[go: up one dir, main page]

CN111162902A - Cloud signing server based on tax certificate - Google Patents

Cloud signing server based on tax certificate Download PDF

Info

Publication number
CN111162902A
CN111162902A CN201911406286.2A CN201911406286A CN111162902A CN 111162902 A CN111162902 A CN 111162902A CN 201911406286 A CN201911406286 A CN 201911406286A CN 111162902 A CN111162902 A CN 111162902A
Authority
CN
China
Prior art keywords
cloud
server
signature
interface
signature verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911406286.2A
Other languages
Chinese (zh)
Inventor
李继
张平
李利
解军伟
吕志刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201911406286.2A priority Critical patent/CN111162902A/en
Publication of CN111162902A publication Critical patent/CN111162902A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/10Tax strategies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Finance (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a cloud signing server based on tax certificates, which comprises: the standard interface unit is used for providing standard interfaces of various cloud signing devices, and the interfaces finish the transmission of data of the signature verification unit in an encryption mode; the signature verification unit is used for receiving a signature request sent by the cloud signing equipment through the standard interface unit, reading a certificate of the cloud signing equipment and finishing signature and verification of the cloud signing equipment; and the multi-user remote use unit supports multiple users to access the cloud signature server through the client, and solves the problem of the requirement on the signature verification server with the domestic digital signature function and the digital signature verification function.

Description

Cloud signing server based on tax certificate
Technical Field
The application relates to the field of cloud services, in particular to a cloud signing server based on tax certificates
Background
With the acceleration of information resource digitalization and networking, the requirements based on a PKI system and digital certificate support are increasing day by day, but the problems that top-level design is lacked, products are classified into different categories and a unified interface is lacked exist in the links of the current commercial password infrastructure, including a digital certificate authentication system, a key management system, password equipment, password service and the like. Therefore, there is an urgent need to develop a signature verification service capable of providing a digital signature function and a digital signature verification function on the basis of a cryptographic infrastructure technical system and a standard specification research result to solve the above problems. The signature verification service of the current digital verification function has high cost and non-uniform interfaces, and more importantly, the core technology adopts foreign chips. Therefore, it is very urgent to research a signature verification server having a domestic digital signature function and a digital signature verification function suitable for domestic needs.
Disclosure of Invention
The application provides a cloud sign server based on tax certificates, and solves the problem of demands on a signature verification server with a domestic digital signature function and a digital signature verification function.
The application provides a cloud signs server based on tax certificate includes:
the standard interface unit is used for providing standard interfaces of various cloud signing devices, and the interfaces finish the transmission of data of the signature verification unit in an encryption mode;
the signature verification unit is used for receiving a signature request sent by the cloud signing equipment through the standard interface unit, reading a certificate of the cloud signing equipment and finishing signature and verification of the cloud signing equipment;
and the multi-user remote use unit supports multiple users to access the cloud sign server through the client.
Preferably, the standard interface unit is configured to provide a standard interface of multiple cloud sign devices, and includes:
a security client interface, a cryptographic interface, a CSP interface, and a PKCS #11 interface.
Preferably, the cloud sign server is suitable for servers of A9\ A10 models.
Preferably, the cloud signing device comprises;
a multi-tax-number sealed disk and a PCIE password card.
Preferably, the multi-tax-number compact disc and the PCIE password card support not less than 65535Slot, and each Slot can store four applications of Default, RSA1024, RSA2048 and SM 2.
Preferably, the Default is used for P11 certificate application, and RSA1024, RSA2048 and SM2 are used for national seal interface certificate application.
Preferably, the method further comprises the following steps:
RSA1024, RSA2048, SM2 correspond to digital certificates of the RSA1024 algorithm, RSA2048 algorithm, SM2 algorithm, respectively.
Preferably, the interface completes transmission of the signature verification unit data in an encrypted manner, and includes:
the cloud sign device calls the function provided by the cloud sign server to carry out signature verification, the function name and the function parameter are transmitted to the cloud sign server in a ciphertext mode, and the server executes signature verification and returns a result.
The application provides a cloud signs server based on tax certificate includes: the standard interface unit is used for providing standard interfaces of various cloud signing devices, and the interfaces finish the transmission of data of the signature verification unit in an encryption mode; the signature verification unit is used for receiving a signature request sent by the cloud signing equipment through the standard interface unit, reading a certificate of the cloud signing equipment and finishing signature and verification of the cloud signing equipment; and the multi-user remote use unit supports multiple users to access the cloud signature server through the client, and solves the problem of the requirement on the signature verification server with the domestic digital signature function and the digital signature verification function.
Drawings
FIG. 1 is a diagram of a tax certificate based small cloud signature server architecture provided herein;
FIG. 2 is a diagram of a tax certificate based medium cloud signature server architecture provided herein;
FIG. 3 is a diagram of a large cloud signature server architecture based on tax certificates provided herein;
FIG. 4 is a diagram of a multi-tax compact hardware architecture to which the present application relates;
fig. 5 is a hardware architecture diagram of a PCIE crypto card to which the present application relates;
FIG. 6 is a diagram of a tax certificate based cloud sign-on server software architecture to which the present application relates;
FIG. 7 is a flow diagram of a tax certificate based cloud signature server secure client interface signature involved in the present application;
FIG. 8 is a tax certificate based cloud signature server cloud signature service validation flow diagram in accordance with the present application;
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. This application is capable of implementation in many different ways than those herein set forth and of similar import by those skilled in the art without departing from the spirit of this application and is therefore not limited to the specific implementations disclosed below.
The application provides a cloud signs server based on tax certificate includes: the standard interface unit is used for providing standard interfaces of various cloud signing devices, and the interfaces finish the transmission of data of the signature verification unit in an encryption mode; the signature verification unit is used for receiving a signature request sent by the cloud signing equipment through the standard interface unit, reading a certificate of the cloud signing equipment and finishing signature and verification of the cloud signing equipment; the multi-user remote use unit supports multiple users to access the cloud sign server through the client, and is suitable for small, medium and large cloud sign servers with low cost. The architecture diagram of the small cloud sign server is shown in fig. 1, the architecture diagram of the medium cloud sign server is shown in fig. 2, and the architecture diagram of the large cloud sign server is shown in fig. 3, and is particularly suitable for servers of a model a9\ a 10.
And the standard interface unit is used for providing standard interfaces of various cloud signing devices, the interfaces finish the transmission of the data of the signature verification unit in an encryption mode, and the security defense performance is very strong. The client can finish operations such as certificate making, signature and signature verification by accessing a standard interface, and the standard interface comprises: a security client interface, a cryptographic interface, a CSP interface, and a PKCS #11 interface. The cloud label equipment comprises a multi-tax-number sealed disk and a PCIE password card. The hardware architecture of the multi-tax-number sealed disk is shown in fig. 4, and the hardware architecture of the PCIE crypto card is shown in fig. 5. The certificate is stored in a multi-tax-number compact disc or a PCIE password card. The multi-tax-number compact disc and the PCIE password card support no less than 65535Slot, and each Slot can store four applications of Default, RSA1024, RSA2048 and SM 2. Default for P11 certificate applications, RSA1024, RSA2048, SM2 for national seal interface certificate applications. RSA1024, RSA2048, SM2 correspond to digital certificates of the RSA1024 algorithm, RSA2048 algorithm, SM2 algorithm, respectively.
The cloud sign server software architecture based on the tax certificate is shown in fig. 5, and it can be seen from the figure that the cloud sign server provides various software standard interfaces and can keep an interface function client interface to perform encryption transmission of data. The signature process of the secure client can be completed through the cloud sign server software, as shown in fig. 7, the cloud sign device is connected, then the slot of the cloud sign device is opened, the slot certificate is obtained, and the cloud sign device is signed according to the slot certificate.
As shown in fig. 8, the cloud signing service certificate making process includes, first, connecting a cloud signing device including a slot and obtaining device information, initializing the device according to the device information, generating a key pair after initialization, importing the key pair into a certificate, and completing certificate making of the cloud signing service. After the certification is finished, the application can be opened and operated.
The application provides a cloud signs server based on tax certificate includes: the standard interface unit is used for providing standard interfaces of various cloud signing devices, and the interfaces finish the transmission of data of the signature verification unit in an encryption mode; the signature verification unit is used for receiving a signature request sent by the cloud signing equipment through the standard interface unit, reading a certificate of the cloud signing equipment and finishing signature and verification of the cloud signing equipment; and the multi-user remote use unit supports multiple users to access the cloud signature server through the client, and solves the problem of the requirement on the signature verification server with the domestic digital signature function and the digital signature verification function. Meanwhile, the system supports small, medium and large cloud signature servers with low cost, and the ten-thousand-yuan signature verification server is reduced to a hundred-yuan level. Meanwhile, the safety protection performance is very strong, and the characteristics of low cost, standard, compatibility, safety and the like are realized.
Finally, it should be noted that: although the present invention has been described in detail with reference to the above embodiments, it should be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the spirit and scope of the invention.

Claims (8)

1. A cloud sign server based on tax certificates, comprising:
the standard interface unit is used for providing standard interfaces of various cloud signing devices, and the interfaces finish the transmission of data of the signature verification unit in an encryption mode;
the signature verification unit is used for receiving a signature request sent by the cloud signing equipment through the standard interface unit, reading a certificate of the cloud signing equipment and finishing signature and verification of the cloud signing equipment;
and the multi-user remote use unit supports multiple users to access the cloud sign server through the client.
2. The server according to claim 1, wherein the standard interface unit is configured to provide a standard interface of a plurality of cloud sign devices, and includes:
a security client interface, a cryptographic interface, a CSP interface, and a PKCS #11 interface.
3. The server according to claim 1, wherein the cloud sign-on server is suitable for servers of A9\ A10 models.
4. The server of claim 1, wherein the cloud sign device comprises;
a multi-tax-number sealed disk and a PCIE password card.
5. The server of claim 4, wherein the multi-tax-number sealed disk and PCIE password card support not less than 65535Slot, and each Slot can store four applications of Default, RSA1024, RSA2048 and SM 2.
6. The server according to claim 5, wherein the Default is for P11 certificate applications, and RSA1024, RSA2048, SM2 is for national interface certificate applications.
7. The server of claim 6, further comprising:
RSA1024, RSA2048, SM2 correspond to digital certificates of the RSA1024 algorithm, RSA2048 algorithm, SM2 algorithm, respectively.
8. The server according to claim 1, wherein the interface performs the transmission of the signature verification unit data by means of encryption, and comprises:
the cloud sign device calls the function provided by the cloud sign server to carry out signature verification, the function name and the function parameter are transmitted to the cloud sign server in a ciphertext mode, and the server executes signature verification and returns a result.
CN201911406286.2A 2019-12-31 2019-12-31 Cloud signing server based on tax certificate Pending CN111162902A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911406286.2A CN111162902A (en) 2019-12-31 2019-12-31 Cloud signing server based on tax certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911406286.2A CN111162902A (en) 2019-12-31 2019-12-31 Cloud signing server based on tax certificate

Publications (1)

Publication Number Publication Date
CN111162902A true CN111162902A (en) 2020-05-15

Family

ID=70559897

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911406286.2A Pending CN111162902A (en) 2019-12-31 2019-12-31 Cloud signing server based on tax certificate

Country Status (1)

Country Link
CN (1) CN111162902A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101359991A (en) * 2008-09-12 2009-02-04 湖北电力信息通信中心 Identity-based public key cryptography private key escrow system
CN101447873A (en) * 2008-12-25 2009-06-03 杭州东信金融技术服务有限公司 Safe authentication and encrypted communication method
US20110167258A1 (en) * 2009-12-30 2011-07-07 Suridx, Inc. Efficient Secure Cloud-Based Processing of Certificate Status Information
CN103490892A (en) * 2013-08-28 2014-01-01 广东数字证书认证中心有限公司 Digital signing method and system, application server and cloud cipher server
US20190334713A1 (en) * 2018-04-28 2019-10-31 Alibaba Group Holding Limited Encryption Card, Electronic Device, and Encryption Service Method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101359991A (en) * 2008-09-12 2009-02-04 湖北电力信息通信中心 Identity-based public key cryptography private key escrow system
CN101447873A (en) * 2008-12-25 2009-06-03 杭州东信金融技术服务有限公司 Safe authentication and encrypted communication method
US20110167258A1 (en) * 2009-12-30 2011-07-07 Suridx, Inc. Efficient Secure Cloud-Based Processing of Certificate Status Information
CN103490892A (en) * 2013-08-28 2014-01-01 广东数字证书认证中心有限公司 Digital signing method and system, application server and cloud cipher server
US20190334713A1 (en) * 2018-04-28 2019-10-31 Alibaba Group Holding Limited Encryption Card, Electronic Device, and Encryption Service Method

Similar Documents

Publication Publication Date Title
AU2021370924B2 (en) Certificate based security using post quantum cryptography
US10938572B2 (en) Revocable biometric-based keys for digital signing
CN107483191B (en) A SM2 algorithm key segmentation signature system and method
JP7776239B2 (en) Hybrid Key Derivation for Securing Data
CN102307096B (en) Data cryption system for Pseudo-Rivest, Shamir and Adleman (RSA)-key-based recently public key cryptography algorithm
CN107070667A (en) Identity identifying method, user equipment and server
CN108173659B (en) Certificate management method and system based on UKEY equipment and terminal equipment
CA3164765A1 (en) Secure communication method and device based on identity authentication
CN108696360A (en) A kind of CA certificate distribution method and system based on CPK keys
US20220353074A1 (en) Systems and methods for minting a physical device based on hardware unique key generation
CN109981287A (en) A kind of code signature method and its storage medium
CN106851635B (en) A kind of distributed signature method and system of identity-based
CN111625852A (en) Electronic signature method based on document and user private key under hybrid cloud architecture
WO2021036511A1 (en) Method for data encryption, storage and reading, terminal device, and storage medium
CN110278086A (en) Compatibility method, device, terminal, system and storage medium based on CPK and PKI
CN109150528A (en) A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN108964892A (en) Generation method, application method, management system and the application system of trusted application mark
CN108418692A (en) The online wiring method of certification certificate
CN110445751B (en) Distributed information sharing method and system based on re-encryption
CN111162902A (en) Cloud signing server based on tax certificate
CN103023642B (en) A kind of mobile terminal and digital certificate functionality implementation method thereof
CN109005029A (en) Trusted application mark generation method and system, application method and apply end equipment
CN103346889A (en) Digital certificate authentication method, system, client-side and digital certificate carrier
CN115580863A (en) A method and system for real-name authentication of Internet of Vehicles card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200515