CN-122027174-A - Encryption storage method and system for digital signature

Abstract

The invention discloses an encryption storage method and system of a digital signature, wherein the method comprises the steps of obtaining digital signature data transmitted by a terminal, extracting a first parameter and a second parameter when the terminal executes transmission, generating a first encryption key through hash operation after the first parameter and the second parameter are spliced, extracting a pixel matrix in the digital signature data, writing the first encryption key into the pixel matrix to obtain a remapped pixel matrix, restoring to obtain a graph copy, generating a second encryption key, embedding the second encryption key into a discrete cosine high-frequency coefficient area of the graph copy, obtaining a block chain network block time stamp and binding with a network node address to generate a space-time identifier, binding the space-time identifier with the graph copy, packaging to generate a storage data packet, and conducting piece-by-piece encryption on the storage data packet to conduct redundant storage. The invention couples the terminal and network environment parameters to the signature pixel transformation and encryption storage process, and has high security, strong robustness and offline self-verification capability.

Inventors

• SU HUIXIANG
• Kang Meilin
• CUI CAN
• LIU XIANG
• CHEN ZEYU

Assignees

• 湖南科技职业学院

Dates

Publication Date

20260512

Application Date

20260416

Claims (9)

1. 1. An encryption storage method of digital signature is characterized by comprising the following steps: Acquiring digital signature data transmitted by a terminal; extracting a first parameter and a second parameter when the terminal executes transmission, wherein the first parameter comprises a terminal identification code and a user identification code, and the second parameter comprises a transmission time stamp, a network node address and a session random number; splicing the first parameter and the second parameter, and then generating a first encryption key through hash operation; extracting a pixel matrix in the digital signature data, writing the first encryption key into the pixel matrix to obtain a remapped pixel matrix, and restoring to obtain a graph copy; generating a second encryption key based on the first parameter and the second parameter, and embedding the second encryption key into a discrete cosine high-frequency coefficient region of the graphic copy; Acquiring a block chain network block time stamp, binding the block chain network block time stamp with the network node address to generate a space-time identifier, and binding the space-time identifier with the graph copy; Packaging the graphic copy bound with the space-time identifier, the identifier of the graphic copy and the check code to generate a storage data packet; And carrying out fragment encryption on the storage data packet, and uploading the encrypted data fragment to the blockchain network for redundant storage.
2. 2. The method for encrypting and storing a digital signature according to claim 1, wherein writing said first encryption key into said pixel matrix to obtain a remapped pixel matrix and then restoring said remapped pixel matrix to obtain a graphic copy, comprising the steps of: dividing the pixel matrix into a plurality of data blocks according to a preset geometric rule; Converting the first encryption key into a coordinate offset sequence, and remapping pixel coordinates in each data block based on the coordinate offset sequence to generate the remapped pixel matrix; And performing inverse mapping operation on the remapped pixel matrix, and restoring to generate the graph copy.
3. 3. The method for encrypting and storing a digital signature according to claim 2, wherein a second encryption key is generated based on the first parameter and the second parameter, and the second encryption key is embedded in a discrete cosine high frequency coefficient region of the graphic copy, comprising the steps of: performing hash operation on the first parameter and the second parameter to generate a watermark key; Converting the watermark key into a pseudo-random sequence; and performing discrete cosine transform on the graph copy, selecting a high-frequency coefficient region, and embedding the pseudo-random sequence into the high-frequency coefficient region by adopting a spread spectrum technology.
4. 4. The encryption storage method of digital signature as set forth in claim 3, wherein when the graphic copy binding the space-time identification, the identifier of the graphic copy and the check code are packaged to generate a storage data packet, the method specifically comprises the steps of constructing a packet header layer, writing the identifier of the graphic copy, the hash value of the space-time identification and the check algorithm identification; Constructing a data layer, and writing the encrypted graphic copy and the space-time identifier; constructing a check layer, and writing a check code generated based on the data layer; and generating the storage data packet by the packet header layer, the data layer and the check layer according to a preset serialization protocol.
5. 5. The method for encrypting and storing digital signatures according to claim 4 wherein said stored data packets are encrypted in slices and the encrypted data slices are uploaded to said blockchain network for redundant storage, comprising the steps of: dividing the stored data packet into a plurality of data fragments according to a preset size, and generating a fragment head for each data fragment, wherein the fragment head comprises a fragment sequence number, a total fragment number and a fragment check code; Encrypting each data fragment by adopting a symmetric encryption algorithm, wherein an encryption key is generated by splicing the fragment sequence number and the session random number; and uploading the encrypted data fragments to a plurality of consensus nodes of the block chain network in parallel for redundant storage, and aggregating storage transaction hash returned by each node to generate a global verification index.
6. 6. The method for encrypted storage of digital signatures according to claim 5, further comprising the steps of: periodically monitoring the storage health of each data fragment in the blockchain network; And when the failure of the node where any fragment is located is detected, performing data recombination based on the redundant fragments and fragment check codes stored by other nodes, and migrating recombined data to a new consensus node, and synchronously updating the global verification index.
7. 7. The method for encrypted storage of digital signatures according to claim 6, further comprising the steps of: reading the storage data packet from a local storage medium under a network connection-free environment, analyzing the storage data packet, and extracting an identifier and a space-time identification hash value of the graphic copy; generating a temporary key based on the first parameter and the second parameter acquired by the current verification device, and executing key extraction and correlation matching calculation on the graph copy.
8. 8. The method for encrypted storage of digital signatures according to claim 7, further comprising the steps of: synchronously verifying the consistency of the space-time identification hash value and the correctness of the check code; And when the matching degree of the correlation matching calculation is higher than a preset threshold value, the hash values are consistent and the check codes are correct, judging that the stored data packet is kept complete and effective in cross-device calling.
9. 9. A digitally signed encrypted storage system, comprising: the data acquisition module is used for acquiring digital signature data transmitted by the terminal; the parameter extraction module is used for extracting a first parameter and a second parameter when the terminal executes transmission, wherein the first parameter comprises a terminal identification code and a user identification code, and the second parameter comprises a transmission time stamp, a network node address and a session random number; The first key generation module is used for generating a first encryption key through hash operation after splicing the first parameter and the second parameter; The matrix processing module is used for extracting a pixel matrix in the digital signature data, writing the first encryption key into the pixel matrix to obtain a remapped pixel matrix, and then restoring to obtain a graph copy; the watermark embedding module is used for generating a second encryption key based on the first parameter and the second parameter, and embedding the second encryption key into a discrete cosine high-frequency coefficient region of the graph copy; The space-time binding module is used for acquiring the time stamp of the block chain network block, binding the time stamp with the network node address to generate a space-time identifier, and binding the space-time identifier with the graph copy; The data encapsulation module is used for encapsulating the graphic copy bound with the space-time identifier, the identifier of the graphic copy and the check code to generate a storage data packet; And the block chain storage module is used for carrying out fragment encryption on the storage data packet, and uploading the encrypted data fragment to the block chain network for redundant storage.

Description

Encryption storage method and system for digital signature Technical Field The invention relates to the technical field of encryption authentication, in particular to an encryption storage method and an encryption storage system for digital signatures. Background With the popularity of electronic authentication technology, digital signatures are a core carrier of legal effectiveness of electronic documents, where storage security and long-term verifiability face serious challenges. In the prior art, digital signature data is stored in a centralized database or a local storage medium after being encrypted by a static key, and the scheme has the following defects: Firstly, the storage process lacks environment sensing capability, an encryption key is decoupled with a terminal and network environment parameters during transmission, data is easy to intercept and tamper during cross-equipment transmission or long-term storage, and the existing verification machine highly depends on a centralized server, so that integrity verification cannot be independently completed in a network isolation or offline scene, and service continuity is limited. Secondly, the existing scheme does not deeply fuse signature data with dynamic parameters such as terminal identity, network nodes and the like, and the encryption process and pixel-level characteristics of the signature image are mutually independent. Once the static key is leaked or the storage medium is damaged, the original signature structure is extremely easy to reversely restore or permanently lose, the traditional watermark generation is not combined with real-time transmission parameters, the embedding process is not optimized for the image geometric block characteristics, and the anti-attack capability and the long-term robustness are difficult to be considered. Thirdly, under a long-term archiving scene, the traditional blockchain certification is used for only uplink of signature hash values, and the self-description capability of archiving data is weak due to the lack of structural association of time stamps, network identifications and image pixel matrixes. When calling across devices or across ages, the integrity check is very prone to failure due to the lack of embedded verification anchor points. Therefore, there is a need for an encryption storage method and system for digital signatures with high security, robustness and offline self-verification capability that can deeply couple terminal and network environment parameters to signature pixel transformation and encryption storage processes. Disclosure of Invention Aiming at the problems, the invention provides the encryption storage method and the encryption storage system for the digital signature, which are used for deeply coupling the terminal and the network environment parameters to the signature pixel transformation and encryption storage process, and have the advantages of high safety, strong robustness and offline self-verification capability. In a first aspect of the present invention, there is provided a digital signature encryption storage method, comprising the steps of: Acquiring digital signature data transmitted by a terminal; extracting a first parameter and a second parameter when the terminal executes transmission, wherein the first parameter comprises a terminal identification code and a user identification code, and the second parameter comprises a transmission time stamp, a network node address and a session random number; splicing the first parameter and the second parameter, and then generating a first encryption key through hash operation; extracting a pixel matrix in the digital signature data, writing the first encryption key into the pixel matrix to obtain a remapped pixel matrix, and restoring to obtain a graph copy; generating a second encryption key based on the first parameter and the second parameter, and embedding the second encryption key into a discrete cosine high-frequency coefficient region of the graphic copy; Acquiring a block chain network block time stamp, binding the block chain network block time stamp with the network node address to generate a space-time identifier, and binding the space-time identifier with the graph copy; Packaging the graphic copy bound with the space-time identifier, the identifier of the graphic copy and the check code to generate a storage data packet; And carrying out fragment encryption on the storage data packet, and uploading the encrypted data fragment to the blockchain network for redundant storage. As a preferable mode, writing the first encryption key into the pixel matrix to obtain a remapped pixel matrix and then restoring to obtain a graph copy, specifically comprising the following steps: dividing the pixel matrix into a plurality of data blocks according to a preset geometric rule; Converting the first encryption key into a coordinate offset sequence, and remapping pixel coordinates in each data block based on the coordinate o