CN118036077A - A data element circulation management method, system and server based on electronic notarization - Google Patents
A data element circulation management method, system and server based on electronic notarization Download PDFInfo
- Publication number
- CN118036077A CN118036077A CN202410333936.XA CN202410333936A CN118036077A CN 118036077 A CN118036077 A CN 118036077A CN 202410333936 A CN202410333936 A CN 202410333936A CN 118036077 A CN118036077 A CN 118036077A
- Authority
- CN
- China
- Prior art keywords
- data
- algorithm
- signature
- private key
- support system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
- G06F2211/008—Public Key, Asymmetric Key, Asymmetric Encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data element circulation management method, a system and a server based on electronic notarization, which record and transmit data behavior instructions of all parties by constructing a trusted electronic notarization support system, and control the circulation and the use of data within a verifiable authorization range by using a multiparty cooperative password encryption and decryption algorithm, thereby providing protection for secret information of entity parties. Authorization, circulation and use of target information are achieved through multiparty collaboration without the service provider touching secret information, and proof with anti-repudiation capability can be provided.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a data element circulation management system based on electronic notarization.
Background
Private information (including general personal information data, sensitive personal information data, enterprise business secret data and the like) of individuals and enterprises becomes important production materials in modern digital society, protection of the private information becomes one of the problems to be solved urgently in the big data age, the general data protection regulations issued by European Union and the personal information protection laws issued by China all put clear requirements on protection of the private information, informed consent and data anonymization are two paths for realizing information protection of legal permission, and for scene requirements capable of receiving anonymous data, a reliable anonymization technology is an acceptable option, but for more scenes incapable of receiving anonymous data, such as investigation of credit investigation of customers by banks, the data anonymization technology cannot meet the service requirements, and the information protection problem must be solved by adopting the paths of informed consent; in the circulation of non-anonymous data across organizations, how to effectively establish a trusted implementation method of informed consent becomes a new problem.
Because the data provider and the data demander respectively bear different information protection obligations in the process of transferring the secret data, the entity principal of the data also respectively enjoys different supervision rights for the data provider and the data demander, how to ensure that the data provider strictly provides data for the data demander according to the authorization range of the entity principal, how to ensure that the data demander strictly uses corresponding data according to the authorization range of the entity principal, and how to prove that the entity principal has issued corresponding authorization by the data provider and the data demander, the series of problems all need to find corresponding methods to solve trust barriers among the parties.
The invention takes the data as a base point, records and transmits the data behavior instructions of all parties by constructing a trusted central system, and controls the circulation and the use of the data within a verifiable authorization range by using a multiparty cooperative password encryption and decryption algorithm, thereby providing protection for the secret information of the entity parties.
Disclosure of Invention
The invention aims at solving the problems and provides a data element circulation management method, a system and a server based on electronic notarization. The method for protecting the secret information of the information entity in an informed consent mode, particularly under the condition that a service provider does not need to contact the secret information, realizes the authorization, circulation and use of target information through a password operation method of multiparty cooperation, and can provide proof with anti-repudiation capability.
The technical scheme of the invention is as follows:
The invention provides a data element circulation management method based on electronic notarization, which is characterized in that a data provider service end DP, a data demander service end DD and an electronic notarization support system NS are communicated, and a data principal DS accesses the electronic notarization support system NS through a client tool, and the method comprises the following steps:
S1, initializing a system:
the data provider service DP uses standard public key cryptographic algorithm to generate public and private key pair, wherein the public key is that Private key isThe data provider service end DP deploys a hash algorithm H, an asymmetric encryption algorithm A enc, a signature algorithm S and a signature verification algorithm V;
The electronic notarization support system NS generates a public-private key pair by using a standard public key cryptographic algorithm, wherein the public key is Private key isThe electronic notarization support system NS deploys a hash algorithm H, deploys a signature algorithm S, deploys a signature verification algorithm V, an asymmetric collaborative public and private key generation algorithm SSB gen and an asymmetric collaborative decryption algorithm SSA dec;
the data consumer service end DD deploys a hash algorithm H, a decryption algorithm A dec, an intermediate analysis algorithm A res, a signature algorithm S, a signature verification algorithm V, an asymmetric collaborative public and private key generation algorithm SSA gen and an asymmetric collaborative decryption algorithm SSB dec; s2, data input step:
The data principal DS uses the client to access the electronic notarization support system NS, submits the identity information id of the data principal DS, and performs authentication registration to obtain an account Uds; the electronic notarization support system NS establishes association between the id and DS and the account Uds and records the association into a database;
S3, data application step:
S3.1, a data demander DD initiates a task to an electronic notarization support system NS, applies for obtaining the authorization of a data principal DS and synchronously generates a task number task;
Invoking an asymmetric collaborative public and private key generation algorithm SSA gen to generate a private key by taking a task number task and random data as a private key factor A The public key negotiates an intermediate value C_P, and sends the task number task, the ID of the DS and the public key negotiates intermediate values C_P to NS;
S3.2, the electronic notarization support system NS receives a request of a data demander DD, and obtains a corresponding account Uds from a database query id; the NS generates an authorization file f 0 to be signed according to the request content of the DD, and sends the authorization file f 0 and the task number task to an account Uds of the data principal DS;
S3.3, the data principal DS checks the file f 0 to be authorized through the account Uds;
If the authorization is agreed, an electronic signature is carried out on the file f 0, a formal authorization file f is generated, and the file f and the task number task are sent to an electronic notarization support system NS;
otherwise, terminating the authorization;
S3.4, the electronic notarization support system NS generates a data list l ds for inquiring the authorization data requester service DD of the file f according to the content of the authorization file f, and calls a private key Signature operation/>, using signature algorithm S, on manifest l ds Obtain signature valueThe list data and the random data are used as a private key factor B, and an asymmetric cooperative public and private key generation algorithm SSB gen is called to perform cooperative generation of a public and private key pair by combining a negotiation intermediate value C_P sent by the DD to obtain a cooperative public keyPrivate keyAnd the cooperative public key/>, generated by the taskIdentity information id, manifest l ds and signature valueTask number task to data provider server DP;
S3.5 data provider Server DP calls public Key of electronic notarization support System NS Checklist l ds and signature value/>, using a signature verification algorithm VCarry out the label checking operation
If the verification sign does not pass, terminating the data element query request;
if the verification passes, the content of the list l ds is analyzed, the data information corresponding to the id is searched from the database, a data set file d lds is generated, and the private key is called Signature operation/>, using signature algorithm S, on d lds Obtain signature value
Public key of data provider service end DP calling NSAnd collaborative public keyData set file d lds and its signature value/>, using asymmetric encryption algorithm a enc Performing encryption operations Obtain ciphertextAnd send ciphertextTask number task to data demander server DD;
s4, data acquisition:
S4.1 the data consumer service DD uses the intermediate analysis algorithm A res to process the ciphertext Resolving to obtain a first intermediate valueAnd will first intermediate valueAnd the identity information id of the DD is sent to an electronic notarization support system NS;
S4.2, the electronic notarization support system NS corresponds to the data information and the private key corresponding to the identity information id of the data demander DD Invoking an asymmetric collaborative decryption algorithm SSA dec on ciphertextPerforming operation to obtain a second intermediate valueSecond intermediate valueSending to a data demander DD;
S4.3 the data demander service DD is based on the second intermediate value And private key/>, corresponding to itselfInvoking an asymmetric collaborative decryption algorithm SSB dec on ciphertextPerforming decryption operation;
If the decryption is successful, the data set file d lds and the signature value thereof are obtained Invoking signature verification algorithm V through signature valueVerifying whether the data set file is tampered;
otherwise, the decryption fails and the authorization is terminated.
A data element circulation management method of a data provider server includes an initialization configuration step and a data application receiving step:
Executing an initialization configuration step:
the data provider service DP uses standard public key cryptographic algorithm to generate public and private key pair, wherein the public key is that Private key isThe data provider service end DP deploys a hash algorithm H, an asymmetric encryption algorithm A enc, a signature algorithm S and a signature verification algorithm V;
executing a received data application step:
the DP of the data provider receives the cooperative public key of the authorization task sent by the NS Identity information id, manifest l ds and signature valueTask number task;
public key for invoking electronic notarization support system NS Checklist l ds and signature value/>, using a signature verification algorithm VCarry out the label checking operation
If the verification sign does not pass, terminating the data element query request;
if the verification passes, the content of the list l ds is analyzed, the data information corresponding to the id is searched from the database, a data set file d lds is generated, and the private key is called Signature operation/>, using signature algorithm S, on d lds Obtain signature value
Public key of data provider service end DP calling NSAnd collaborative public keyData set file d lds and its signature value/>, using asymmetric encryption algorithm a enc Performing encryption operations Obtain ciphertextAnd send ciphertextTask number task to data demander service end DD.
The data provider server side is used for executing a data element circulation management method and comprises an initialization configuration module which is used for executing an initialization configuration step; and the received data application module is used for executing the received data application step.
The method comprises the steps of initializing configuration, receiving data application and executing data acquisition.
Executing an initialization configuration step:
The electronic notarization support system NS generates a public-private key pair by using a standard public key cryptographic algorithm, wherein the public key is Private key isThe electronic notarization support system NS deploys a hash algorithm H, deploys a signature algorithm S, deploys a signature verification algorithm V, an asymmetric collaborative public and private key generation algorithm SSB gen and an asymmetric collaborative decryption algorithm SSA dec;
Executing a data application step:
The electronic notarization support system NS receives the request of the data demander DD and obtains the corresponding account Uds from the database query id; the NS generates an authorization file f 0 to be signed according to the request content of the DD, and sends the authorization file f 0 and the task number task to an account Uds of the data principal DS;
the electronic notarization support system NS receives the grant authorization or termination authorization information sent by the data principal DS, and if the grant authorization is granted, a formal authorization file f and a task number task are received;
The electronic notarization support system NS generates a data list l ds for inquiring the DD of the authorized data demander server of the file f according to the content of the authorized data f, and calls the private key Signature operation/>, using signature algorithm S, on manifest l ds Obtain signature valueThe list data and the random data are used as a private key factor B, and an asymmetric cooperative public and private key generation algorithm SSB gen is called to perform cooperative generation of a public and private key pair by combining a negotiation intermediate value C_P sent by the DD to obtain a cooperative public keyPrivate keyAnd the cooperative public key/>, generated by the taskIdentity information id, manifest l ds and signature valueTask number task to data provider server DP;
executing a data acquisition step:
The electronic notarization support system NS receives a first intermediate value sent by the data demander service end DD And the identity information id of the DD, corresponding to the data information according to the identity information id of the DD of the data demander and the private key/>, corresponding to the data informationInvoking an asymmetric collaborative decryption algorithm SSA dec on ciphertextPerforming operation to obtain a second intermediate valueSecond intermediate valueTo the data consumer DD.
