymmetric encryption algorithm supported by the system to generate a public and private key, wherein the private key is held by the user, and the public key needs to be recorded in the system;
(2) the uploading user must use a private key to sign the file each time the file is uploaded;
(3) after each file is uploaded, the system needs to calculate and merge hash values of file data and signature data;
(4) for a file uploaded to a system, the file information to be recorded needs to additionally record the following information besides common basic information, such as file name, file size, file format, timestamp, and the like:
(4a) and (3) hashing: the hash value obtained in the step (3);
(4b) the previous version hash: if the file is a version which is modified or updated for a certain file in the system, the hash value recorded by the previous version needs to be recorded, and if the file is submitted for the first time, the information does not need to be recorded;
(4c) the modifier: uploading the file at this time;
(4d) and modifying the person signature: the signature data obtained in the step (2) is verified by the system by using the public key of a modifier after the file is uploaded, and the signature data is stored in the system after the verification is passed;
(5) in order to ensure that the files of each version can be traced and verified, the system should keep the file data of each version and should not use file covering operation when updating the files;
(6) if in some workflows, the file does not need to be changed, but a consultant or a passer-by needs to be recorded, signature calculation and hash calculation are still performed except that a new file does not need to be uploaded.
The system for managing the files by using the method provided by the invention has the following steps of tracing and tamper-proof verification:
(1) acquiring file data and file information of the latest version or the specified version of the file;
(2) finding out a corresponding user public key by using the modified person data in the file information, and verifying the signature information;
(3) after the signature verification is passed, combining the file data and the signature data to perform Hash calculation, comparing the Hash calculation with the Hash recorded in the file information, and if the Hash is consistent with the Hash recorded in the file information, indicating that the file is not tampered;
(4) and (3) if the source tracing is required, obtaining the hash of the previous file recorded in the file information, searching the hash field matched with the file in the system, and verifying the searched file by repeating the steps (2) and (3).
Furthermore, a private key of a user is used for signing during file uploading, and in order to improve the signing efficiency, the file can be subjected to hash operation first, and then the generated hash is signed. Correspondingly, when the file is verified, the file is subjected to hash calculation, and then the hash is used for signature verification.
Preferably, in order to ensure that data such as file hash and signature are not maliciously changed by operation and maintenance personnel, block chain technology can be used for storing the hash and signature data. Because the blockchain system is not suitable for storing larger data such as files, and the working efficiency is greatly influenced, the files are still stored on the original file server, and hash, signature data and the like of the files are stored in the blockchain. And when verification is needed, acquiring the file hash and the file signature from the chain, and verifying.
The invention provides a file tracing method based on cryptography, which can be applied to a system or a platform with higher requirements on file authenticity or file modification history tracing, and utilizes a hash algorithm and a digital signature to carry out version judgment and modification tracing on a file, thereby reducing the behavior that internal personnel directly modify the file through a background without regulation.
Drawings
FIG. 1 is a diagram illustrating a data structure of file information and a file tracing according to the present invention;
fig. 2 is a schematic diagram of file data and source tracing according to an embodiment of the present invention.
Detailed description of the preferred embodiments
In the following description, numerous technical details are set forth in order to provide a better understanding of the present application, but it will be apparent to those of ordinary skill in the art that the present invention is not limited to these technical details and that various changes and modifications can be made based on the following embodiments.
FIG. 2 is a schematic diagram of a company OA system using the method of the present invention to implement document management file tracing.
File a requiring two-layer approval by a department leader and a company leader is submitted by an administrator user1, and the administrator signs the file by using a private key privateKey1 to obtain signature data sign1= signature (file a, privateKey 1).
After the file is uploaded to the system as a checklist attachment, the system calculates the hash value hash1= hash for the file (FileA + sign 1).
The approval sheet is passed to the hands of a department leader 2 through the OA system stream, and the user2 first requires the system to verify that the document has been tampered with after uploading. The system extracts accessory information of the approval list, finds public key data publicKey1 stored in the system according to an uploader user1 registered in an accessory file, and verifies signature (valid (FileA, sign1, publicKey 1)) of signature sign1, wherein the verification shows that the signature of the user1 in the current system record is correct. And calculating a hash 1' = hash (FileA + sign 1), and comparing the hash with the hash1 stored in the system, wherein if the hash is consistent, the file or the signature is not tampered. After confirming that the document is the original document uploaded by the user1, the leader user2 approves the approval sheet. The leader signs the comments at the corresponding positions of the documents and uploads the comments again, obtains a signature sign2 and a file hash2 according to the same algorithm, and records a hash1 in a hash field of a previous version in order to show that the leader 2 modifies and approves the files uploaded by the user 1.
Similarly, the examination and approval list is transferred to the company leader user3 from the user2, the user3 can know that the file is uploaded by the user1 through the traceability information, and the file is examined and approved for the first time through the user2, and the file can be known not to be maliciously tampered in the transfer process through signature verification and hash comparison, so that the examination and approval can be performed with confidence.
The foregoing is directed to embodiments of the present invention, and it is understood that various changes and modifications may be made by those skilled in the art without departing from the spirit and scope of the invention.

Claims (3)

1. A file tracing and tamper-proofing method based on cryptography is characterized in that:
(1) each user capable of operating files in the system must use an asymmetric encryption algorithm supported by the system to generate a public and private key, wherein the private key is held by the user, and the public key needs to be recorded in the system;
(2) the uploading user must use a private key to sign the file each time the file is uploaded;
(3) after each file is uploaded, the system needs to calculate and merge hash values of file data and signature data;
(4) for the file uploaded to the system, the following information needs to be additionally recorded:
(4a) and (3) hashing: the hash value obtained in the step (3);
(4b) the previous version hash: if the file is a version which is modified or updated for a certain file in the system, the hash value recorded by the previous version needs to be recorded, and if the file is submitted for the first time, the information does not need to be recorded;
(4c) the modifier: uploading the file at this time;
(4d) and modifying the person signature: the signature data obtained in the step (2) is verified by the system by using the public key of a modifier after the file is uploaded, and the signature data is stored in the system after the verification is passed;
(5) in order to ensure that the files of each version can be traced and verified, the system should keep the file data of each version and should not use file covering operation when updating the files;
(6) if in some workflows, the file does not need to be changed, but a consultant or a passer-by needs to be recorded, signature calculation and hash calculation are still performed except that a new file does not need to be uploaded.
2. The method for file tracing and tamper-proofing based on cryptography according to claim 1, wherein the tracing and tamper-proofing verification steps are as follows:
(1) acquiring file data and file information of the latest version or the specified version of the file;
(2) finding out a corresponding user public key by using the modified person data in the file information, and verifying the signature information;
(3) after the signature verification is passed, combining the file data and the signature data to perform Hash calculation, comparing the Hash calculation with the Hash recorded in the file information, and if the Hash is consistent with the Hash recorded in the file information, indicating that the file is not tampered;
(4) and (3) if the source tracing is required, obtaining the hash of the previous file recorded in the file information, searching the hash field matched with the file in the system, and verifying the searched file by repeating the steps (2) and (3).
3. The method as claimed in claim 1, wherein the file information is certified by using a block chain technique in order to ensure that data such as file hash and signature are not maliciously changed by operation and maintenance personnel.
CN202010376639.5A 2020-05-07 2020-05-07 File tracing and tamper-proof method based on cryptography Active CN112152812B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010376639.5A CN112152812B (en) 2020-05-07 2020-05-07 File tracing and tamper-proof method based on cryptography

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010376639.5A CN112152812B (en) 2020-05-07 2020-05-07 File tracing and tamper-proof method based on cryptography

Publications (2)

Publication Number Publication Date
CN112152812A true CN112152812A (en) 2020-12-29
CN112152812B CN112152812B (en) 2021-05-25

Family

ID=73891474

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010376639.5A Active CN112152812B (en) 2020-05-07 2020-05-07 File tracing and tamper-proof method based on cryptography

Country Status (1)

Country Link
CN (1) CN112152812B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112966306A (en) * 2021-04-02 2021-06-15 西安慧博文定信息技术有限公司 Processing method and device for blind verification file

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488171A (en) * 2008-12-16 2009-07-22 安徽和安信息科技有限公司 File authentication method based on separating electronic label
CN105930234A (en) * 2016-05-25 2016-09-07 华中科技大学 Traceability information-based data reconstruction system and method
CN107196934A (en) * 2017-05-18 2017-09-22 电子科技大学 A kind of cloud data managing method based on block chain
CN107360156A (en) * 2017-07-10 2017-11-17 广东工业大学 P2P network method for cloud storage based on block chain under a kind of big data environment
CN107508801A (en) * 2017-08-04 2017-12-22 安徽智圣通信技术股份有限公司 A kind of file tamper-proof method and device
CN107948182A (en) * 2017-12-06 2018-04-20 上海格尔安全科技有限公司 A kind of WEB application configuration file tamper resistant method based on PKI
CN109064063A (en) * 2018-09-11 2018-12-21 北京工商大学 A kind of food safety risk Source Tracing system and method based on block chain
CN109255713A (en) * 2018-11-12 2019-01-22 裴若含 In a kind of block chain network in certain time period book keeping operation power acquisition methods
CN109658048A (en) * 2018-11-06 2019-04-19 王亚萍 A kind of circulation of official document monitoring method and system
CN110298193A (en) * 2019-06-10 2019-10-01 中电科大数据研究院有限公司 Information sharing system and method based on block chain

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488171A (en) * 2008-12-16 2009-07-22 安徽和安信息科技有限公司 File authentication method based on separating electronic label
CN105930234A (en) * 2016-05-25 2016-09-07 华中科技大学 Traceability information-based data reconstruction system and method
CN107196934A (en) * 2017-05-18 2017-09-22 电子科技大学 A kind of cloud data managing method based on block chain
CN107360156A (en) * 2017-07-10 2017-11-17 广东工业大学 P2P network method for cloud storage based on block chain under a kind of big data environment
CN107508801A (en) * 2017-08-04 2017-12-22 安徽智圣通信技术股份有限公司 A kind of file tamper-proof method and device
CN107948182A (en) * 2017-12-06 2018-04-20 上海格尔安全科技有限公司 A kind of WEB application configuration file tamper resistant method based on PKI
CN109064063A (en) * 2018-09-11 2018-12-21 北京工商大学 A kind of food safety risk Source Tracing system and method based on block chain
CN109658048A (en) * 2018-11-06 2019-04-19 王亚萍 A kind of circulation of official document monitoring method and system
CN109255713A (en) * 2018-11-12 2019-01-22 裴若含 In a kind of block chain network in certain time period book keeping operation power acquisition methods
CN110298193A (en) * 2019-06-10 2019-10-01 中电科大数据研究院有限公司 Information sharing system and method based on block chain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112966306A (en) * 2021-04-02 2021-06-15 西安慧博文定信息技术有限公司 Processing method and device for blind verification file

Also Published As

Publication number Publication date
CN112152812B (en) 2021-05-25

Similar Documents

Publication Publication Date Title
US11182726B2 (en) Blockchain-based system for analyzing and tracking work performance
US10810683B2 (en) Hierarchical meta-ledger transaction recording
CN107566118B (en) Cloud auditing method capable of dynamically revoking lightweight user and dynamically updating data
JP3260524B2 (en) Digital signature generation method
ES2893822T3 (en) A computer-implemented method and system for life cycle tracking of certified documents and computer programs thereof
CN110113334B (en) Contract processing method and device based on block chain and storage medium
CN111259439B (en) Intangible asset management service platform based on block chain and implementation method thereof
CN111881109B (en) Database mergeable ledgers
KR20180066500A (en) Apparatus and Method for signing electronic contract using digital official seal
JP4836735B2 (en) Electronic information verification program, electronic information verification apparatus, and electronic information verification method
US20230206219A1 (en) Identification token, systems and methods for identification and identity verification.
CN111797426B (en) Method and system for distrust notification service
CN112152812B (en) File tracing and tamper-proof method based on cryptography
CN110192212B (en) Digital asset platform
CN114981773A (en) Conflict-free version control
CN106471510A (en) Compound document accesses
CN115150150B (en) Information recording method based on block chain technology
JP2009015445A (en) Document management system and document management method
US20080163346A1 (en) Customized untrusted certificate replication
JP4663292B2 (en) Electronic document storage management system, electronic document storage management method, and electronic document storage management program
CN109271811B (en) Group signature-based electronic material evidence tamper-proof storage method
JP2005135072A (en) Secure document exchange system, document approval method, document exchange management method and program therefor
CN116127427B (en) Office document processing method and system
TWI569166B (en) Data verification method
WO2022079940A1 (en) Registrant terminal, holder terminal, method, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant