CN102624698A

CN102624698A - Evidence management and service system for electronic records

Info

Publication number: CN102624698A
Application number: CN201210016396XA
Authority: CN
Inventors: 龙毅宏; 唐志红; 刘旭; 杨浩; 肖凡; 白波
Original assignee: BEIJING ITRUSCHINA Co Ltd; Wuhan University of Technology WUT
Current assignee: BEIJING ITRUSCHINA Co Ltd; Wuhan University of Technology WUT
Priority date: 2012-01-17
Filing date: 2012-01-17
Publication date: 2012-08-01
Anticipated expiration: 2032-01-17
Also published as: CN102624698B

Abstract

The invention relates to an evidence management and service system for electronic records, which comprises a front system, a central system and an integrated API (application programming interface). Parts of data of an electronic record generated through digital signatures in the application process are stored in the front system, and parts of the data are stored in the central system, namely the record data stored in two record databases are incomplete but digital signature data of the electronic record are usually stored in the central system. The complete record can be restored through a combination corresponding to the record data stored in the two systems. When disputes occur, evidences can be obtained by means of inquiring through the central system or the front system to acquire corresponding portions of the needed record data, combining the record data to restore the complete record, verifying whether the record is tampered or not through the digital signature in the record, and providing the needed evidence information. Owners or operators of an application system generating the electronic records can be effectively prevented from deleting and destroying record evidences on the premise of protecting privacy information of relevant parties.

Description

A kind of evidence management and service system towards electronical record

Technical field

The message that the invention belongs to information security is differentiated (message authentication) and resisting denying (non-repudiation) technical field, particularly a kind of evidence management and service system towards electronical record.

Background technology

Along with the development of network and information technology, existing at present variously provides the application system of special services through the Internet, and like systems such as shopping online, transaction, bid, payments, they are responsible for operation by specific service provider or operator.These network application systems can produce a large amount of electronical record data in the process of service is provided, like order, contract, bidding documents, evidence for payment etc.One of important use of these electronical records is as legal argument when dispute occurring.But; Because electronical record itself, it is to be solved that it also has many problems to have as effective legal argument, such as; Because electronical record is easy to forge and distort; Therefore, how to confirm its primary, authenticity (whether being necessary being promptly) and integrality (whether being forged), how to confirm, confirm its source person of sending out (being who produces, submits to), participant's (whom having participated in the production process of record); And make the source person of sending out, the participant of record can't deny this record by its generation, have it to participate in, all be the major issue that needs solution.Primary, the authenticity and integrity of confirming electronical record belong to the problem that message is differentiated, confirm, confirm that its source person of sending out, participant make it can't deny its behavior and belong to the resisting denying problem.At present, for electronic data, the effective means that solves these two problems is digital signature (digital signature).

Digital signature is a kind of safe practice that is based upon on the public key encryption technical foundation, and it can differentiate and guarantee primary, the authenticity and integrity of electronic data, and the evidence of resisting denying is provided.And the public key encryption technology is a kind of cryptographic technique that is based upon on the public key encryption algorithm basis.Public key encryption algorithm is called the asymmetric-key encryption algorithm again, and it uses pair of secret keys to carry out information encryption, deciphering, and one of them is underground, is called private key, is preserved by the right owner of key (or entity) safety, can be used for digital signature (or decrypts information); Another open issue is called PKI, and anyone can obtain through certain approach, can be used for the checking (or information encryption) of digital signature.

Digital signature has following characteristic: 1) have only the owner of private key to sign to data, and anyone can be with the validity of public key verifications signature; 2) to any modification of former data, all make signature verification fail, thereby can differentiate and guarantee the integrality of data, the authenticity of specified data, and find to being distorted by any of signed data; 3) signature value can't be forged, and promptly other people can't forge private key owner's digital signature and can be passed through by public key verifications, in other words; If certain digital signature is passed through by public key verifications, be effectively, so; Just can confirm that this signature must be implemented by the private key owner; Data necessarily come from, result from the private key owner, thus the primary and the source person of sending out (or participant) of ability specified data, the purpose of realization resisting denying.At present the most frequently used asymmetric-key encryption algorithm have the oval algorithm of RSA, DSA and ECC (elliptic curve cryptography, ECC).

Digital signature technology based on public key encryption algorithm really will obtain to use, and also must solve the safe RELEASE PROBLEM of PKI.In order to realize safe, the reliable issue of PKI, prevent personation, people have proposed public-key cryptography basis safe practice system, i.e. Public Key Infrastructure (PKI).In PKI, (Certification Authority, entity CA) is signed and issued digital certificate (abbreviation certificate) through a certificate verification system (being called the CA system) for the right owner of public-key cryptography to be called certificate verification mechanism by one.Digital certificate is one group of electronic information; PKI, PKI owner title (main body name Subject Name), certificate issuance person title (Issuer Name are arranged above it; Be certificate verification mechanism), information such as certificate serial number, certificate key purposes; And by the private key digital signature of certificate verification mechanism; The validity of this signature can be through the public key verifications (PKI of certificate verification mechanism is also issued through a kind of public key certificate specific, that be called CA certificate, and can obtain through certain secure way) of certificate certification authority.Can realize PKI (or public-key cryptography to) and the effectively bind of key through digital certificate to owner's (private key).

After digital certificate has been arranged; Just can realize the digital signature and the signature verification of electronic data safely: it is right that anyone can produce a public-key cryptography through certain secure way; Apply for, sign and issue a digital certificate that includes PKI and PKI owner information to ca authentication mechanism then, with the corresponding private key of certificate data are signed then; Any other people can obtain the certificate of signer safely through open approach, then with the validity of the public key verifications digital signature on the certificate.

At present, comprise that many countries of China have all issued law of electronic signature, thereby confirmed the legal force and the status of digital signature legally.Therefore, through the digital signature of electronical record, can solve electronical record as evidence at primary, authenticity and integrity, and the problem that faces of aspect such as resisting denying ability, thus make electronical record can become real effectively legal argument.

Electronical record has multiple different form according to its data format and data storage method thereof; The digital signature mode of multi-form electronical record can be different, and the common form of electronical record has so several kinds generally speaking: file type record, list type record, list+file mixed type record.

The file type record; The record that promptly exists with the e-file form; Like the record that exists with forms such as Word file, Excel file, pdf documents; The characteristics of the record of this form are: not only content recorded has form (according to the content format of the definition of content needs, tissue), and file data itself often has special file format or data structure (belonging to formatted file like Word, PDF); Digital signature for the file type record; Its signed data (result promptly signs) normally is embedded among the file data structure itself; As combine electronic stamp to be embedded in the Word document (to be called Electronic Signature), concrete embedding grammar can be (by corresponding digital signature application developers) self-defining (like the Word Electronic Signature) or adopt standard method (like the digital signature of PDF document).

List (Form) type record; (field) forms by a plurality of record fields; Each field description an attribute (attribute) of corresponding objects or things, as the record of describing a people includes name (name), sex (sex), age fields such as (age) usually and is used to describe a people's association attributes (characteristic).List (Form) type record is generally held in (relational database) in the relational database, and at this moment each field of list type record is corresponding with certain field or the row (field or column) of database table (table), and preserves data by it; A list type record possibly be kept in many database tables, and (database record) is corresponding with one or more data-base recording; Since this record data usually with information system in inputoutput data in the human-computer interaction interface, that be called list (Form) corresponding, so be called list type record; The all or part of data (being all or part of field) of his-and-hers watches monotype record can be carried out digital signature; When his-and-hers watches monotype record is signed; Usually record data content that will digital signature (record field of promptly being signed) is represented with the form of name1=value1&name2=value2... " name-value pair "; Name1 wherein, a field name of name2... corresponding record (or Field ID); The value of depositing in value1, the value2... corresponding field is carried out digital signature (promptly calculate hashed value, then hashed value is used encrypted private key) to these name-value pair data then; In list type record; Signed data (result promptly signs) itself is kept at (this field of depositing signed data is called digital signature field, is called for short signature field) in the record as a field of record again usually; And one record can have a plurality of digital signature field; And digital signature can be nested, and promptly a pairing digital signature content of digital signature field (being name-value pair) can comprise other digital signature field (data).

List+file mixed type record; For this form electronic record; There is (list type record data part) in its partial data with list type record form; And be generally held in the relational database; Another part data exist (like Word document with the form of one or more files; Be called file type record data part), and the record data of the record data of list type recording section and file type part be associated with dual mode: the one, with the whole data of a file content (this field is called the file data field) itself as certain field of list type recording section, the 2nd, only will obtain the content (this field be called file url field) of the URL (Uniform Resource Locator) of file as certain field of list type recording section; And the data of file itself are to deposit (leaving in Anywhere, in local computer file directory, database or network) in addition separately; There are two kinds of possibilities in digital signature to list+file mixed type record; The one, the data content of a certain file of file part has independent digital signature; And digital signature is preserved (embedding) and in file data, (is promptly carried out digital signature by the signature mode of foregoing file type record); The 2nd, with the data of a certain file content as a respective field of list type recording section, the signature mode by list type record is included in file data in the digital signature then.

Though,, can make it become effectively, have the anti-legal argument that relies ability through digital signature to electronical record; But in practical application, still there is certain problem, such as; Generally; The electronical record of carrying out e-commerce initiative through network information system between businessman and the client is to be kept in the system that belongs to businessman, in case dispute occurs, businessman can destroy unfavorable to oneself evidence easily.A kind of approach that addresses this problem is by believable, third party's keeping records data independently; But this is faced with another problem again, and recording of commercial activity possibly relate to sensitive information between businessman and the client, as relates to business secret, and therefore, businessman is unwilling normally relevant record data are transferred to that the third party preserves.Therefore; In the Applied Digital signature technology, how to accomplish to protect the sensitive information of businessman, can prevent businessman's (or E-business service provider, operator) malice deletion record again; Be a problem demanding prompt solution, this also is the problem that the present invention will solve.

Summary of the invention

The purpose of this invention is to provide a kind of primary, integrality that guarantees electronical record through digital signature; Provide that the non repudiation of relevant participant and correlated activation content proves in the record production process; And separate memory technology under the prerequisite of protection interested party's sensitivity or private information through record, prevent to produce service provider or relevant taking of evidence is destroyed by operator when dispute occurring the evidence management and the service system of the application system of electronical record towards electronical record.

The electronical record that the present invention is directed to is the list type record that is kept in the relational database, and file data is carried out digital signature and signed data as the field contents of list type recording section is kept at the list+file mixed type record in the field of list type recording section.

To achieve these goals, the technical scheme that the present invention adopted is:

A kind of evidence management and service system towards electronical record comprise front-end system, centring system, integrated API (Application Programming Interface, API) three parts, are characterized in:

It (is consolidated network or data center that said front-end system is arranged on same place with the application system that produces electronical record; Also be that " preposition " is local in application system), said front-end system comprises preposition database of record, the storage of front-end system record and evidence obtaining management server, front-end system recording configuration information three parts:

Preposition database of record: be used for preserving application system produces need promptly preserve and need the local record field of preserving of application system in the complete electronical record through the electronical record data of digital signature in the local record data part of preserving of application system;

Storage of front-end system record and evidence obtaining management server: be responsible for the storage and the evidence obtaining management of record data in the application system location; And front-end system recording configuration information management; The local storage area that comprises the record data that application system is produced is kept in the preposition database of record of local terminal, and the record data that need in centring system, preserve partly are sent to the centring system of far-end and are saved in the central record database by it; When writing down evidence obtaining in application system this locality with checking; Based on querying condition; From the preposition database of record of local terminal, inquire about, obtain the local part of preserving of application system of required record data, and connect the centring system of far-end, the third party who obtains record data preserves part; Be combined to form complete record then, and pass through the validity of the digital signature authentication record of record; When writing down the evidence obtaining operation in centring system; Reception is from the record queries request of the centring system of far-end; Inquiry in the preposition database of record of local terminal, obtain the record data part of preserving in the required preposition database of record of local terminal of the centring system of far-end, the result who obtains is turned back to the centring system of far-end;

Front-end system recording configuration information: be provided with front-end system and write down the required information of storage, evidence obtaining and verification operation about the record class; Comprise: in the central record database of the centring system that the unique identification and the name of each record type, the value type that the record of each record type includes which field, each field are what, which or which field are which field of the record field tabulation that covers of digital signature field, signature field, record is kept in the preposition database of record of local terminal and these fields are kept in which or which database table, the association between the Relational database table, annexation, which field are kept at far-end, address of service, port, access method and the agreement etc. of the centring system record storage of distal center system and evidence obtaining management server; Especially; An important content in the front-end system recording configuration information is to indicate; The record data of preserving in the preposition database of record of local terminal be how with the central record database of far-end in the corresponding record data unique corresponding (promptly how in the central record database of far-end, to search, to obtain unique corresponding record data, thereby constitute the complete documentation data) of preserving through two-part record data through the record data of local terminal.Said recording configuration information is histioid around record; Be that each record class all has special foregoing descriptor, and said record class is meant in the set that produce, that have identical content attribute all record instances of (promptly comprising the identical recordings field) (concrete record) of a certain particular application services process.Front-end system recording configuration information is provided with through the man-machine interface of front-end system record storage with the evidence obtaining management server by the system manager.

Centring system is positioned at the data center of trusted third party, is used for the concentrated data division of preserving the need third party preservation of the record data that produce from different places, different application systems, and writes down evidence obtaining and checking.Centring system comprises central record database, the storage of centring system record and evidence obtaining management server, centring system recording configuration information three parts:

The central record database: the data division that need preserve the third party in the electronical record data that the not comprovincial application system of concentrated preservation produces, promptly preserve the record field that needs the third party to preserve in the complete electronical record.

Storage of centring system record and evidence obtaining management server: be responsible for the storage and the evidence obtaining management of record data in third party data center; And centring system recording configuration information management; Comprise that the record data that reception is submitted to from front-end system (front-end system record storage and evidence obtaining management server) preserve request (third party who only comprises the complete documentation data preserves part), and record data are kept in the central record database; When writing down evidence obtaining in centring system (being the third party) with checking; Based on querying condition; From the database of record of center, obtain the record data part that local terminal is preserved, and connect the storage of front-end system record and evidence obtaining management server of the front-end system of far-end, from the preposition database of record of far-end, obtain other parts (being the local part of preserving of application system) of corresponding record data; Be combined to form complete record, then the validity that writes down through the digital signature authentication of record; When collecting evidence operation at the front-end system of far-end; The record queries request of submitting to the evidence obtaining management server stored in the front-end system record that receives the front-end system of far-end; In the central record database, inquire about, obtain the record data part of preserving in the required local terminal central record database of the front-end system record storage of front-end system and the management server of collecting evidence, the front-end system that the result who obtains is turned back to the front-end system of far-end writes down the storage and the management server of collecting evidence.

Centring system recording configuration information: be provided with that centring system writes down storage, evidence obtaining is required about information recorded.Centring system recording configuration information is provided with through the man-machine interface of centring system record storage with the evidence obtaining management server by the system manager.Content that centring system recording configuration information comprises and set-up mode and front-end system recording configuration are similar; Its difference mainly is; 1) centring system recording configuration information is not to a place, the electronical record that application system produces, but is directed against the electronical record that not comprovincial different application systems produces; 2) far end system that relates in the configuration information and assembly; Be centring system, the storage of centring system record and evidence obtaining management server and central record database, become corresponding front-end system, the storage of front-end system record and evidence obtaining management server and preposition database of record respectively; 3) each writes down class and need specify all which corresponding far-end front-end system is, and corresponding front-end system writes down address of service, port, access method and the agreement of storing with the evidence obtaining management server.

Integrated API: be used for application system and transmit, submit record data to the evidence obtaining management server, carry out the operation relevant with the record data storage operation to the front-end system record storage of front-end system.

Said application system is meant in service process is provided the various information system that produces electronical record data (like order, contract, bidding documents, evidence for payment etc.) (like systems such as shopping online, transaction, bid, payments etc.).

Said front-end system can have a plurality of, lays respectively at the location of different application systems.

Said local terminal refers to current just in the front-end system or centring system one side of executive logging storage, evidence obtaining operation, and said far-end is meant the system's other end for local terminal.

Said front-end system, centring system will be handled more than one of the record class of (storage, inquiry, evidence obtaining and checking); Therefore; Between said application system and the front-end system, carry out record data between front-end system and the centring system each other when transmitting with exchange, need indicate the affiliated record class of record data of transmissions, exchange.

Following based on said evidence management with the electronical record storage means of service system towards electronical record:

A1. application system provides the participant (like the side of order, bidder, payer etc.) in the process of service to use the private key of its digital certificate that the electronical record (like order, contract, bidding documents, evidence for payment etc.) that produces in the service process is carried out digital signature, and the record data after will signing are then submitted to application system;

A2. application system directly is kept at local record data part for storage in preposition database of record with needs, and the record data that through integrated API needs are kept at centring system then partly are submitted to the front-end system record storage of local terminal and handle with the evidence obtaining management server; Perhaps, through integrated API the front-end system record storage that whole record data are submitted to local terminal is handled with the evidence obtaining management server;

A3. after the storage of front-end system record receives the record data storage request of application system submission with the evidence obtaining management server; Definite request is only the partial record data to be saved in the centring system of far-end or to handle whole record data; If this request is the centring system that only the partial record data is saved in far-end; Then change A4 over to, otherwise, change A5 over to;

A4. front-end system record storage and evidence obtaining management server need to be confirmed which record field in the record data of storage need be sent in the central record database of centring system of far-end to preserve through the front-end system recording configuration information of local terminal; And address of service, port, access method and the agreement of the storage of the centring system of definite distal center system record and evidence obtaining management server; Then; Through corresponding access method and agreement corresponding record data partly are sent to the centring system record storage of distal center system and the management server of collecting evidence, processing procedure changes the A6 execution over to afterwards;

A5. which the record field needs in the record data of front-end system record storage and the evidence obtaining management server needs storage confirming according to the front-end system recording configuration information of local terminal to receive are kept in the preposition database of record of local terminal; Which which be kept in or database table; And association, annexation between the table of relevant data storehouse; Then; Form corresponding database storage statement; The local terminal of said record data is preserved part for storage in preposition database of record, afterwards, check the front-end system recording configuration information of local terminal further; Which record field in the record data of confirming to receive that will store need be sent to the centring system of far-end and preserve; Confirm the centring system record storage of distal center system and address of service, port, access method and the agreement of evidence obtaining management server, then, the far-end of the record data that store that will receive through corresponding access method and agreement is preserved the storage of centring system record and the management server of collecting evidence that part is sent to the distal center system;

A6. after the record data submitted to of the front-end system record storage that receives front-end system of the record storage of the centring system of centring system and evidence obtaining management server and evidence obtaining management server are preserved request; Through checking centring system recording configuration information; Confirming need be with recorded and stored in which or which database table; And association, annexation between the table of relevant data storehouse, then, form corresponding database storage statement; Record data are kept in the central record database prompting that returns success afterwards or fail.

When dispute occurring and need put to the proof, the evidence obtaining keeper can login said evidence management towards electronical record and write down evidence obtaining and checking with service system.The record evidence obtaining both can be carried out in centring system with checking, also can carry out at front-end system.

The record evidence obtaining that centring system is carried out is following with verification method:

B1. the keeper that collects evidence logins the storage of centring system record and evidence obtaining management server of centring system; Input record queries condition; Inquire about the record in certain record class, only comprise the record field of preserving in the central record database that is recorded in of this record class in the querying condition;

B2. storage of centring system record and evidence obtaining management server are based on centring system recording configuration information; Confirm that the record that will inquire about is kept in which or which database table of central record database; And the association between the Relational database table, annexation; And then, form the corresponding database query statement based on querying condition, in the central record database, inquire about, search for and return qualified record data;

B3. return as if Query Result no record data; Then evidence obtaining finishes; If Query Result has record data, one or more record data (every record only comprises the local terminal preservation part of record data) are promptly arranged, the keeper that then collects evidence checks the wherein details of a record through clicking the mouse;

B4. centring system record storage and evidence obtaining management server check that current needs in the centring system recording configuration information check the associated description information of the pairing record of record type of details; Which field of confirming this record is kept in the preposition database of record of far-end; What corresponding far-end front-end system record storage is with address of service, port, access method and the agreement of evidence obtaining management server; Unique corresponded manner of the corresponding record data division of preserving in the Local Data part of confirming this record and the preposition database of record of far-end also forms the query search condition; Then; Connect the storage of front-end system record and evidence obtaining management server of far-end, requesting query, obtain the corresponding record data division that is kept in the preposition database of record;

B5. after the record storage of the front-end system of far-end and evidence obtaining management server receive record queries that the storage of centring system record and the evidence obtaining management server of the centring system of the other end submit to, obtain request; Confirm that through front-end system recording configuration information the record data that will inquire about are kept in which or which database table of preposition database of record; And association, annexation between the table of relevant data storehouse; And then the record queries search condition of submitting to based on the other end; Form record queries, the search statement of database, inquire about preposition database of record, then Query Result is turned back to storage of centring system record and evidence obtaining management server;

B6. the centring system record is stored and is collected evidence management server after the Query Result that returns with the management server of collecting evidence stored in acquisition far-end front-end system record; The record data of the correspondence that record data part that local terminal is obtained and far-end return partly make up, and form a complete record;

B7. the complete documentation data that further obtain according to the descriptor inspection of record under the complete documentation that in the centring system recording configuration information the 6th step is obtained type of centring system record storage and evidence obtaining management server vacancy record field data whether, whether the data content that belongs to the record field of preserving simultaneously at two ends in the record data is consistent;

B8. the storage of centring system record is further checked centring system recording configuration information with the evidence obtaining management server; Descriptor based on record class under the complete documentation that in the centring system recording configuration information the 6th step is obtained; Which or which field of confirming this record is a digital signature field; And what the record field tabulation that digital signature field covers is, verifies the validity of digital signature data of the signature field of this record then in view of the above;

B9. the storage of centring system record and the inspection of the management server of collecting evidence according to step B7 and step B8, the record details that the checking result reports the complete documentation that the 6th step obtains; What data content like all record fields is; Whether record field vacancy data are arranged; Record that step B2 obtains respectively with step B5, same is kept at the data content of the record field in central record database and the preposition database of record simultaneously, and whether consistent and inconsistent field is which or which; Which record field is a digital signature field; Whether the digital signature of record is effective, and whether record data are modified, and whether signing certificate is credible and the relevant information (like signer information) of signing certificate etc.

When the digital signature authentication that above step B9 writes down; For the said record field that is kept at simultaneously in central record database and the preposition database of record, what the corresponding field in the data content during signature verification adopted is the respective record field data that is kept in the central record database.

At above step B5; If the storage of front-end system record can't inquire corresponding record data based on the query requests that storage of centring system record and evidence obtaining management server are submitted to the evidence obtaining management server; Be that the storage of front-end system record is empty with the Query Result that the evidence obtaining management server returns; Can conclude that then perhaps will inquire about the record data that obtain, be kept in the preposition database of record and deleted, perhaps the corresponding record data of preserving in the central record database are forged.

If data content that above step B2 and step B5 obtain respectively, that be kept at a certain record field in central record database and the preposition database of record simultaneously exists inconsistent; Can conclude that then the respective record field of preserving in a certain end database of record is modified; Specifically be that the record field which end is preserved is modified; Can do to judge further that concrete judgment mode is following by the corresponding digital signature:

If said record field is included in a certain digital signature field, and the digital signature authentication of this signature field passes, and promptly signature effectively can conclude that then the said record field data that are kept in the preposition database of record are distorted; If said record field is included in a certain digital signature field, and the digital signature authentication of this signature field does not pass, and it is invalid promptly to sign; Then further; The data of using said record field to be kept in the preposition database of record are carried out corresponding digital signature authentication, if digital signature authentication passes, can conclude that then the said record field data that are kept in the central record database are modified; Otherwise, need to adopt other means further to judge.

Write down operation and the implementation of evidence obtaining and checking and what carry out in centring system is the process of a symmetry at front-end system; Promptly only need role and operation that the centring system in the said implementation, the storage of centring system record and evidence obtaining management server, central record database, centring system recording configuration information are born, role who is born with corresponding front-end system, the storage of front-end system record and evidence obtaining management server, preposition database of record, front-end system recording configuration information and operation are exchanged and are got final product.

Though the record evidence obtaining of carrying out at centring system and front-end system almost is duplicate with the implementation of verification operation; The function that realizes also is the same; But both record evidence obtaining scopes are differentiated: can collect evidence and verify being distributed in electronical record that not comprovincial different application systems produces through centring system (centring system record storage and evidence obtaining management server), and can only collect evidence and verify the record of local application system generation through front-end system (storage of front-end system record and evidence obtaining management server).

Front-end system, centring system are except the partial data of preserving its former record that need preserve itself; Can be based on the needs of record evidence obtaining; When preserving former record data, generate and preserve corresponding record adding description information; Receive or the holding time like record data; Record signer information (can from the signer digital certificate the record signed data from obtaining) etc., these addition record descriptors are kept in the record field extra increase, that be called the addition record field, make things convenient for the system of record data storage end to carry out record searching, evidence obtaining; These addition record fields can be kept in the same database table with former record data, also can be kept in the independent database of record table.After having increased record adding description information field; The record that is kept in preposition database of record and the central record database will comprise former record data field (only part) and addition record field, and they have constituted one " complete " record (partial data that still only comprises former record) in the Local Data storehouse.The system of said record data storage end makes a comment or criticism in the front-end system or the centring system of carrying out the record data storage.

After having increased the record adding description information, front-end system recording configuration information and centring system recording configuration need correspondingly be described certain record class has which addition record field, these addition record fields to be kept in which or which database table.

After having increased the record adding description information; The steps A 5 of foregoing electronical record storing process will become: " which data field in the record data of the needs storage that front-end system record storage and evidence obtaining management server are confirmed based on the front-end system recording configuration information of local terminal to receive need be kept in the preposition database of record of local terminal; need to confirm recording which addition record field and producing corresponding addition record field data of storage; and then the former record data field of further confirming to be kept at local terminal based on the front-end system recording configuration information of local terminal and appendix record field should be kept in which or which database table; and association, annexation between the table of relevant data storehouse; then, form corresponding database storage statement, the local terminal of said record data is preserved partly and the addition record field is saved in the preposition database of record; afterwards ... "; Said steps A 6 will become: " after the record data submitted to of the front-end system record storage that the storage of the centring system of centring system record and evidence obtaining management server receive front-end system and evidence obtaining management server preserve request; through checking centring system recording configuration information; which addition record field data that confirms to store records and produce corresponding field data; and then further confirm former record data field and addition record field to be kept in which or which database table based on centring system recording configuration information ... ".

After having increased the record adding description information; The record that foregoing centring system is carried out is collected evidence and the step B1 of proof procedure becomes: " centring system that the evidence obtaining keeper logins centring system writes down the management server of storing and collect evidence; input record queries condition; inquire about certain and write down the record in the class, only comprises the record field and the addition record field of preserving in the central record database that be recorded in of this record class in the querying condition "; In addition, the storage of the front-end system of the far-end among said step B5 record will only comprise the former record data field of preserving in the preposition database of record with the record data Query Result that the evidence obtaining management server returns, and not comprise the addition record field.

The present invention has adopted record data to separate storage mode; Only if the third party participate in cheating (and third party supposition be independently, believable), have or move the service provider of application system or the existence that operator can't deny a certain incident, behavior through deletion record; Simultaneously because the existence of digital signature makes any modification to record data to come to light.

Innovation part of the present invention is: digital signature technology is separated memory technology with record combine; Provide as the needed resisting denying ability of evidence for electronical record on the one hand; On the other hand; Under protection interested party's the prerequisite of private information, can effectively prevent to produce the application system of electronical record owner or operator's deletion, destroy taking of evidence.

Description of drawings

Fig. 1 is an overall structure block diagram of the present invention.

Embodiment

Below in conjunction with accompanying drawing the present invention is made further detailed description.

Evidence management towards electronical record of the present invention is as shown in Figure 1 with the overall structure of service system; The present invention includes front-end system, centring system, integrated API three parts; Wherein, front-end system comprises preposition database of record, the storage of front-end system record and evidence obtaining management server, front-end system recording configuration information three parts; Centring system comprises central record database, the storage of centring system record and evidence obtaining management server, centring system recording configuration information three parts.Describe in detail in the function summary of the invention in front about front-end system, centring system, integrated API and part thereof, no longer repeat at this.

The practical implementation of said preposition database of record and central record database (general designation database of record) can be adopted various existing relational database systems, like Oracle, SQL Server, MySQL, DB2 etc.The record data of each record type can be kept at based on actual needs in the one or more corresponding table of database.

In described evidence management towards electronical record and service system; Front-end system recording configuration information and centring system recording configuration information (general designation recording configuration information) play important effect, and the implementation of record storage, evidence obtaining and verification operation all depends on them.For the setting of recorded information in the said recording configuration information, the concrete realization of description technique kinds of schemes is arranged; A kind of scheme is to adopt XML (eXtensible Markup Language) or based on other extendible SGMLs of XML; Like RDF/OWL (Resource Description Framework/Web Ontology Language) etc.; Defining corresponding recorded information describes vocabulary (Vocabulary) or word-building (Constructs) and gives their certain semantemes and corresponding data format; On this basis recorded information is described then, the benefit of this scheme is a favorable expandability, and shortcoming is relatively complicated; Another kind of scheme is to adopt relational database; Promptly define the corresponding database table; Database table, certain specific fields of database table is deposited specific record description information, and database one or more related database records is corresponding to the descriptor of a record class; The advantage that adopts this mode is simple, and shortcoming is that autgmentability is poor.

Utilize described recording configuration information description technology, the specific descriptions execution mode of recording configuration information is following:

At first, the relevant information of every database table of put data comprises in description center or the preposition database of record,

1.1) title of database table;

1.2) tabulation of the field (or row) that comprises in the database table and its relevant information of field, comprise field title (or Field ID), field value type;

1.3) alternatively, which or which field of description list is an index field.

More than 1.1), 1.2), 1.3) described in the information about database table, both can be provided with by hand, also can obtain through the corresponding database of record of program inquiring;

Secondly, the following essential information of each record class is described or is defined:

2.1) record type title and unique identification (ID);

2.2) tabulation of the field that comprises in the record type, and each field is for information about, comprises field title or sign (ID), value type (like word string, integer, byte etc.), and the content type of field;

2.3) tabulation of addition record field of record in the record type, and each addition record field is for information about, comprises title, value type and the addition record field type of each addition record field;

2.4) record type which field be kept in the database of record of local terminal, which field is kept in the database of record of far-end;

2.5) record data preserve at far-end which part corresponding front-end system or centring system be, what corresponding front-end system or the storage of centring system record be with address of service, port, access method and the agreement of evidence obtaining management server;

2.6) corresponding higher level and the root ca certificate tabulation of the credible checking of digital signature.

In above record class description information, all to describe all fields of record, no matter this record field is kept in the database of record of local terminal or is kept in the database of record of far-end.

Said 2.2) the field contents type described in is meant: one of general data, digital signature, file data (be in the field directly store files data) or file URL (be deposit in the field be that file obtains URL).

In above record class description information; If the content type of certain field is a digital signature field; Then need further indicate the field name and the order of the record field that occurs in the signature contents (being name1=value1&name2=value2...) of corresponding " name to " form of this digital signature field, promptly provide the tabulation of the record field that this digital signature field covers; These associated description information about the record digital signature have been arranged, in record evidence obtaining and proof procedure, the signature verification that front-end system or centring system write down storage and the evidence obtaining management server can write down digital signature automatically.

In above record class description information,, then need further indicate the type of corresponding document, like Word, PDF etc. if the content type of certain field is file data or file URL.

The type of the addition record field said 2.3), fixed according to actual needs; Because the addition record field type is predefined for certain practical implementation; Therefore; The storage of front-end system record is write down storage with evidence obtaining management server, centring system can be according to the type of addition record field with the evidence obtaining management server; And the record data and the relevant recording configuration information that need storage, generate corresponding addition record field data automatically.

Further, recording configuration information is also described the record data of each record class and the corresponding relation of database of record table as follows:

3.1) the record type pairing title that is used for preserving database of record one or more database table its record data, said recording configuration information place end;

3.2) each record field in the database of record that is kept at said recording configuration information place end of record type; Comprise the addition record field; And 3.1) the described corresponding relation that is somebody's turn to do between the field that writes down type pairing database table, promptly which record field is corresponding with which field of which database table;

3.3) if said record type corresponding many database tables; Then need further indicate between the disparate databases table is how to carry out (thereby generating a big logical data base table) that data association, database table connect through the field of database table, and the simplest mode is to indicate field that have simultaneously, that have the unique value characteristic, link field related as record sheet between two tables.

Said recording configuration information place end is meant and said front-end system recording configuration information or centring system recording configuration information front-end system or the centring system in the same side; The database of record of said recording configuration information place end is meant corresponding preposition or central record database.

Each record field in the database of record that is kept at said recording configuration information place end of the record class said 3.2); Comprise the addition record field; And the corresponding relation between the field of database table; The simplest implementation method is that name is corresponding, and the database table field that has same name in the database table that promptly record field is corresponding with the record class is corresponding.

There have been the record data and the corresponding relation between the database of record table of above record class to describe; And the association between the Relational database table, annexation are described; When front-end system or the storage of centring system record are carried out record data storage or inquiry with the evidence obtaining management server in the database of record of local terminal; Just can be based on storage or querying condition; Form corresponding database storage or query SQL statement, carry out corresponding record data storage or inquiry, the wherein association between the Relational database table, annexation descriptor are used at storage or query SQL statement many database tables of association being connected (JOIN) together.

Described in summary of the invention, an important content in the recording configuration information is to indicate: the record data of preserving in the local terminal database of record be how with the database of record of far-end in the corresponding record data unique corresponding (promptly how in the database of record of far-end, searching, to obtain corresponding unique record data) of preserving through record data of local terminal.It is why essential and important that this describes content; Be because in said evidence management towards electronical record and service system; For every electronical record, preposition database of record and central record database have all only been preserved a part of data of complete documentation, therefore; In the evidence obtaining process, only be kept at two two parts corresponding record data combinations in the database of record and get up to constitute complete record.Realize this point; Most critical be how to represent to be kept at two relations one to one between not comprovincial two parts record data; Concern one to one based on this; From the database of record of any end, obtain a record that only comprises partial data, can both from the database of the other end, obtain to include the unique of remainder data using record.To the solution of this problem, the specific embodiments that the present invention adopts is following:

No matter be kept in the preposition database of record record data in the still central record database; The search condition that the unique record that has constituted inquiry in other end database, acquisition correspondence of a field or a plurality of fields is all arranged; This record field or record field combination are referred to as far-end record searching key (being Remote Record Searching Key), and (promptly this key can be only to contain a field; Also can be the combination of a plurality of fields), this or these constitute the record field of far-end record searching key need preservation simultaneously in preposition database of record and central record database; Correspondingly; In front-end system recording configuration information and centring system recording configuration information; For each record class, which or which field of setting its local terminal preservation with the form of list of fields has constituted in the far-end database of record far-end record searching key of searching for, obtain corresponding unique record.

For certain specific record class; The record field of the formation far-end record searching key of the record of preserving in preposition database of record and the central record database; Both can be identical, also can be different, but for easy; Can the record major key (Primary Key) that they all are set to be recorded in the preposition database of record (because being elder generations, be preserved in preposition database of record record data; Preserve in the central record database back, and like this, the record major key when the central record database writes down storage operation in the preposition database of record can obtain).In addition, because the addition record field is only meaningful at the storage end at its place, therefore, usually can not be as the component part of far-end record searching key.

Based on said far-end record searching key, then among the step B4 in the evidence obtaining of the said record of summary of the invention and the proof procedure described " ... confirm the unique corresponded manner of corresponding record data preserved in the preposition database of record of these record data and far-end ... " practical implementation will be " confirming the far-end record searching key of this record correspondence ... ".

The network information system development technique that realizes adopting any maturation with the concrete exploitation of evidence obtaining management server, the storage of centring system record and evidence obtaining management server stored in the front-end system record, like J2EE, ASP.NET etc.; The storage of front-end system record is write down the practical implementation development technique of storing with the employing of evidence obtaining management server with the management server of collecting evidence, centring system can be identical, also can difference.

Based on above database, recording configuration information, front-end system and the storage of centring system record practical implementation technology with the evidence obtaining management server; Realize the record storing process of the A1-A6 described in the summary of the invention; The record evidence obtaining of B1-B9 will not be the thing of a difficulty with proof procedure, and those skilled in the art can both realize according to said related content.

Integrated API is different according to the development technique of application system, can adopt the corresponding techniques exploitation, like C/C++ dynamic base, Windows COM/COM+, java class bag, C# class bag etc.

Record data between storage of front-end system record and evidence obtaining management server, the storage of centring system record and evidence obtaining management server, the integrated API transmit, exchange agreement can be self-defined based on host-host protocols such as TCP/IP, HTTP, Web Services; And take certain safety measure; Like data encryption, digital signature etc., ensure data privacy and integrality in the data transmission procedure.

The content of not doing in this specification to describe in detail belongs to this area professional and technical personnel's known prior art.

Claims

1. evidence management and service system towards an electronical record comprise front-end system, centring system, integrated API three parts, it is characterized in that:

Said front-end system is installed in consolidated network or data center with the application system that produces electronical record; Promptly be prepended to application system this locality, said front-end system comprises preposition database of record, the storage of front-end system record and evidence obtaining management server, front-end system recording configuration information three parts:

Storage of front-end system record and evidence obtaining management server: be responsible for the storage and the evidence obtaining management of record data in the application system location; And front-end system recording configuration information management; The local storage area that comprises the record data that application system is produced is kept in the preposition database of record of local terminal, and the record data that need in the centring system of far-end, preserve partly are sent to said centring system and are saved in the central record database by said centring system; When writing down evidence obtaining in application system this locality with checking; Based on querying condition; From the preposition database of record of local terminal, inquire about, obtain the local preservation of the application system part of required record data, and connect said centring system, the third party who obtains record data preserves part; Be combined to form complete record then, and pass through the validity of the digital signature authentication record of record; When writing down the evidence obtaining operation in said centring system; Reception is from the record queries request of said centring system; In the preposition database of record of local terminal, inquire about, obtain the record data part of preserving in the preposition database of record of the required local terminal of said centring system, the result who obtains is turned back to said centring system;

Front-end system recording configuration information: be provided with front-end system and write down the required information of storage, evidence obtaining and verification operation about the record class; Front-end system recording configuration information is provided with through the man-machine interface of front-end system record storage with the evidence obtaining management server by the system manager;

Centring system is positioned at the data center of trusted third party, is used for concentrating the data division that preservation is local from difference, the need third party of the record data of different application systems generation preserves, and writes down and collect evidence and checking; Said centring system comprises central record database, the storage of centring system record and evidence obtaining management server, centring system recording configuration information three parts:

The central record database: the data division that need preserve the third party in the electronical record data that the not comprovincial application system of concentrated preservation produces, promptly preserve the record field that needs the third party to preserve in the complete electronical record;

Centring system record storage and evidence obtaining management server: be responsible for the storage and the evidence obtaining management of record data in said third party data center; And centring system recording configuration information management; Comprise that the record data that the third party preserves partial data that only comprise that reception is submitted to from storage of the front-end system of front-end system record and evidence obtaining management server preserve request, and record data are kept in the central record database; When writing down evidence obtaining in centring system with checking; Based on querying condition, from the database of record of center, obtain the record data part that local terminal is preserved, and connect the storage of front-end system record and evidence obtaining management server of the front-end system of far-end; From the preposition database of record of said front-end system, obtain other parts of corresponding record data; Be the local part of preserving of application system, be combined to form complete record, then the validity that writes down through the digital signature authentication of record; When collecting evidence operation at said front-end system; Receive the front-end system record storage of said front-end system and the record queries request of evidence obtaining management server submission; In the central record database, inquire about, obtain the record data part of preserving in the required local terminal central record database of the front-end system record storage of said front-end system and the management server of collecting evidence, the front-end system that the result who obtains is turned back to said front-end system writes down the storage and the management server of collecting evidence;

Centring system recording configuration information: be provided with that centring system writes down storage, evidence obtaining is required about information recorded; Centring system recording configuration information is provided with through the man-machine interface of centring system record storage with the evidence obtaining management server by the system manager;

Integrated API: be used for application system and transmit, submit record data to the evidence obtaining management server, carry out the operation relevant with the record data storage operation to the front-end system record storage of front-end system;

Said electronical record is meant the list type record that is kept in the relational database, and file data is carried out digital signature and signed data as the field contents of list type recording section is kept at the list+file mixed type record in the field of list type recording section;

Said application system is meant that the private key of the digital certificate that in the process of service is provided, produces electronical record data and relevant participant use oneself carries out the various information system of digital signature to the related content of electronical record;

Said record class refers to produce in a certain particular application services process, have the identical content attribute, promptly comprise identical recordings field, the set of all record instances;

The partial data of the electronical record that said application system produces is kept in the preposition database of record of front-end system; Partial data is kept in the central record database of centring system; The record data of promptly preserving in two database of records are not complete; But the central record database is wanted the digital signature data of keeping records, and the record data of the two preservation have overlappingly, and the combination of the corresponding record data of preserving in two database of records can recover complete record;

Said application system links with the evidence obtaining management server through the front-end system record storage of integrated API and said front-end system, carries out this locality and the remote storage of record data;

Said local terminal refers to current just in the front-end system or centring system one side of executive logging storage, evidence obtaining operational processes, and said far-end is meant the system's other end for local terminal;

Between said application system and the front-end system, carry out record data between front-end system and the centring system each other when transmitting with exchange, need indicate the affiliated record class of record data of transmissions, exchange.

2. evidence management and service system towards electronical record according to claim 1, it is characterized in that: said front-end system is a plurality of, and each front-end system lays respectively at the location of different application systems.

3. evidence management and service system towards electronical record according to claim 1; It is characterized in that: said preposition database of record is that front-end system owns specially; Perhaps said preposition database of record is that application system and front-end system own jointly; Perhaps said preposition database of record is that application system owns specially, and promptly said preposition database of record is the database of application system itself.

4. evidence management and service system towards electronical record according to claim 1, it is characterized in that: said front-end system recording configuration information and centring system recording configuration information are provided with relative recording information as follows:

At first, every database table that is used for the put data in the database of record of said recording configuration information place end is described as follows:

1.1) title of database table;

1.2) field or the tabulation of row and the relevant information of field that comprise in the database table, comprise the value type of the title and the field of field;

1.3) alternatively, which or which field of database table is an index field;

Said 1.1), 1.2), 1.3) described in the information about database table, both can be provided with by hand, also can obtain through the corresponding database of record of program inquiring;

Next, the storage of front-end system record and evidence obtaining management server or centring system are write down storage needs the following essential information of each record class of operational processes to describe with the evidence obtaining management server:

2.1) record type title and unique ID;

2.2) write down the tabulation of writing down the field that comprises in the class, and each field is for information about, comprises the content type of title, value type and the field of each record field;

2.4) preserve in the database of record of said recording configuration information place end which field of record type, which field is kept in the database of record of far-end;

2.6) set having constituted search in the far-end database of record, obtaining the record searching condition of corresponding unique record of which or which field in the record data that said recording configuration information place end preserves with the form of list of fields, said field or field combination are called far-end record searching key;

2.7) corresponding higher level and the root ca certificate tabulation of the credible checking of digital signature;

Said record type essential information will be described all record fields of described record type, and no matter relevant record field is kept in the database of record of local terminal or is kept in the database of record of far-end;

Said 2.2) the field contents type described in is meant: one of general data, digital signature, file data or file URL; Wherein, what directly deposit in the record field of file data type is file data, and what deposit in the record field of file URL type is that file obtains URL;

If the content type of certain field of the record class said 2.2) is a digital signature; Then need further indicate the field name and the order of the record field that occurs in the signature contents of corresponding " name to " form of this digital signature field; Promptly provide the tabulation of the record field that this digital signature field covers, the signature contents of wherein said " name to " form is the data of following form:

name1＝value1&name2＝value2...，

Wherein, name1, name2... are the titles of record field, and value1, value2... are the numerical value of corresponding record field;

If the content type of certain field of the record class said 2.2) is file data or file URL, then need further indicate the type of corresponding document;

Said 2.3) the addition record field described in does not belong to the record data field of record itself, but front-end system, centring system are for ease of record searching, evidence obtaining and the extra data field of the adding description information that is used for put of extra definition; The data of addition record field are produced automatically and are preserved by front-end system or centring system type and the recording configuration information according to the addition record field; The addition record field comprises its type and data, only at front-end system or centring system local sense is arranged; The addition record field is not as the component part of far-end record searching key;

Again secondly, describe each as follows and write down the corresponding relation between class and the corresponding record database table:

3.1) type pairing title that is used for preserving one or more database table of database of record its record data, said recording configuration information place end of record;

3.2) record class is kept at each record field in the database of record of said recording configuration information place end; Comprise the addition record field; And 3.1) the described corresponding relation that is somebody's turn to do between the field that writes down type pairing database table, promptly which record field is corresponding with which field of which database table;

3.3) if said record type corresponding many database tables, then need further indicate between the disparate databases table is how to carry out database table association, connection through the field of database table;

5. according to claim 1 or 4 described evidence management and service systems towards electronical record, it is characterized in that: the storage means of said electronical record is following:

Step 1: application system provides the participant in the process of service to use the private key of its digital certificate that the electronical record that produces in the service process is carried out digital signature, and the record data after will signing are then submitted to application system;

Step 2: application system directly is kept at local record data part for storage in preposition database of record with needs, and the record data that needs are kept at the centring system of far-end through integrated API then partly are submitted to the front-end system record storage of local terminal and handle with the evidence obtaining management server; Perhaps, said application system is submitted to the storage of said front-end system record through integrated API with whole record data and handles with the evidence obtaining management server;

Step 3: after the storage of said front-end system record receives the record data storage request of said application system submission with the evidence obtaining management server; Definite request is only the partial record data to be saved in said centring system or to handle whole record data; If only the partial record data are saved in said centring system, then change step 4 over to; Otherwise, change step 5 over to;

Step 4: the front-end system recording configuration information that storage of said front-end system record and evidence obtaining management server are checked local terminal; Obtain the associated description information of the pairing record class of record data of the needs processing that receives; Confirm needing which record field in the record data of storage need be sent in the central record database of said centring system preserves; And the centring system record of confirming said centring system is stored and address of service, port, access method and the agreement of evidence obtaining management server; Then; Through corresponding access method and agreement corresponding record data partly are sent to the centring system record storage of said centring system and the management server of collecting evidence, processing procedure changes step 6 execution over to afterwards;

Step 5: the front-end system recording configuration information that storage of said front-end system record and evidence obtaining management server are checked local terminal; Obtain the associated description information of the pairing record class of record data of the needs processing that receives; Which record field in the record data of the needs storage of confirming to receive need be kept in the said preposition database of record; Need to confirm recording which addition record field and producing corresponding addition record field data of storage; And then confirm further that according to the descriptor of the said record in the said front-end system recording configuration information type former record data field and appendix record field that needs are kept at local terminal should be kept in which or which database table; And the corresponding relation between record field and the data sheet field; And association, annexation between the table of relevant data storehouse; Then, form corresponding database storage statement, the local terminal of said record data is preserved part for storage in said preposition database of record; Afterwards; Check the descriptor of the said record type in the front-end system recording configuration information of local terminal further, which record field in the record data of confirming to receive that will store need be sent to said centring system and preserve, and confirms the centring system record storage of said centring system and address of service, port, access method and the agreement of evidence obtaining management server; The far-end of the record data that will store that will receive through corresponding access method and agreement then, is preserved the storage of centring system record and evidence obtaining management server that part is sent to said centring system;

Step 6: after the record data that the front-end system record storage that the storage of the centring system of said centring system record and evidence obtaining management server receive said front-end system and evidence obtaining management server are submitted to are preserved request; Through checking the centring system recording configuration information of said centring system; Obtain the associated description information of the pairing record class of record data of the needs processing that receives; Definite recording which addition record field and producing corresponding addition record field data of will storing; And then confirm further that according to the descriptor in the said centring system recording configuration information needs are kept at former record data field and addition record field in which or which database table about said record type; And the corresponding relation between record field and the data sheet field; And association, annexation between the table of relevant data storehouse, then, form corresponding database storage statement; Record data are kept in the central record database of said centring system the prompting that returns success afterwards or fail.

6. evidence management and service system towards electronical record according to claim 1, it is characterized in that: the method that writes down evidence obtaining and checking in said centring system is following:

The 1st step: the evidence obtaining keeper logins the storage of centring system record and evidence obtaining management server of centring system; Input record queries condition; Inquire about the record in certain record class, only comprise the record field and the addition record field of preserving in the central record database that is recorded in said centring system of this record class in the querying condition;

The 2nd step: the storage of said centring system record is checked centring system recording configuration information with the evidence obtaining management server; Acquisition needs to inquire about, obtain the associated description information of the record class of data; Confirm that the record that will inquire about is kept in which or which database table of central record database; And the corresponding relation between record field and the data sheet field, and association, annexation between the table of relevant data storehouse, and then based on querying condition; Form the corresponding database query statement, in said central record database, inquire about, search for and return qualified record data;

The 3rd step: if Query Result no record data are returned, then evidence obtaining finishes, if Query Result has record data, one or more record data is arranged promptly, and the keeper that then collects evidence checks the wherein details of a record through clicking the mouse;

The 4th step: the storage of said centring system record and evidence obtaining management server check that the current needs in the centring system recording configuration information of said centring system check the associated description information of the pairing record of record type of details; Which field of confirming this record is kept in the preposition database of record of far-end; What the front-end system record storage of corresponding far-end is with address of service, port, access method and the agreement of evidence obtaining management server; Confirm the corresponding far-end record searching key of this record and form the query search condition; Then; Connect storage of said front-end system record and evidence obtaining management server, requesting query, obtain the corresponding record data division that is kept in the said preposition database of record;

The 5th step: the record queries that the centring system record storage that the storage of said front-end system record and evidence obtaining management server receive said centring system and evidence obtaining management server are submitted to, obtain request after; Check the front-end system recording configuration information of said front-end system; The associated description information of the record class that the record that acquisition needs to inquire about, obtain is corresponding; Confirm that the record data that will inquire about are kept in which or which database table of preposition database of record of said front-end system, and the corresponding relation between record field and the data sheet field, and association, annexation between the table of relevant data storehouse; And then the record queries search condition of submitting to according to said centring system; Form record queries, the search statement of database, inquire about said preposition database of record, then Query Result is turned back to storage of said centring system record and evidence obtaining management server; Return results only comprises the former record data field of preserving in the said preposition database of record, does not comprise the addition record field;

The 6th step: said centring system record is stored and is collected evidence management server after the Query Result that returns with the management server of collecting evidence stored in the said front-end system record of acquisition; The record data part of local terminal acquisition and the said front-end system record storage of far-end are partly made up with the corresponding record data that the evidence obtaining management server returns, form a complete record;

The 7th step: the storage of said centring system record and evidence obtaining management server are further checked whether vacancy record field data of said complete documentation according to the descriptor of record under the complete documentation that in the centring system recording configuration information of said centring system the 6th step is obtained type, and whether the data content that belongs to the record field of preserving simultaneously at two ends in the record data is consistent;

The 8th step: the storage of said centring system record is further checked said centring system recording configuration information with the evidence obtaining management server; Descriptor based on the record class under the complete documentation that in the said centring system recording configuration information the 6th step is obtained; Which or which field of confirming said complete documentation is a digital signature field; And what the record field tabulation that digital signature field covers is, verifies the validity of digital signature data of the signature field of this record then in view of the above;

The 9th step: the storage of said centring system record and the inspection of the management server of collecting evidence according to the 7th step and the 8th step, the record details that the checking result reports the complete documentation that the 6th step obtains; Comprise: what the data content of all record fields of said complete documentation is; Whether record field vacancy data are arranged; Record that the 2nd step obtains respectively with the 5th step, same is kept at the data content of the record field in said central record database and the said preposition database of record simultaneously, and whether consistent and inconsistent field is which or which; Which record field is a digital signature field; Whether the digital signature of record is effective, and whether record data are modified, and whether signing certificate is credible and the relevant information of signing certificate.

7. evidence management and service system towards electronical record according to claim 6; It is characterized in that: in said the 9th step; During the digital signature authentication of writing down; For the said record field that is kept at simultaneously in said central record database and the said preposition database of record, what the corresponding field in the data content during signature verification adopted is the respective record field data that is kept in the central record database.

8. evidence management and service system towards electronical record according to claim 6; It is characterized in that: in said the 5th step; If the storage of said front-end system record can't inquire corresponding record data according to the query requests that storage of centring system record and evidence obtaining management server are submitted to the evidence obtaining management server; Be that the storage of said front-end system record is empty with the Query Result that the evidence obtaining management server returns; Can conclude and report that then perhaps will inquire about the record data that obtain, be kept in the said preposition database of record and deleted, the corresponding record data of preserving in the perhaps said central record database are forged.

9. evidence management and service system towards electronical record according to claim 6; It is characterized in that: if the data content that obtains respectively in said the 2nd step and the 5th step, be kept at a certain record field in said central record database and the said preposition database of record simultaneously exists inconsistent; Can conclude that then the respective record field of preserving in a certain end database of record is modified; Specifically be that the record field which end is preserved is modified; Can do to judge further that concrete determination methods is through the corresponding digital signature:

If said record field is included in a certain digital signature field, and the digital signature authentication of this signature field passes, and promptly signature effectively then can be concluded and reports that the said record field data that are kept in the said preposition database of record are distorted; If said record field is included in a certain digital signature field, and the digital signature authentication of this signature field does not pass, and it is invalid promptly to sign; Then further; Use said record field to be kept at data in the said preposition database of record and carry out corresponding digital signature authentication,, then can conclude and report that the said record field data that are kept in the said central record database are modified if digital signature authentication passes; Otherwise, need to adopt other means further to judge.

10. according to each described evidence management and service system among claim 1 or the 6-9 towards electronical record; It is characterized in that: writing down the implementation that writes down evidence obtaining and the method for verifying in centring system described in implementation and the claim 6 of evidence obtaining and the method for checking at the described front-end system of claim 1 is the process of a symmetry; Soon role and the operation of bearing with the management server of collecting evidence, central record database, centring system recording configuration information stored in the said centring system in the implementation of method described in the claim 6, centring system record, and role that corresponding together said front-end system, front-end system write down storage and the management server of collecting evidence, preposition database of record, front-end system recording configuration information are born and operation are exchanged and got final product; Claim 7 and 9 described contents are equally applicable to write down the corresponding step in evidence obtaining and the method for verifying at said front-end system; Content described in the claim 8; As long as role and the operation of bearing with evidence obtaining management server, said preposition database of record stored in said front-end system record; The said centring system of correspondence writes down storage and the management server of collecting evidence, said central record database are born together role and operation are exchanged, and are equally applicable to the said corresponding step of collecting evidence with the method for verifying that writes down at front-end system.