An electronic notarization support system for executing a data element circulation management method comprises an initialization configuration module for executing an initialization configuration step; the received data application module is used for executing the received data application step; and the data acquisition module is used for executing the data acquisition step.
A data element circulation management method of a data demander server side comprises an initialization configuration step, a data application receiving step and a data acquisition executing step:
Executing an initialization configuration step:
the data consumer service end DD deploys a hash algorithm H, a decryption algorithm A dec, an intermediate analysis algorithm A res, a signature algorithm S, a signature verification algorithm V, an asymmetric collaborative public and private key generation algorithm SSA gen and an asymmetric collaborative decryption algorithm SSB dec;
Executing a data application step:
the data demander DD initiates a task to the electronic notarization support system NS, applies for obtaining the authorization of the data principal DS and synchronously generates a task number task;
Invoking an asymmetric collaborative public and private key generation algorithm SSA gen to generate a private key by taking a task number task and random data as a private key factor A The public key negotiates an intermediate value C_P, and sends the task number task, the ID of the DS and the public key negotiates intermediate values C_P to NS;
executing a data acquisition step:
The data consumer service end DD receives the ciphertext sent by the data provider service end DP Task number task, use intermediate parsing algorithm A res for ciphertextResolving to obtain a first intermediate valueAnd will first intermediate valueAnd the identity information id of the DD is sent to an electronic notarization support system NS;
the data demander service end DD receives a second intermediate value sent by the electronic notarization support system NS According to the second intermediate valueAnd private key/>, corresponding to itselfInvoking an asymmetric collaborative decryption algorithm SSB dec on ciphertextPerforming decryption operation;
If the decryption is successful, the data set file d lds and the signature value thereof are obtained Invoking signature verification algorithm V through signature valueVerifying whether the data set file is tampered;
otherwise, the decryption fails and the authorization is terminated.
The data demander server side is used for executing a data element circulation management method and comprises an initialization configuration module, a data element circulation management module and a data element management module, wherein the initialization configuration module is used for executing an initialization configuration step; the received data application module is used for executing the received data application step; and the data acquisition module is used for executing the data acquisition step.
A data element circulation management method of a data principal client side comprises a data input step and a data application receiving step:
Executing a data entry step:
The data principal DS uses the client to access the electronic notarization support system NS, submits the identity information id of the data principal DS, and performs authentication registration to obtain an account Udx; the electronic notarization support system NS establishes association between the id and DS and the account Uds and records the association into a database;
executing a received data application step:
The data principal DS receives the authorization file f 0 and the task number task sent by the electronic notarization support system NS, and checks the file f 0 to be authorized through the account Uds;
If the authorization is agreed, an electronic signature is carried out on the file f 0, a formal authorization file f is generated, and the file f and the task number task are sent to an electronic notarization support system NS;
Otherwise, the authorization is terminated.
The data principal client is used for executing a data element circulation management method and comprises a data input module, a data processing module and a data processing module, wherein the data input module is used for executing a data input step; and the received data application module is used for executing the received data application step.
A data element circulation management system based on electronic notarization executes a data element circulation management method based on electronic notarization, and the system comprises a data provider server, a data demander server, an electronic notarization support system and a data principal client.
The invention has the beneficial effects that:
In the invention, the data provider stores various data information of the data principal, the data demander hopes to obtain the authorization of the data principal so as to inquire the data information of the data principal from the data provider, and the electronic notarization support system provides support for issuing authorization and managing authorization of the principal.
In the invention, the third party proving person can completely prove that the data demand person initiates the data request, the entity principal issues the authorization range, the data provider provides the data according to the range until the data demand person receives the whole process of the specified data, and each party cannot repudiate the specified data, thereby ensuring the traceability of the data.
In the invention, only the correct data demander can obtain permission to decrypt the secret data plaintext, so that the transmission of the secret data has the capability of preventing man-in-the-middle attack, does not need to rely on a safe transmission channel, and has better safety and higher reliability.
Additional features and advantages of the invention will be set forth in the detailed description which follows.
Detailed Description
Preferred embodiments of the present invention will be described in more detail below with reference to examples. While the preferred embodiments of the present invention have been illustrated, it should be understood that the invention may be embodied in various forms and should not be limited to the embodiments set forth herein.
Example 1:
The embodiment provides a data element circulation management method based on electronic notarization, which is characterized in that a data provider service end DP, a data requester service end DD and an electronic notarization support system NS are communicated, and a data principal DS accesses the electronic notarization support system NS through a client tool, and the method comprises the following steps:
S1, initializing a system:
the data provider service DP uses standard public key cryptographic algorithm to generate public and private key pair, wherein the public key is that Private key isThe data provider service end DP deploys a hash algorithm H, an asymmetric encryption algorithm A enc, a signature algorithm S and a signature verification algorithm V;
The electronic notarization support system NS generates a public-private key pair by using a standard public key cryptographic algorithm, wherein the public key is Private key isThe electronic notarization support system NS deploys a hash algorithm H, deploys a signature algorithm S, deploys a signature verification algorithm V, an asymmetric collaborative public and private key generation algorithm SSB gen and an asymmetric collaborative decryption algorithm SSA dec;
the data consumer service end DD deploys a hash algorithm H, a decryption algorithm A dec, an intermediate analysis algorithm A res, a signature algorithm S, a signature verification algorithm V, an asymmetric collaborative public and private key generation algorithm SSA gen and an asymmetric collaborative decryption algorithm SSB dec;
s2, data input step:
The data principal DS uses the client to access the electronic notarization support system NS, submits the identity information id of the data principal DS, and performs authentication registration to obtain an account Uds; the electronic notarization support system NS establishes association between the id and DS and the account Uds and records the association into a database;
S3, data application step:
S3.1, a data demander DD initiates a task to an electronic notarization support system NS, applies for obtaining the authorization of a data principal DS and synchronously generates a task number task;
Invoking an asymmetric collaborative public and private key generation algorithm SSa gen to generate a private key by taking the task number task and random data as a private key factor A The public key negotiates an intermediate value C_P, and sends the task number task, the ID of the DS and the public key negotiates intermediate values C_P to NS;
S3.2, the electronic notarization support system NS receives a request of a data demander DD, and obtains a corresponding account Uds from a database query id; the NS generates an authorization file f 0 to be signed according to the request content of the DD, and sends the authorization file f 0 and the task number task to an account Uds of the data principal DS;
S3.3, the data principal DS checks the file f 0 to be authorized through the account Uds;
If the authorization is agreed, an electronic signature is carried out on the file f 0, a formal authorization file f is generated, and the file f and the task number task are sent to an electronic notarization support system NS;
otherwise, terminating the authorization;
S3.4, the electronic notarization support system NS generates a data list l ds for inquiring the authorization data requester service DD of the file f according to the content of the authorization file f, and calls a private key Signature operation/>, using signature algorithm S, on manifest l ds Obtain signature valueThe list data and the random data are used as a private key factor B, and an asymmetric cooperative public and private key generation algorithm SSB gen is called to perform cooperative generation of a public and private key pair by combining a negotiation intermediate value C_P sent by the DD to obtain a cooperative public keyPrivate keyAnd the cooperative public key/>, generated by the taskIdentity information id, manifest l ds and signature valueTask number task to data provider server DP;
S3.5 data provider Server DP calls public Key of electronic notarization support System NS Checklist l ds and signature value/>, using a signature verification algorithm VCarry out the label checking operation
If the verification sign does not pass, terminating the data element query request;
if the verification passes, the content of the list l ds is analyzed, the data information corresponding to the id is searched from the database, a data set file d lds is generated, and the private key is called Signature operation/>, using signature algorithm S, on d lds Obtain signature value
Public key of data provider service end DP calling NSAnd collaborative public keyData set file d lds and its signature value/>, using asymmetric encryption algorithm a enc Performing encryption operations Obtain ciphertextAnd send ciphertextTask number task to data demander server DD;
s4, data acquisition:
S4.1 the data consumer service DD uses the intermediate analysis algorithm A res to process the ciphertext Resolving to obtain a first intermediate valueAnd will first intermediate valueAnd the identity information id of the DD is sent to an electronic notarization support system NS;
S4.2, the electronic notarization support system NS corresponds to the data information and the private key corresponding to the identity information id of the data demander DD Invoking an asymmetric collaborative decryption algorithm SSA dec on ciphertextPerforming operation to obtain a second intermediate valueSecond intermediate valueSending to a data demander DD;
S4.3 the data demander service DD is based on the second intermediate value And private key/>, corresponding to itselfInvoking an asymmetric collaborative decryption algorithm SSB dec on ciphertextPerforming decryption operation;
If the decryption is successful, the data set file d lds and the signature value thereof are obtained Invoking signature verification algorithm V through signature valueVerifying whether the data set file is tampered;
otherwise, the decryption fails and the authorization is terminated.
Example 2:
The embodiment provides a data element circulation management system based on electronic notarization, which executes a data element circulation management method based on the electronic notarization.
Example 3:
the embodiment provides a data element circulation management method of a data provider server, which comprises an initialization configuration step and a data application receiving step:
Executing an initialization configuration step:
the data provider service DP uses standard public key cryptographic algorithm to generate public and private key pair, wherein the public key is that Private key isThe data provider service end DP deploys a hash algorithm H, an asymmetric encryption algorithm A enc, a signature algorithm S and a signature verification algorithm V;
executing a received data application step:
the DP of the data provider receives the cooperative public key of the authorization task sent by the NS Identity information id, manifest l ds and signature valueTask number task;
public key for invoking electronic notarization support system NS Checklist l ds and signature value/>, using a signature verification algorithm VCarry out the label checking operation
If the verification sign does not pass, terminating the data element query request;
if the verification passes, the content of the list l ds is analyzed, the data information corresponding to the id is searched from the database, a data set file d lds is generated, and the private key is called Signature operation/>, using signature algorithm S, on d lds Obtain signature value
Public key of data provider service end DP calling NSAnd collaborative public keyData set file d lds and its signature value/>, using asymmetric encryption algorithm a enc Performing encryption operations Obtain ciphertextAnd send ciphertextTask number task to data demander service end DD.
Example 3:
The embodiment provides a data provider server side for executing a data element circulation management method, which comprises an initialization configuration module for executing an initialization configuration step; and the received data application module is used for executing the received data application step.
Example 4:
the embodiment provides a data element circulation management method of an electronic notarization support system, which comprises an initialization configuration step, a data application receiving step and a data acquisition executing step:
Executing an initialization configuration step:
The electronic notarization support system NS generates a public-private key pair by using a standard public key cryptographic algorithm, wherein the public key is Private key isThe electronic notarization support system NS deploys a hash algorithm H, deploys a signature algorithm S, deploys a signature verification algorithm V, an asymmetric collaborative public and private key generation algorithm SSB gen and an asymmetric collaborative decryption algorithm SSA dec;
Executing a data application step:
The electronic notarization support system NS receives the request of the data demander DD and obtains the corresponding account Uds from the database query id; the NS generates an authorization file f 0 to be signed according to the request content of the DD, and sends the authorization file f 0 and the task number task to an account Uds of the data principal DS;
the electronic notarization support system NS receives the grant authorization or termination authorization information sent by the data principal DS, and if the grant authorization is granted, a formal authorization file f and a task number task are received;
The electronic notarization support system NS generates a data list l ds for inquiring the DD of the authorized data demander server of the file f according to the content of the authorized data f, and calls the private key Signature operation/>, using signature algorithm S, on manifest l ds Obtain signature valueThe list data and the random data are used as a private key factor B, and an asymmetric cooperative public and private key generation algorithm SSB gen is called to perform cooperative generation of a public and private key pair by combining a negotiation intermediate value C_P sent by the DD to obtain a cooperative public keyPrivate keyAnd the cooperative public key/>, generated by the taskIdentity information id, manifest l ds and signature valueTask number task to data provider server DP;
executing a data acquisition step:
The electronic notarization support system NS receives a first intermediate value sent by the data demander service end DD And the identity information id of the DD, corresponding to the data information according to the identity information id of the DD of the data demander and the private key/>, corresponding to the data informationInvoking an asymmetric collaborative decryption algorithm SSA dec on ciphertextPerforming operation to obtain a second intermediate valueSecond intermediate valueTo the data consumer DD.
Example 5:
The embodiment provides an electronic notarization support system, which is used for executing a data element circulation management method, and comprises an initialization configuration module, a data element circulation management module and a data element circulation management module, wherein the initialization configuration module is used for executing an initialization configuration step; the received data application module is used for executing the received data application step; and the data acquisition module is used for executing the data acquisition step.
Example 6:
the embodiment provides a data element circulation management method of a data demander server, which comprises an initialization configuration step, a data application receiving step and a data acquisition executing step:
Executing an initialization configuration step:
the data consumer service end DD deploys a hash algorithm H, a decryption algorithm A dec, an intermediate analysis algorithm A res, a signature algorithm S, a signature verification algorithm V, an asymmetric collaborative public and private key generation algorithm SSA gen and an asymmetric collaborative decryption algorithm SSB dec;
Executing a data application step:
the data demander DD initiates a task to the electronic notarization support system NS, applies for obtaining the authorization of the data principal DS and synchronously generates a task number task;
Invoking an asymmetric collaborative public and private key generation algorithm SSA gen to generate a private key by taking a task number task and random data as a private key factor A The public key negotiates an intermediate value C_P, and sends the task number task, the ID of the DS and the public key negotiates intermediate values C_P to NS;
executing a data acquisition step:
The data consumer service end DD receives the ciphertext sent by the data provider service end DP Task number task, use intermediate parsing algorithm A res for ciphertextResolving to obtain a first intermediate valueAnd will first intermediate valueAnd the identity information id of the DD is sent to an electronic notarization support system NS;
the data demander service end DD receives a second intermediate value sent by the electronic notarization support system NS According to the second intermediate valueAnd private key/>, corresponding to itselfInvoking an asymmetric collaborative decryption algorithm SSB dec on ciphertextPerforming decryption operation;
If the decryption is successful, the data set file d lds and the signature value thereof are obtained Invoking signature verification algorithm V through signature valueVerifying whether the data set file is tampered;
otherwise, the decryption fails and the authorization is terminated.
Example 7:
The embodiment provides a data demander server side, which is used for executing a data element circulation management method, and comprises an initialization configuration module, a data element circulation management module and a data element circulation management module, wherein the initialization configuration module is used for executing an initialization configuration step; the received data application module is used for executing the received data application step; and the data acquisition module is used for executing the data acquisition step.
Example 8:
The embodiment provides a data element circulation management method of a data principal client, which comprises a data input step and a data application receiving step:
Executing a data entry step:
The data principal DS uses the client to access the electronic notarization support system NS, submits the identity information id of the data principal DS, and performs authentication registration to obtain an account Uds; the electronic notarization support system NS establishes association between the id and DS and the account Uds and records the association into a database;
executing a received data application step:
The data principal DS receives the authorization file f 0 and the task number task sent by the electronic notarization support system NS, and checks the file f 0 to be authorized through the account Uds;
If the authorization is agreed, an electronic signature is carried out on the file f 0, a formal authorization file f is generated, and the file f and the task number task are sent to an electronic notarization support system NS;
Otherwise, the authorization is terminated.
Example 9:
the embodiment provides a data principal client side for executing a data element circulation management method, which comprises a data input module for executing a data input step; and the received data application module is used for executing the received data application step.
The invention records and transmits the data behavior instructions of each party by constructing a trusted central system, and controls the circulation and use of the data within a verifiable authorization range by using a multiparty cooperative password encryption and decryption algorithm, thereby providing protection for the secret information of the entity party.
The foregoing description of embodiments of the invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described.
Claims (10)
1. The method is characterized in that the data provider service end DP, the data consumer service end DD and the electronic notarization support system NS are communicated, and the data principal DS accesses the electronic notarization support system NS through a client tool, and the method comprises the following steps:
S1, initializing a system:
the data provider service DP uses standard public key cryptographic algorithm to generate public and private key pair, wherein the public key is that The private key isThe data provider service end DP deploys a hash algorithm H, an asymmetric encryption algorithm A enc, a signature algorithm S and a signature verification algorithm V;
The electronic notarization support system NS generates a public-private key pair by using a standard public key cryptographic algorithm, wherein the public key is The private key isThe electronic notarization support system NS deploys a hash algorithm H, deploys a signature algorithm S, deploys a signature verification algorithm V, an asymmetric collaborative public and private key generation algorithm SSB gen and an asymmetric collaborative decryption algorithm SSA dec;
the data consumer service end DD deploys a hash algorithm H, a decryption algorithm A dec, an intermediate analysis algorithm A res, a signature algorithm S, a signature verification algorithm V, an asymmetric collaborative public and private key generation algorithm SSA gen and an asymmetric collaborative decryption algorithm SSB dec;
s2, data input step:
The data principal DS uses the client to access the electronic notarization support system NS, submits the identity information id of the data principal DS, and performs authentication registration to obtain an account Uds; the electronic notarization support system NS establishes association between the id and DS and the account Uds and records the association into a database;
S3, data application step:
S3.1, a data demander DD initiates a task to an electronic notarization support system NS, applies for obtaining the authorization of a data principal DS and synchronously generates a task number task;
Invoking an asymmetric collaborative public and private key generation algorithm SSA gen to generate a private key by taking a task number task and random data as a private key factor A The public key negotiates an intermediate value C_P, and sends the task number task, the ID of the DS and the public key negotiates intermediate values C_P to NS;
S3.2, the electronic notarization support system NS receives a request of a data demander DD, and obtains a corresponding account Uds from a database query id; the NS generates an authorization file f 0 to be signed according to the request content of the DD, and sends the authorization file f 0 and the task number task to an account Uds of the data principal DS;
S3.3, the data principal DS checks the file f 0 to be authorized through the account Uds;
If the authorization is agreed, an electronic signature is carried out on the file f 0, a formal authorization file f is generated, and the file f and the task number task are sent to an electronic notarization support system NS;
otherwise, terminating the authorization;
S3.4, the electronic notarization support system NS generates a data list l ds for inquiring the authorization data requester service DD of the file f according to the content of the authorization file f, and calls a private key Signature operation/>, using signature algorithm S, on manifest l ds Obtain signature valueThe list data and the random data are used as a private key factor B, and an asymmetric cooperative public and private key generation algorithm SSB gen is called to perform cooperative generation of a public and private key pair by combining a negotiation intermediate value C_P sent by the DD to obtain a cooperative public keyPrivate keyAnd the cooperative public key/>, generated by the taskIdentity information id, manifest l ds and signature valueTask number task to data provider server DP;
S3.5 data provider Server DP calls public Key of electronic notarization support System NS Checklist l ds and signature value/>, using a signature verification algorithm VCarry out the label checking operation
If the verification sign does not pass, terminating the data element query request;
if the verification passes, the content of the list l ds is analyzed, the data information corresponding to the id is searched from the database, a data set file d lds is generated, and the private key is called Signature operation/>, using signature algorithm S, on d lds Obtain signature value
Public key of data provider service end DP calling NSAnd collaborative public keyData set file d lds and its signature value/>, using asymmetric encryption algorithm a enc Performing encryption operations Obtain ciphertextAnd send ciphertextTask number task to data demander server DD;
s4, data acquisition:
S4.1 the data consumer service DD uses the intermediate analysis algorithm A res to process the ciphertext Analyzing to obtain a first intermediate valueAnd will first intermediate valueAnd the identity information id of the DD is sent to an electronic notarization support system NS;
S4.2, the electronic notarization support system NS corresponds to the data information and the private key corresponding to the identity information id of the data demander DD Invoking an asymmetric collaborative decryption algorithm SSA dec on ciphertextPerforming operation to obtain a second intermediate valueSecond intermediate valueSending to a data demander DD;
S4.3 the data demander service DD is based on the second intermediate value And private key/>, corresponding to itselfInvoking an asymmetric collaborative decryption algorithm SSB dec on ciphertextPerforming decryption operation;
If the decryption is successful, the data set file d lds and the signature value thereof are obtained Invoking a signature verification algorithm V through a signature valueVerifying whether the data set file is tampered;
otherwise, the decryption fails and the authorization is terminated.
2. A data element circulation management method of a data provider server is characterized by comprising an initialization configuration step and a data application receiving step:
Executing an initialization configuration step:
the data provider service DP uses standard public key cryptographic algorithm to generate public and private key pair, wherein the public key is that The private key isThe data provider service end DP deploys a hash algorithm H, an asymmetric encryption algorithm A enc, a signature algorithm S and a signature verification algorithm V;
executing a received data application step:
the DP of the data provider receives the cooperative public key of the authorization task sent by the NS Identity information id, manifest l ds and signature valueTask number task;
public key for invoking electronic notarization support system NS Checklist l ds and signature value/>, using a signature verification algorithm VCarry out the label checking operation
If the verification sign does not pass, terminating the data element query request;
if the verification passes, the content of the list l ds is analyzed, the data information corresponding to the id is searched from the database, a data set file d lds is generated, and the private key is called Signature operation/>, using signature algorithm S, on d lds Obtain signature value
Public key of data provider service end DP calling NSAnd collaborative public keyData set file d lds and its signature value/>, using asymmetric encryption algorithm a enc Performing encryption operations Obtain ciphertextAnd send ciphertextTask number task to data demander service end DD.
3. A data provider server for executing the data element flow management method according to claim 2, comprising an initialization configuration module for executing an initialization configuration step; and the received data application module is used for executing the received data application step.
4. The data element circulation management method of the electronic notarization support system is characterized by comprising an initialization configuration step, a data application receiving step and a data acquisition executing step:
Executing an initialization configuration step:
The electronic notarization support system NS generates a public-private key pair by using a standard public key cryptographic algorithm, wherein the public key is The private key isThe electronic notarization support system NS deploys a hash algorithm H, deploys a signature algorithm S, deploys a signature verification algorithm V, an asymmetric collaborative public and private key generation algorithm SSB gen and an asymmetric collaborative decryption algorithm SSA dec;
Executing a data application step:
The electronic notarization support system NS receives the request of the data demander DD and obtains the corresponding account Uds from the database query id; the NS generates an authorization file f 0 to be signed according to the request content of the DD, and sends the authorization file f 0 and the task number task to an account Uds of the data principal DS;
the electronic notarization support system NS receives the grant authorization or termination authorization information sent by the data principal DS, and if the grant authorization is granted, a formal authorization file f and a task number task are received;
The electronic notarization support system NS generates a data list l ds for inquiring the DD of the authorized data demander server of the file f according to the content of the authorized data f, and calls the private key Signature operation/>, using signature algorithm S, on manifest l ds Obtain signature valueThe list data and the random data are used as a private key factor B, and an asymmetric cooperative public and private key generation algorithm SSB gen is called to perform cooperative generation of a public and private key pair by combining a negotiation intermediate value C_P sent by the DD to obtain a cooperative public keyPrivate keyAnd the cooperative public key/>, generated by the taskIdentity information id, manifest l ds and signature valueTask number task to data provider server DP;
executing a data acquisition step:
The electronic notarization support system NS receives a first intermediate value sent by the data demander service end DD And the identity information id of the DD, corresponding to the data information according to the identity information id of the DD of the data demander and the private key/>, corresponding to the data informationInvoking an asymmetric collaborative decryption algorithm SSA dec on ciphertextPerforming operation to obtain a second intermediate valueSecond intermediate valueTo the data consumer DD.
5. An electronic notarization support system for executing the data element circulation management method according to claim 4, comprising an initialization configuration module for executing the initialization configuration step; the received data application module is used for executing the received data application step; and the data acquisition module is used for executing the data acquisition step.
6. The data element circulation management method of the data demander server side is characterized by comprising an initialization configuration step, a data application receiving step and a data acquisition executing step:
Executing an initialization configuration step:
the data consumer service end DD deploys a hash algorithm H, a decryption algorithm A dec, an intermediate analysis algorithm A res, a signature algorithm S, a signature verification algorithm V, an asymmetric collaborative public and private key generation algorithm SSA gen and an asymmetric collaborative decryption algorithm SSB dec;
Executing a data application step:
the data demander DD initiates a task to the electronic notarization support system NS, applies for obtaining the authorization of the data principal DS and synchronously generates a task number task;
Invoking an asymmetric collaborative public and private key generation algorithm SSA gen to generate a private key by taking a task number task and random data as a private key factor A The public key negotiates an intermediate value C_P, and sends the task number task, the ID of the DS and the public key negotiates intermediate values C_P to NS;
executing a data acquisition step:
The data consumer service end DD receives the ciphertext sent by the data provider service end DP Task number task, use intermediate parsing algorithm A res for ciphertextResolving to obtain a first intermediate valueAnd will first intermediate valueAnd the identity information id of the DD is sent to an electronic notarization support system NS;
the data demander service end DD receives a second intermediate value sent by the electronic notarization support system NS According to the second intermediate valueAnd private key/>, corresponding to itselfInvoking an asymmetric collaborative decryption algorithm SSB dec on ciphertextPerforming decryption operation;
If the decryption is successful, the data set file d lds and the signature value thereof are obtained Invoking a signature verification algorithm V through a signature valueVerifying whether the data set file is tampered;
otherwise, the decryption fails and the authorization is terminated.
7. A data demander server for executing the data element flow management method according to claim 6, comprising an initialization configuration module for executing an initialization configuration step; the received data application module is used for executing the received data application step; and the data acquisition module is used for executing the data acquisition step.
8. A data element flow management method for a data principal client, the method comprising a data entry step and a data application receiving step:
Executing a data entry step:
The data principal DS uses the client to access the electronic notarization support system NS, submits the identity information id of the data principal DS, and performs authentication registration to obtain an account Uds; the electronic notarization support system NS establishes association between the id and DS and the account Uds and records the association into a database;
executing a received data application step:
The data principal DS receives the authorization file f 0 and the task number task sent by the electronic notarization support system NS, and checks the file f 0 to be authorized through the account Uds;
If the authorization is agreed, an electronic signature is carried out on the file f 0, a formal authorization file f is generated, and the file f and the task number task are sent to an electronic notarization support system NS;
Otherwise, the authorization is terminated.
9. A data principal client for performing the data element flow management method of claim 8, comprising a data entry module for performing the data entry step; and the received data application module is used for executing the received data application step.
10. An electronic notarization-based data element circulation management system for executing the electronic notarization-based data element circulation management method as claimed in claim 1, characterized in that the system comprises a data provider server, a data demander server, an electronic notarization support system and a data principal client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410333936.XA CN118036077A (en) | 2024-03-22 | 2024-03-22 | A data element circulation management method, system and server based on electronic notarization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410333936.XA CN118036077A (en) | 2024-03-22 | 2024-03-22 | A data element circulation management method, system and server based on electronic notarization |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118036077A true CN118036077A (en) | 2024-05-14 |
Family
ID=90987743
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410333936.XA Pending CN118036077A (en) | 2024-03-22 | 2024-03-22 | A data element circulation management method, system and server based on electronic notarization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118036077A (en) |
-
2024
- 2024-03-22 CN CN202410333936.XA patent/CN118036077A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10848492B2 (en) | Certificate system for verifying authorized and unauthorized secure sessions | |
| JP7602539B2 (en) | Quantum Safe Networking | |
| US10361852B2 (en) | Secure verification system | |
| JP5695120B2 (en) | Single sign-on between systems | |
| US8549308B2 (en) | Data certification method and system | |
| US7788700B1 (en) | Enterprise security system | |
| US10432595B2 (en) | Secure session creation system utililizing multiple keys | |
| US20010020228A1 (en) | Umethod, system and program for managing relationships among entities to exchange encryption keys for use in providing access and authorization to resources | |
| US20040199768A1 (en) | System and method for enabling enterprise application security | |
| US10374808B2 (en) | Verification system for creating a secure link | |
| CN112765626B (en) | Method, device, system and storage medium for authorized signature based on managed key | |
| EP1323258A1 (en) | System for protecting objects distributed over a network | |
| US20030135734A1 (en) | Secure mutual authentication system | |
| JP5992535B2 (en) | Apparatus and method for performing wireless ID provisioning | |
| US20230362018A1 (en) | System and Method for Secure Internet Communications | |
| CN115396096B (en) | Encryption and decryption method and protection system for secret files based on national secret algorithm | |
| CN119538319A (en) | Anti-tampering database method and system based on trusted computing environment | |
| CN117938375A (en) | User authentication method and system for third-party platform integrated open platform | |
| CN118036077A (en) | A data element circulation management method, system and server based on electronic notarization | |
| TW202347147A (en) | Anti-cloning architecture for device identity provisioning | |
| US20180332028A1 (en) | Method For Detecting Unauthorized Copies Of Digital Security Tokens | |
| CN114996770B (en) | Identity recognition method based on sink management system | |
| CN112702420B (en) | Processing method and system for online and offline data interaction | |
| CN118827206A (en) | A blockchain-based identity authentication method and device | |
| HK40041001A (en) | Service data processing method and apparatus applied to blockchain system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |