[go: up one dir, main page]

CN106603534A - System sharing traceable encrypted data - Google Patents

System sharing traceable encrypted data Download PDF

Info

Publication number
CN106603534A
CN106603534A CN201611169297.XA CN201611169297A CN106603534A CN 106603534 A CN106603534 A CN 106603534A CN 201611169297 A CN201611169297 A CN 201611169297A CN 106603534 A CN106603534 A CN 106603534A
Authority
CN
China
Prior art keywords
information
plaintext
key
signature
field
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611169297.XA
Other languages
Chinese (zh)
Inventor
宋承根
谭智勇
钟峰
王子龙
张勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Brilliant Hi Tech Development Co Ltd
Original Assignee
Beijing Brilliant Hi Tech Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Brilliant Hi Tech Development Co Ltd filed Critical Beijing Brilliant Hi Tech Development Co Ltd
Priority to CN201611169297.XA priority Critical patent/CN106603534A/en
Publication of CN106603534A publication Critical patent/CN106603534A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a system sharing traceable encrypted data, relates to the technical field of data transmission, and can obtain and verify all transmission paths that encrypted data pass. In the system, information sending equipment is used for obtaining secret key plaintext, information plaintext and information ciphertext; a public key of information receiving equipment is utilized to encrypt the secret key plaintext to obtain secret key ciphertext; a transmission path used for representing information from the information sending equipment to the information receiving equipment is added to a path field; a private key of the information sending equipment is utilized to sign data formed by the updated path field and the information plaintext, thereby obtaining signature information of the information sending equipment; the signature information of the information sending equipment is added to a signature field; and a data packet including the updated path field, a field used for storing the secret key ciphertext, a field used for storing the information ciphertext and the updated signature field is sent to the information receiving equipment. The system sharing traceable encrypted data is mainly suitable for scenes sharing information based on an encryption technology.

Description

System for sharing traceable encrypted data
Technical Field
The invention relates to the technical field of data transmission, in particular to a system for sharing traceable encrypted data.
Background
Data transmission is the communication process by which data is transferred from one device to another. In practical applications, in order to protect privacy and security of data, when an information sending device sends information to an information receiving device, the information sending device often encrypts the information to be sent by using a public key of the information receiving device, and then sends an obtained ciphertext to the information receiving device, so that the information receiving device decrypts the ciphertext by using its own private key. In addition, in order to enable the information receiving device to determine the identity of the information sending device and verify the correctness of the received information, the information to be sent is often signed by a signature technology.
However, the existing encryption and signature methods can only verify whether the information is the information transmitted by the device directly transmitting the information, but cannot verify whether the information has been changed from the original information transmitting device to the present, so that the reliability of the information is reduced.
Disclosure of Invention
In view of this, the present invention provides a system for sharing traceable encrypted data, which can acquire and verify all transmission paths through which the encrypted data passes, thereby improving the reliability of information transmission.
The purpose of the invention is realized by adopting the following technical scheme:
the invention provides a system for sharing traceable encrypted data, which comprises an information sending device and an information receiving device, wherein the information sending device is used for sending encrypted data to the information receiving device; wherein,
the information sending equipment is used for acquiring a key plaintext used for encrypting an information plaintext, the information plaintext and an information ciphertext obtained by encrypting the information plaintext by using the key plaintext when the information is required to be sent to the information receiving equipment; encrypting the key plaintext by using a public key of the information receiving equipment to obtain a key ciphertext corresponding to the public key of the information receiving equipment; adding a transmission path for representing information sent from the information sending equipment to the information receiving equipment into a path field for recording each information transmission path to obtain an updated path field; signing data consisting of the updated path field and the information plaintext by using a private key of the information sending equipment to obtain signature information of the information sending equipment; adding the signature information of the information sending equipment to a signature field for recording the signature information of each information sending equipment to obtain an updated signature field; sending a data packet including the updated path field, the field in which the key ciphertext is stored, the field in which the information ciphertext is stored and the updated signature field to the information receiving device;
the information receiving device is used for receiving the data packet sent by the information sending device; decrypting the key ciphertext in the data packet by using a private key of the information receiving equipment to obtain a key plaintext; decrypting the information ciphertext in the data packet by using the key plaintext obtained by decryption to obtain an information plaintext; verifying each signature information in the signature field according to the path field, the information plaintext obtained by decrypting the key plaintext and the public keys of all information sending devices which send the information ciphertext; if all the signature information is successfully verified, keeping the information plaintext obtained by decrypting the key plaintext; and if the signature information fails to be verified, discarding the information plaintext obtained by decrypting the key plaintext.
By the technical scheme, the traceability-based system for encrypting data sharing provided by the invention can send a data packet comprising a path field for recording each information transmission path, a field for storing a key ciphertext, a field for storing an information ciphertext and a signature field for storing signature information of each information sending device to the information receiving device (wherein the signature information is a signature about the transmission path and the information plaintext) when the information sending device needs to send information to the information receiving device, so that the information receiving device can obtain the information plaintext according to a private key of the information receiving device, the key ciphertext and the information ciphertext after receiving the data packet, and then verify each signature information in the signature field according to the path field, the information plaintext and a public key of each information sending device which sent the information ciphertext once, therefore, the verification of all transmission paths and the verification of the information plaintext transmitted by each information transmitting device are realized, the information plaintext is reserved only when all signature information is verified successfully, and the reliability of the information receiving device for receiving the information is improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a block diagram illustrating components of a system for sharing traceable encrypted data according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating a method for sharing traceable encrypted data according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating an example method for generating traceable encrypted data provided by an embodiment of the present invention;
FIG. 4 is a diagram illustrating an exemplary method for sharing traceable encrypted data provided by an embodiment of the present invention;
FIG. 5 is a flow chart illustrating another method for sharing traceable encrypted data provided by an embodiment of the present invention;
fig. 6 is a block diagram illustrating an apparatus for sharing traceable encrypted data according to an embodiment of the present invention;
fig. 7 is a block diagram illustrating another apparatus for sharing traceable encrypted data according to an embodiment of the present invention;
fig. 8 is a block diagram illustrating another apparatus for sharing traceable encrypted data according to an embodiment of the present invention;
fig. 9 is a block diagram illustrating another apparatus for sharing traceable encrypted data according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
An embodiment of the present invention provides a system for sharing traceable encrypted data, as shown in fig. 1, the system includes an information sending device 11 and an information receiving device 12; wherein,
the information sending device 11 is configured to, when information needs to be sent to the information receiving device 12, obtain a key plaintext used for encrypting an information plaintext, the information plaintext, and an information ciphertext obtained by encrypting the information plaintext using the key plaintext; encrypting the key plaintext by using the public key of the information receiving device 12 to obtain a key ciphertext corresponding to the public key of the information receiving device 12; adding a transmission path for representing information transmitted from the information transmitting apparatus 11 to the information receiving apparatus 12 to a path field for recording each information transmission path, and obtaining an updated path field; signing data consisting of the updated path field and the information plaintext by using a private key of the information sending equipment 11 to obtain signature information of the information sending equipment 11; adding the signature information of the information sending equipment 11 to a signature field for recording the signature information of each information sending equipment 11 to obtain an updated signature field; sending a data packet including the updated path field, the field in which the key ciphertext is stored, the field in which the information ciphertext is stored, and the updated signature field to the information receiving apparatus 12;
the information receiving device 12 is configured to receive the data packet sent by the information sending device 11; decrypting the key ciphertext in the data packet by using the private key of the information receiving device 12 to obtain a key plaintext; decrypting the information ciphertext in the data packet by using the key plaintext obtained by decryption to obtain an information plaintext; verifying each signature information in the signature field according to the path field, the information plaintext obtained by decrypting the key plaintext and the public keys of all the information sending devices 11 which have sent the information ciphertext; if all the signature information is successfully verified, keeping the information plaintext obtained by decrypting the key plaintext; and if the signature information fails to be verified, discarding the information plaintext obtained by decrypting the key plaintext.
The system for sharing traceable encrypted data according to the embodiment of the present invention is capable of sending a data packet including a path field for recording each information transmission path, a field for storing a key ciphertext, a field for storing an information ciphertext, and a signature field for storing signature information of each information sending device 11 to the information receiving device 12 (where the signature information is a signature about the transmission path and the information plaintext) when the information sending device 11 needs to send information to the information receiving device 12, so that the information receiving device 12 can obtain the information plaintext according to its own private key, the key ciphertext, and the information ciphertext after receiving the data packet, and then verify each signature information in the signature field according to the path field, the information plaintext, and the public key of each information sending device 11 that has sent the information ciphertext once, therefore, the verification of all transmission paths and the verification of the information plaintext transmitted by each information transmitting device 11 are realized, the information plaintext is reserved only when all signature information is verified successfully, and the reliability of the information receiving device 12 for receiving the information is further improved.
The following describes in detail a specific embodiment of the information transmitting apparatus side and a specific embodiment of the information receiving apparatus side, respectively:
an embodiment of the present invention provides a method for sharing traceable encrypted data, where the method is applied to an information sending device, and as shown in fig. 2, the method includes:
201. when information needs to be sent to information receiving equipment, acquiring a key plaintext for encrypting an information plaintext, the information plaintext and an information ciphertext obtained by encrypting the information plaintext by using the key plaintext;
specifically, when the current information sending device is the original information sending device that sends the information, the key plaintext and the information plaintext may be directly obtained from the local; when the current information transmitting apparatus is not the original information transmitting apparatus, the key plaintext and the information plaintext parsed from the packet received by the previous information transmitting apparatus may be acquired.
The data packet received by the current information sending equipment from the previous information sending equipment side comprises: a path field for recording each information transmission path, a field for recording a key ciphertext, a field for recording an information ciphertext, and a field for recording signature information of the respective information transmission apparatuses (from an original information transmission apparatus to a previous information transmission apparatus). Therefore, the specific implementation manner of parsing the data packet received by the previous information sending device to obtain the key plaintext and the information plaintext may be: the current information receiving equipment decrypts a key ciphertext in a received data packet by using a private key of the current information receiving equipment to obtain a key plaintext; and then, decrypting the information ciphertext in the received data packet by using the key plaintext to obtain the information plaintext.
In addition, when the current information sending device is the original information sending device, the information plaintext needs to be encrypted by using the key ciphertext after the key plaintext and the information plaintext are obtained, so that the information ciphertext can be obtained; when the current information sending device is not the original information sending device, if the information ciphertext is needed, the information ciphertext can be directly extracted from the field for recording the information ciphertext of the data packet sent by the previous information receiving device.
202. Encrypting the key plaintext by using a public key of the information receiving equipment to obtain a key ciphertext corresponding to the public key of the information receiving equipment;
the cipher key ciphertext obtained by encrypting the public key of the information receiving equipment can be unlocked only by the private key of the information receiving equipment, so that the cipher key plaintext is encrypted by the public key of the information receiving equipment, and the cipher key plaintext can be effectively prevented from leaking.
It should be noted that this step only needs to be executed before step 206, and the execution order thereof with respect to steps 203 to 205 is not limited.
203. Adding a transmission path for representing information sent from the information sending equipment to the information receiving equipment into a path field for recording each information transmission path to obtain an updated path field;
when the information sending device records the transmission path, only the transmission path of this time is added to the path field, and the transmission paths recorded by other information sending devices before are not deleted, so that all the transmission paths from the original information sending device to the information receiving device corresponding to the current information sending device are stored in the path field.
For example, if information passes through the device B and the device C in order from the original information transmitting device a to the current information transmitting device D, and the information transmitting device D is to transmit the information to the information receiving device E, the content stored in the path field may be "from D to E $ from C to D $ from B to C $ from a to B".
204. Signing data consisting of the updated path field and the information plaintext by using a private key of the information sending equipment to obtain signature information of the information sending equipment;
specifically, the information sending device splices the content in the path field with the information plaintext, then operates the spliced data according to a preset algorithm to obtain an operation value of the spliced data, and finally encrypts the operation value of the spliced data by using a private key of the information sending device to obtain the signature information of the information sending device. The preset algorithm may be a hash algorithm, or may be another algorithm.
It should be added that when the path field and the information plaintext are spliced, the path field may be located in front, or the information plaintext may be located in front, and the relative positions of the path field and the information plaintext are not limited.
205. Adding the signature information of the information sending equipment to a signature field for recording the signature information of each information sending equipment to obtain an updated signature field;
when the information sending device records the current signature information, only the current signature information is added into the signature field, and the signature information recorded by other information sending devices before is not deleted, so that all the signature information from the original information sending device to the current information sending device is stored in the signature field.
For example, if the information plaintext M is encrypted and then passes through the device B and the device C in order from the original information transmitting device a to the current information transmitting device D, and the information transmitting device D is to transmit information to the information receiving device E, the content stored in the signature field may be a signature for "from D to E $ from C to D $ from B to C $ from a to B & mess ═ M".
206. And sending a data packet comprising the updated path field, the field in which the key ciphertext is stored, the field in which the information ciphertext is stored and the updated signature field to the information receiving equipment, so that the information receiving equipment can acquire and verify the information plaintext and the transmission path of the information plaintext by analyzing the data packet.
The method for the information receiving device to obtain and verify the information plaintext and the transmission path of the information plaintext by parsing the data packet is described in detail in fig. 4 below.
The scheme of this embodiment is illustrated below:
as shown in fig. 3, if information sequentially passes through a device B and a device C from an original information sending device a to a current information sending device D, and the information sending device D is to transmit the information to an information receiving device E, a process of the information sending device D generating a data packet to be transmitted is as follows:
(A1) the information sending equipment D acquires a data packet 1 which is sent by the equipment C and comprises a path field, a field for recording a key ciphertext, a field for recording an information ciphertext and a signature field;
the path field includes three transmission paths "from C to D", "from B to C", and "from a to B", the field for recording the key ciphertext includes the key ciphertext (i.e., the key ciphertext obtained by encrypting the key plaintext using the public key of D) corresponding to the public key of the information sending apparatus D, the field for recording the information ciphertext includes the information ciphertext obtained by encrypting the key plaintext, and the signature field includes the signature information of C, the signature information of B, and the signature information of a.
(A2) The information sending device D decrypts the key ciphertext by using the private key of the D to obtain a key plaintext;
(A3) the information sending equipment D encrypts a secret key plaintext by using the public key of the E to obtain a secret key ciphertext corresponding to the public key of the E, and replaces the secret key ciphertext corresponding to the public key of the E with the secret key ciphertext corresponding to the public key of the D in a field for recording the secret key ciphertext;
the step A3 only needs to be executed after the step a2 and before the step a7, and the execution order thereof with respect to the steps a4-a6 is not limited.
(A4) The information sending equipment D decrypts the information ciphertext by using the key plaintext to obtain the information plaintext;
the step a4 only needs to be executed after the step a2 and before the step a6, and the execution order of the step A3 and the step a5 is not limited herein.
(A5) The information sending equipment D adds a transmission path from D to E into the path field to obtain an updated path field;
the step a5 only needs to be executed after the step a1 and before the step a6, and the execution sequence thereof with respect to the steps a2-a4 is not limited herein.
(A6) The information sending device D splices the updated path field with the information plaintext, so that the spliced content comprises 'from D to E', 'from C to D', 'from B to C', 'from A to B' and 'information plaintext', and signs the spliced content by using the private key of D to obtain the signature information of D;
(A7) the information sending device D determines the data packet 2 including the updated path field, the updated field for recording the key ciphertext, the field for recording the information ciphertext, and the updated signature field as the data packet that needs to be sent to the information receiving device E.
Furthermore, as can be seen from fig. 3, the field for recording the information ciphertext is not changed, so that only the original information sending device performs the encryption operation on the information plaintext in the process of transmitting the encrypted data, while other information sending devices only need to encrypt the key plaintext of the encrypted information plaintext without encrypting the information plaintext again, and the data size of the key plaintext is often much smaller than that of the information plaintext, so that the amount of calculation for encryption is reduced.
The method for sharing traceable encrypted data provided by the embodiment of the invention can send a data packet comprising a path field for recording each information transmission path, a field for storing a key ciphertext, a field for storing an information ciphertext and a signature field for storing signature information of each information sending device to the information receiving device (wherein, the signature information is a signature about the transmission path and the information plaintext) when the information sending device needs to send information to the information receiving device, so that the information receiving device can obtain the information plaintext according to the own private key, the key ciphertext and the information ciphertext after receiving the data packet, then verify each signature information in the signature field respectively according to the path field, the information plaintext and the public key of each information sending device which sent the information ciphertext once, therefore, the verification of all transmission paths and the verification of the information plaintext transmitted by each information transmitting device are realized, the information plaintext is reserved only when all signature information is verified successfully, and the reliability of the information receiving device for receiving the information is improved.
Optionally, when the key plaintext and the information plaintext obtained by the current information sending device are from a data packet sent by the previous information sending device, in order to ensure that the information sent to the information receiving device is reliable and correct information, before obtaining the key plaintext and the information plaintext parsed from the data packet received by the previous information sending device, the current information sending device may first verify whether the information plaintext parsed from the data packet is tampered and whether the information plaintext is reliable, when the information plaintext is not tampered and reliable, obtain the information plaintext parsed from the data packet, and when the information plaintext is tampered or unreliable, directly discard the information plaintext, thereby discarding the information sent to the plaintext information receiving device.
Wherein, the following steps are to verify whether the plaintext of the information analyzed from the data packet is reliable: it is verified whether the transmission path in the path field for recording each time the information transmission path is correct.
Since the signature information in the signature field is the signature information of each information sending device on the transmission path and the information plaintext, it can be verified whether the information plaintext parsed from the packet is falsified and whether the information plaintext is reliable by verifying the signature information in the signature field.
Specifically, the implementation manner of whether the plaintext of the verification information is tampered and whether the plaintext is reliable may be: the current information sending device can verify each signature information in the signature field according to the path field in the received data packet, the information plaintext obtained by decrypting the information plaintext by using the key plaintext and the public key of each information sending device from the original information sending device to the last information sending device; if the verification of each signature information is successful, determining that the information plaintext is not tampered and is reliable (namely, the transmission path is correct); if the signature information fails to be verified, the plaintext of the information is falsified or the plaintext of the information is unreliable (namely, the transmission path is incorrect).
The previous information sending device is a previous information sending device adjacent to the current information sending device, that is, a data packet received by the current information sending device is sent by the previous information sending device. For example, if information sequentially passes through the device B and the device C from the original information transmitting device a to the device D, and the device D needs to verify the signature information in the data packet transmitted by the device C, the current information transmitting device is the device D, and the previous information transmitting device is the device C.
Specifically, the current information receiving device may obtain, according to a preset verification sequence, a complete transmission path corresponding to the information sending device to be verified from the path field, where the complete transmission path includes all transmission paths from the original sending device to the information receiving device corresponding to the information sending device to be verified; and then, according to the public key of the information sending equipment to be verified and data consisting of the complete transmission path and the information plaintext obtained by decrypting the information plaintext by using the secret key, verifying the signature information of the information sending equipment to be verified until the verification of all the signature information is completed.
The information sending device to be verified is any one of the original information sending device and the previous information sending device. The preset verification sequence may be sequentially verified from the original information sending device to the previous information sending device, or sequentially verified from the previous information sending device to the original information sending device.
In addition, there may be various specific implementation manners of "verifying the signature information of the information sending device to be verified according to the public key of the information sending device to be verified and the data composed of the complete transmission path and the information plaintext obtained by decrypting the information plaintext using the secret key". One way to verify the signature is: calculating an operation value of data consisting of the complete transmission path and an information plaintext obtained by decrypting the key plaintext according to a preset algorithm; and verifying the signature information of the information sending equipment to be verified according to the calculated operation value and the public key of the information sending equipment to be verified.
The specific implementation manner of verifying the signature information of the information sending device to be verified according to the calculated operation value and the public key of the information sending device to be verified may be as follows: decrypting corresponding signature information according to a public key of information sending equipment to be verified to obtain a decrypted operation value, and then comparing the operation value obtained by calculation with the decrypted operation value; if the two are the same, the information plaintext analyzed from the data packet is the same as the signed information plaintext, and the transmission path in the path field is the same as the signed transmission path, so that the verification success can be determined; if the two are different, the information plaintext analyzed from the data packet is different from the signed information plaintext, or the transmission path in the path field is different from the signed transmission path, so that the verification failure can be determined.
For example, as shown in fig. 4, if information sequentially passes through device B and device C from original information sending device a to device D, the process of device D verifying the data in the data packet sent by device C is as follows:
(B1) the device D receives a data packet which is sent by the device C and comprises a path field, a field for recording a key ciphertext, a field for recording an information ciphertext and a signature field;
the path field comprises three transmission paths of 'from C to D', 'from B to C' and 'from A to B', the field for recording the cipher key cryptograph comprises a cipher key cryptograph corresponding to a public key of the information sending device D, the field for recording the information cryptograph comprises an information cryptograph obtained by encrypting a plain text by using the cipher key plaintext, and the signature field comprises signature information of C, signature information of B and signature information of A.
(B2) The device D decrypts the key ciphertext by using the private key of the device D to obtain a key plaintext;
(B3) the device D decrypts the information ciphertext by using the key plaintext to obtain the information plaintext;
after obtaining the plaintext, the device D may verify the signature information of the devices to be verified (i.e., the device a to the device C) according to the plaintext and the transmission path in the path field, so as to determine whether the plaintext is authentic or not. Specifically, the verification of the signature information of the device C by the device D is described in the following step B4, the verification of the signature information of the device B by the device D is described in the following step B5, and the verification of the signature information of the device a by the device D is described in the following step B6.
(B4) The device D splices the complete path corresponding to the device C with the information plaintext, so that the spliced content comprises 'from C to D', 'from B to C', 'from A to B' and 'information plaintext', and then verifies the signature information of the device C according to the public key of the device C and the spliced content;
(B5) the device D splices the complete path corresponding to the device B with the information plaintext, so that the spliced content comprises 'from B to C', 'from A to B' and 'information plaintext', and then verifies the signature information of the device B according to the public key of the device B and the spliced content;
(B6) the device D splices the complete path corresponding to the device A and the information plaintext, so that the spliced content comprises ' from A to B ' and the information plaintext ', and then the signature information of the device A is verified according to the public key of the device A and the spliced content;
(B7) if the verification is successful, the information plaintext analyzed from the data packet is determined to be true and reliable, otherwise, the information plaintext is not true and reliable.
Further, according to the method shown in fig. 2, another embodiment of the present invention further provides a method for sharing traceable encrypted data, where the method is applied to an information receiving apparatus, as shown in fig. 5, and the method includes:
301. receiving a data packet sent by information sending equipment;
the data packet comprises a path field for recording each information transmission path, a field for recording a key ciphertext, a field for recording an information ciphertext and a field for recording signature information of each information sending device, the key ciphertext is obtained by encrypting a key plaintext according to a public key of the information receiving device, the key plaintext is used for encrypting the information plaintext, and the signature information is obtained by signing data consisting of the corresponding path field and the information plaintext according to a private key of the information sending device.
In addition, for detailed descriptions of the path field and the signature field, reference may be made to the method embodiment at the information sending device side, and details are not described here again.
302. Decrypting the key ciphertext in the data packet by using a private key of the information receiving equipment to obtain a key plaintext;
since the encryption key used by the information sending device when encrypting the key plaintext is the public key of the information receiving device, the information receiving device can successfully decrypt the key ciphertext by using the private key of the information receiving device to obtain the key plaintext.
303. Decrypting the information ciphertext in the data packet by using the key plaintext obtained by decryption to obtain an information plaintext;
304. verifying each signature information in the signature field according to the path field, the information plaintext obtained by decrypting the key plaintext and the public keys of all information sending devices which send the information ciphertext;
specifically, the information receiving device may obtain, according to a preset verification sequence, a complete transmission path corresponding to the information sending device to be verified from the path field, where the complete transmission path includes all transmission paths from the original sending device to the information receiving device corresponding to the information sending device to be verified; and verifying the signature information of the information sending equipment to be verified according to the data consisting of the complete transmission path and the information plaintext obtained by decrypting the information plaintext by using the secret key and the public key of the information sending equipment to be verified until all the signature information is verified.
The specific implementation manner of "verifying the signature information of the information sending device to be verified according to the data composed of the complete transmission path and the information plaintext obtained by decrypting the information plaintext by using the key and the public key of the information sending device to be verified" may be: calculating an operation value of data consisting of the complete transmission path and an information plaintext obtained by decrypting the key plaintext according to a preset algorithm; and verifying the signature information of the information sending equipment to be verified according to the calculated operation value and the public key of the information sending equipment to be verified.
For a specific example of verifying the signature, reference may be made to the method embodiment (i.e., the example in fig. 4) on the information sending device side, which is not described herein again.
305. If all the signature information is successfully verified, keeping the information plaintext obtained by decrypting the key plaintext;
when all the signature information is verified successfully, in the process of transmitting the description information from the original information sending equipment to the current information receiving equipment, the content of the information plaintext is not changed, and transmission paths are all reliable paths and are not intercepted by unreliable equipment, so that the obtained information plaintext can be reserved.
306. And if the signature information fails to be verified, discarding the information plaintext obtained by decrypting the key plaintext.
When the signature information of a certain information sending device fails to be verified, the obtained information plaintext is not reliable, so that the information plaintext can be directly discarded to prevent the unreliable information plaintext from being transmitted to other devices.
The method for sharing traceable encrypted data provided by the embodiment of the invention can send a data packet comprising a path field for recording each information transmission path, a field for storing a key ciphertext, a field for storing an information ciphertext and a signature field for storing signature information of each information sending device to the information receiving device (wherein, the signature information is a signature about the transmission path and the information plaintext) when the information sending device needs to send information to the information receiving device, so that the information receiving device can obtain the information plaintext according to the own private key, the key ciphertext and the information ciphertext after receiving the data packet, then verify each signature information in the signature field respectively according to the path field, the information plaintext and the public key of each information sending device which sent the information ciphertext once, therefore, the verification of all transmission paths and the verification of the information plaintext transmitted by each information transmitting device are realized, the information plaintext is reserved only when all signature information is verified successfully, and the reliability of the information receiving device for receiving the information is improved.
Further, according to the method shown in fig. 2, another embodiment of the present invention further provides an apparatus for sharing traceable encrypted data, where the apparatus is applied to an information sending device, and as shown in fig. 6, the apparatus mainly includes: an acquisition unit 41, an encryption unit 42, an addition unit 43, a signature unit 44, and a transmission unit 45. Wherein,
an obtaining unit 41, configured to obtain, when information needs to be sent to an information receiving apparatus, a key plaintext used for encrypting the information plaintext, and an information ciphertext obtained by encrypting the information plaintext using the key plaintext;
an encrypting unit 42, configured to encrypt the key plaintext obtained by the obtaining unit 41 by using a public key of an information receiving apparatus, to obtain a key ciphertext corresponding to the public key of the information receiving apparatus;
an adding unit 43, configured to add a transmission path used for sending the characterization information from the information sending apparatus to the information receiving apparatus to a path field used for recording information transmission paths each time, and obtain an updated path field;
a signature unit 44, configured to sign, by using a private key of the information sending apparatus, data composed of the updated path field obtained by the adding unit 43 and the information plaintext obtained by the obtaining unit 41, so as to obtain signature information of the information sending apparatus;
the adding unit 43 is further configured to add the signature information of the information sending device obtained by the signature unit 44 to a signature field for recording signature information of each information sending device, so as to obtain an updated signature field;
a sending unit 45, configured to send a data packet including the updated path field, the field in which the key ciphertext is stored, the field in which the information ciphertext is stored, and the updated signature field to the information receiving apparatus, so that the information receiving apparatus obtains and verifies the information plaintext and the transmission path of the information plaintext by analyzing the data packet.
Optionally, as shown in fig. 7, the obtaining unit 41 includes:
a first obtaining module 411, configured to directly obtain the plaintext of the key and the plaintext of the information from local when the information sending apparatus is an original information sending apparatus that sends the information;
a second obtaining module 412, configured to obtain, when the information sending apparatus is not the original information sending apparatus, the key plaintext and the information plaintext that are obtained by parsing in a data packet received from a previous information sending apparatus side.
Optionally, as shown in fig. 7, the apparatus further includes:
an analyzing unit 46, configured to analyze the data packet received by the previous information sending device to obtain the key plaintext and the information plaintext;
the parsing unit 46 is configured to decrypt a key ciphertext in the received data packet by using a private key of the current information sending device, so as to obtain the key plaintext; and decrypting the information ciphertext in the received data packet by using the key plaintext to obtain the information plaintext.
Optionally, as shown in fig. 7, the apparatus further includes:
a verification unit 47, configured to verify each piece of signature information in the signature field according to a path field in the received data packet, a plaintext obtained by decrypting the plaintext using the key, and a public key of each of the original information sending apparatus and the previous information sending apparatus before the obtaining unit 41 obtains the plaintext and the plaintext of the key parsed from the data packet received by the previous information sending apparatus;
the obtaining unit 41 is configured to obtain the plaintext of the key and the plaintext of the information parsed from the packet received by the previous information sending apparatus when the verification result of the verifying unit 47 is that all the signature information is successfully verified.
Optionally, as shown in fig. 7, the verification unit 47 includes:
a third obtaining module 471, configured to obtain, according to a preset verification sequence, a complete transmission path corresponding to the information sending device to be verified from the path field, where the complete transmission path includes all transmission paths from the original sending device to an information receiving device corresponding to the information sending device to be verified;
a verifying module 472, configured to verify the signature information of the information sending device to be verified according to the data composed of the complete transmission path and the information plaintext obtained by decrypting the key plaintext and the public key of the information sending device to be verified, until verification of all signature information is completed.
Optionally, as shown in fig. 7, the apparatus further includes:
a discarding unit 48, configured to discard the information plaintext obtained by the key plaintext decryption when the verification result of the verification unit 47 is that there is signature information verification failure.
The apparatus for sharing traceable encrypted data according to the embodiments of the present invention is capable of sending a data packet including a path field for recording each information transmission path, a field for storing a key ciphertext, a field for storing an information ciphertext, and a signature field for storing signature information of each information sending device to an information receiving device (where the signature information is a signature about the transmission path and the information plaintext) when the information sending device needs to send information to the information receiving device, so that the information receiving device can obtain the information plaintext according to its own private key, the key ciphertext, and the information ciphertext after receiving the data packet, and then verify each signature information in the signature field according to the path field, the information plaintext, and a public key of each information sending device that sent the information ciphertext, therefore, the verification of all transmission paths and the verification of the information plaintext transmitted by each information transmitting device are realized, the information plaintext is reserved only when all signature information is verified successfully, and the reliability of the information receiving device for receiving the information is improved.
Further, according to the method shown in fig. 5, another embodiment of the present invention further provides an apparatus for sharing traceable encrypted data, where the apparatus is applied to an information receiving device, as shown in fig. 8, the apparatus mainly includes: a receiving unit 51, a decryption unit 52, an authentication unit 53, a retention unit 54, and a discarding unit 55. Wherein,
a receiving unit 51, configured to receive a data packet sent by an information sending device, where the data packet includes a path field for recording each information transmission path, a field for recording a key ciphertext, a field for recording an information ciphertext, and a field for recording signature information of each information sending device, the key ciphertext is obtained by encrypting a key plaintext according to a public key of the information receiving device, the key plaintext is used for encrypting the information plaintext, and the signature information is obtained by signing data composed of the corresponding path field and the information plaintext according to a private key of the information sending device;
a decryption unit 52, configured to decrypt, by using a private key of the information receiving apparatus, a key ciphertext in the data packet received by the receiving unit 51, so as to obtain a key plaintext;
the decryption unit 52 is further configured to decrypt the information ciphertext in the data packet by using the decrypted key plaintext to obtain an information plaintext;
a verification unit 53, configured to verify each piece of signature information in the signature field according to the path field, the information plaintext obtained by the decryption unit 42 through decryption using the key plaintext, and public keys of all information sending devices that have sent the information ciphertext;
a holding unit 54 configured to hold a plaintext of information obtained by decrypting the plaintext of the key when the verification result of the verification unit 53 is that all the signature information is successfully verified;
a discarding unit 55, configured to discard the information plaintext obtained by the key plaintext decryption when the verification result of the verifying unit 53 is that there is signature information verification failure.
Optionally, as shown in fig. 9, the verification unit 53 includes:
an obtaining module 531, configured to obtain, according to a preset verification order, a complete transmission path corresponding to the information sending device to be verified from the path field, where the complete transmission path includes all transmission paths that pass through from the original sending device to an information receiving device corresponding to the information sending device to be verified;
a verification module 532, configured to verify the signature information of the information sending device to be verified according to the data composed of the complete transmission path and the information plaintext obtained by decrypting with the key plaintext and the public key of the information sending device to be verified, until verification of all signature information is completed.
The apparatus for sharing traceable encrypted data according to the embodiments of the present invention is capable of sending a data packet including a path field for recording each information transmission path, a field for storing a key ciphertext, a field for storing an information ciphertext, and a signature field for storing signature information of each information sending device to an information receiving device (where the signature information is a signature about the transmission path and the information plaintext) when the information sending device needs to send information to the information receiving device, so that the information receiving device can obtain the information plaintext according to its own private key, the key ciphertext, and the information ciphertext after receiving the data packet, and then verify each signature information in the signature field according to the path field, the information plaintext, and a public key of each information sending device that sent the information ciphertext, therefore, the verification of all transmission paths and the verification of the information plaintext transmitted by each information transmitting device are realized, the information plaintext is reserved only when all signature information is verified successfully, and the reliability of the information receiving device for receiving the information is improved.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be appreciated that the relevant features of the method, apparatus and system described above may be referred to one another. In addition, "first", "second", and the like in the above embodiments are for distinguishing the embodiments, and do not represent merits of the embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in a system for sharing traceable encrypted data according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

Claims (6)

1. A system for sharing traceable encrypted data, the system comprising an information sending device and an information receiving device; wherein,
the information sending equipment is used for acquiring a key plaintext used for encrypting an information plaintext, the information plaintext and an information ciphertext obtained by encrypting the information plaintext by using the key plaintext when the information is required to be sent to the information receiving equipment; encrypting the key plaintext by using a public key of the information receiving equipment to obtain a key ciphertext corresponding to the public key of the information receiving equipment; adding a transmission path for representing information sent from the information sending equipment to the information receiving equipment into a path field for recording each information transmission path to obtain an updated path field; signing data consisting of the updated path field and the information plaintext by using a private key of the information sending equipment to obtain signature information of the information sending equipment; adding the signature information of the information sending equipment to a signature field for recording the signature information of each information sending equipment to obtain an updated signature field; sending a data packet including the updated path field, the field in which the key ciphertext is stored, the field in which the information ciphertext is stored and the updated signature field to the information receiving device;
the information receiving device is used for receiving the data packet sent by the information sending device; decrypting the key ciphertext in the data packet by using a private key of the information receiving equipment to obtain a key plaintext; decrypting the information ciphertext in the data packet by using the key plaintext obtained by decryption to obtain an information plaintext; verifying each signature information in the signature field according to the path field, the information plaintext obtained by decrypting the key plaintext and the public keys of all information sending devices which send the information ciphertext; if all the signature information is successfully verified, keeping the information plaintext obtained by decrypting the key plaintext; and if the signature information fails to be verified, discarding the information plaintext obtained by decrypting the key plaintext.
2. The system according to claim 1, wherein the information transmission device is configured to directly obtain the key plaintext and the information plaintext from local when the information transmission device is an original information transmission device that transmits the information; and when the information sending equipment is not the original information sending equipment, acquiring the key plaintext and the information plaintext which are obtained by analyzing in a data packet received from the previous information sending equipment side.
3. The system according to claim 2, wherein the information sending device is configured to decrypt a key ciphertext in the received data packet by using a private key of a current information sending device to obtain the key plaintext; and decrypting the information ciphertext in the received data packet by using the key plaintext to obtain the information plaintext.
4. The system according to claim 3, wherein the information sending apparatus is configured to, before acquiring the key plaintext and the information plaintext that are parsed from a data packet received from a previous information sending apparatus side, verify each piece of signature information in the signature field according to a path field in the received data packet, the information plaintext obtained by decrypting with the key plaintext, and a public key from the original information sending apparatus to each of the previous information sending apparatuses; and if all the signature information is successfully verified, acquiring the key plaintext and the information plaintext which are obtained by analyzing in the data packet received by the previous information sending equipment side.
5. The system according to claim 4, wherein the information sending device and/or the information receiving device is configured to obtain, according to a preset verification order, a complete transmission path corresponding to the information sending device to be verified from the path field, where the complete transmission path includes all transmission paths from the original sending device to the information receiving device corresponding to the information sending device to be verified; and verifying the signature information of the information sending equipment to be verified according to the data consisting of the complete transmission path and the information plaintext obtained by decrypting the information plaintext by using the secret key and the public key of the information sending equipment to be verified until all the signature information is verified.
6. The system according to claim 4 or 5, wherein the information transmission device is configured to discard information plaintext obtained by plaintext decryption using the key when there is a signature information verification failure.
CN201611169297.XA 2016-12-16 2016-12-16 System sharing traceable encrypted data Pending CN106603534A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611169297.XA CN106603534A (en) 2016-12-16 2016-12-16 System sharing traceable encrypted data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611169297.XA CN106603534A (en) 2016-12-16 2016-12-16 System sharing traceable encrypted data

Publications (1)

Publication Number Publication Date
CN106603534A true CN106603534A (en) 2017-04-26

Family

ID=58600812

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611169297.XA Pending CN106603534A (en) 2016-12-16 2016-12-16 System sharing traceable encrypted data

Country Status (1)

Country Link
CN (1) CN106603534A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111030984A (en) * 2019-10-22 2020-04-17 上海泰宇信息技术股份有限公司 Data safety transmission system and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101442409A (en) * 2007-11-23 2009-05-27 东方钢铁电子商务有限公司 Encipher method and system for B2B data exchange
CN101478548A (en) * 2009-01-22 2009-07-08 上海交通大学 Data transmission ciphering and integrity checking method
CN105376098A (en) * 2015-11-30 2016-03-02 中国互联网络信息中心 Route origin and path two-factor authentication method
CN106060014A (en) * 2016-05-18 2016-10-26 中国互联网络信息中心 Method for simultaneously solving prefix hijacking, path hijacking and route leakage attacks
US9490972B2 (en) * 2011-12-16 2016-11-08 Maxlinear, Inc. Method and apparatus for providing conditional access based on channel characteristics

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101442409A (en) * 2007-11-23 2009-05-27 东方钢铁电子商务有限公司 Encipher method and system for B2B data exchange
CN101478548A (en) * 2009-01-22 2009-07-08 上海交通大学 Data transmission ciphering and integrity checking method
US9490972B2 (en) * 2011-12-16 2016-11-08 Maxlinear, Inc. Method and apparatus for providing conditional access based on channel characteristics
CN105376098A (en) * 2015-11-30 2016-03-02 中国互联网络信息中心 Route origin and path two-factor authentication method
CN106060014A (en) * 2016-05-18 2016-10-26 中国互联网络信息中心 Method for simultaneously solving prefix hijacking, path hijacking and route leakage attacks

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111030984A (en) * 2019-10-22 2020-04-17 上海泰宇信息技术股份有限公司 Data safety transmission system and method
CN111030984B (en) * 2019-10-22 2022-08-19 上海泰宇信息技术股份有限公司 Data safety transmission system and method

Similar Documents

Publication Publication Date Title
CN109309565B (en) Security authentication method and device
CN102413132B (en) Two-way-security-authentication-based data downloading method and system
CN110891061B (en) Data encryption and decryption method, device, storage medium and encrypted file
CN113268715A (en) Software encryption method, device, equipment and storage medium
CN107770159B (en) Vehicle accident data recording method and related device and readable storage medium
CN113128999B (en) Block chain privacy protection method and device
CN109829269A (en) Method, apparatus and system based on E-seal authenticating electronic documents
US9940446B2 (en) Anti-piracy protection for software
CN106612180A (en) Method and device for realizing session identifier synchronization
CN104836784B (en) A kind of information processing method, client and server
US11349660B2 (en) Secure self-identification of a device
CN109144552A (en) A kind of boot firmware method for refreshing and device
CN112217636B (en) Data processing method and device based on block chain, computer equipment and medium
CN113872769B (en) Device authentication method and device based on PUF, computer device and storage medium
CN108959990B (en) A two-dimensional code verification method and device
US20130174282A1 (en) Digital right management method, apparatus, and system
CN105721903A (en) Method and system for playing online videos
CN106027574A (en) Identity authentication method and device
USRE49968E1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
CN106453430A (en) Method and device for verifying encrypted data transmission paths
CN106027254A (en) Secret key use method for identity card reading terminal in identity card authentication system
CN116760575A (en) Detection method and device of abnormal control instruction, electronic equipment and storage medium
CN108242997B (en) Method and device for secure communication
CN106027474A (en) Identity card reading terminal in identity card authentication system
CN106411964A (en) Traceable and encrypted data transmission method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170426