The protection of electronic contract data needs to build a full-link, full-cycle protection system. Reliable third-party platforms will ensure the security of user data from the perspectives of data link, structured data storage, file storage, key management, user data authority, user account management, data audit, operation and maintenance management, etc.

1, data link: A reliable third-party platform uses SSL security protocol to encrypt all files and data during transmission (the link back to the source is also encrypted) to ensure that files will not be stolen during transmission.

2. Structured data and file encryption: Structured data is symmetrically encrypted by AES256, and the encryption key is randomly generated in memory and is not directly stored in any storage medium. Instead, it is encapsulated in the user's digital envelope by RSA asymmetric encryption algorithm. Opening this digital envelope requires two parts of the key, one is obtained through the user's password, and the other is stored in a third-party system, thus ensuring that the key will not be leaked. The encrypted file data is dispersed and stored in blocks by cutting algorithm.

3. Key management: The user data encryption key is encapsulated in a digital envelope by RSA algorithm. The digital envelope opening key is jointly obtained by the user password and the independent key subsystem. User data, encryption key and digital envelope opening key are stored in different subsystems, and finally extracted and used through user login authorization.

4. User data permission: the contract data in the enterprise needs the administrator to set and assign the corresponding access permission, and the internal employee account has the corresponding data access permission.

5. Account management: strict rules for modifying personal account names and information, delegated authority of enterprise administrators, and auditable.

6. Data audit: All user behaviors and administrator management behaviors can be audited, and the roles of system management and data management are separated.

7. Operation and maintenance management: the internal subsystem of contract lock adopts decentralized operation and maintenance strategy, so it is impossible for a single operation and maintenance personnel to obtain the complete encrypted data of any contract, let alone skip the user's own decryption.

The data security system of the above-mentioned contract lock platform has passed the ISO27000 1 information security management system certification and information system security level protection (level 3) of the Ministry of Public Security.