CN111192048B - Trusted security electronic certificate generation method - Google Patents
Trusted security electronic certificate generation method Download PDFInfo
- Publication number
- CN111192048B CN111192048B CN201911370247.1A CN201911370247A CN111192048B CN 111192048 B CN111192048 B CN 111192048B CN 201911370247 A CN201911370247 A CN 201911370247A CN 111192048 B CN111192048 B CN 111192048B
- Authority
- CN
- China
- Prior art keywords
- credential
- signature
- metadata
- filling
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000004048 modification Effects 0.000 claims description 18
- 238000012986 modification Methods 0.000 claims description 18
- 238000012795 verification Methods 0.000 claims description 13
- 238000004806 packaging method and process Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002354 daily effect Effects 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Abstract
The invention discloses a trusted security electronic certificate generation method, which comprises the following steps: step 1: generating a plurality of blank credential templates; step 2: selecting a blank credential template; step 3: acquiring a plurality of metadata and generating a signature index file according to information required by the selected blank credential template; step 4: filling metadata in a blank credential template aiming at one piece of metadata to generate a first intermediate credential; filling the credential signature corresponding to the metadata in the first intermediate credential in a multi-level signature mode, generating a second intermediate credential, and taking the second intermediate credential as a blank credential template; step 5: and (4) repeatedly executing the step for each metadata, acquiring the final second intermediate certificate and the index file, and generating a new electronic certificate. According to the invention, the electronic credential generation method is applied to the secure electronic credential format file, and the multi-level signature is used, so that the standardization of the electronic credential is effectively improved, and the problem of credibility of the secure electronic credential is solved.
Description
Technical Field
The invention belongs to the field of financial invoice management, and in particular relates to a trusted security electronic certificate generation method.
Background
In everyday life, traditional paper credentials exist in our lives as written evidence of legal effectiveness. Such as paper invoice certificates, asset transaction proof certificates, transaction certificates, and the like. In recent years, the internet is changing our daily lives with the rapid development of economy. The traditional paper evidence is replaced by the electronic evidence which is convenient, quick, safe and mature in technology. At the same time, electronic credentials will become a critical factor in the trustworthiness and security of electronic services. The electronic evidence is used as a product in the Internet age, and has higher requirements on credibility and usability in the use process, and related regulations in electronic signature law in China, such as equivalent legal effectiveness with handwritten signatures in original effectiveness and written form, can effectively present carried content and can provide related regulations such as ready access; secondly, the requirements of application development of the domestic cryptographic algorithm are met, and the domestic cryptographic algorithm is studied greatly; finally, the problems of how to quickly and conveniently access the related application of the electronic certificate, how to perform various verifications on the electronic certificate and the like of the third party service system are also required to be considered.
The existing electronic credential generation mode is: the electronic evidence issuer generates information for describing the specific content of the electronic evidence; generating a new electronic certificate with the random information of the blank electronic certificate and the content information, and generating a valid electronic certificate according to the blank electronic certificate, the electronic certificate information of the issuer and the signature of the electronic certificate issuer. However, the generation mode does not adopt a format file, the information content and the change record of the original electronic certificate cannot be accurately restored, the secure electronic certificate is not easy to trace, and the credibility is insufficient.
Therefore, there is a particular need for a method for generating a trusted secure electronic certificate, which can record the information content and change record of the original electronic certificate, and solve the problem of the trusted secure electronic certificate.
Disclosure of Invention
The invention aims to provide a trusted security electronic certificate generation method capable of recording the information content and change record of the original electronic certificate and solving the problem of the credibility of the security electronic certificate.
In order to achieve the above object, the present invention provides a trusted secure electronic certificate generation method, including: step 1: defining a credential type, and generating a plurality of blank credential templates and corresponding credential description files thereof; step 2: selecting a blank credential template according to the service demand; step 3: acquiring a plurality of metadata and generating a signature index file according to information required by the selected blank credential template; step 4: filling the metadata in the blank credential template for one piece of metadata to generate a first intermediate credential; filling a credential signature corresponding to the metadata in the first intermediate credential in a multi-level signature mode, generating a second intermediate credential, filling index information of the credential signature in a signature index file, and taking the second intermediate credential as a blank credential template; step 5: and (4) repeatedly executing the step for each metadata, acquiring the second intermediate certificate filled with a plurality of metadata and corresponding certificate signatures and a signature index file filled with index information of the corresponding certificate signatures, and packaging the second intermediate certificate and the index file to generate a new electronic certificate.
Preferably, in said step 3, said metadata is obtained by extraction from the original credentials or by manual entry.
Preferably, the original credential comprises data stored in structured data and data stored in unstructured data; when the data stored in the structured data are extracted, the identity verification information is output to the original credential; after the identity verification information passes verification, decrypting the data stored in the structured data, and reading the data stored in the structured data; and when the data stored in the unstructured data are extracted, extracting the file of the data stored in the unstructured data in the original credential.
Preferably, the step 4 further includes: before filling the metadata in the blank document template, generating an index file of data and an index file of resources.
Preferably, the metadata includes data stored in structured data and data stored in unstructured data, and the filling the metadata in the blank credential template, the generating the first intermediate credential specifically includes: when the metadata is data stored in the form of structured data, filling the acquired metadata stored in the form of structured data in the blank credential template in an encrypted form to generate a first intermediate credential; filling modification information of the credentials in the credential description file, and filling index information of data stored in structured data in an index file of the data; and when the metadata is data stored in unstructured data, filling the data stored in unstructured data in the first intermediate certificate, filling modification information of the certificate in the certificate description file, and filling index information of the data stored in unstructured data in an index file of the resource.
Preferably, the signing the credential corresponding to the metadata is filled in the first intermediate credential in a multi-level signature manner, generating a second intermediate credential, and filling the index information of the credential signature in a signature index file specifically includes: filling the credential signature in the first intermediate credential as an add credential signature of the present level; combining the added evidence signature of the level with the added evidence signature of the previous level to generate the added evidence signature of the next level, filling the added evidence signature of the next level in the first intermediate evidence, and generating a second intermediate evidence; adding modification information of the credential in the credential description file, and filling index information corresponding to the added credential signature of the present level and the added credential signature of the next level in the signature index file.
Preferably, the encapsulating the second intermediate credential and the index file, and generating the new electronic credential includes: and integrating the second intermediate certificate, the certificate description file, the index file of the data, the index file of the resource and the signature index file into a file package to generate a new electronic certificate.
Preferably, metadata stored in structured data is encrypted using an encryption algorithm based on a public key.
Preferably, the credential description file further includes a format attribute corresponding to the credential type, a service attribute, and a correspondence between various attributes.
Preferably, the trusted security electronic certificate generation method further includes: generating a state record file, and filling a credential state change record into the state record file when filling data into the blank credential template or the first intermediate credential.
The invention has the beneficial effects that: the trusted security electronic credential generation method forms a brand-new trusted security electronic credential generation method by applying the electronic credential generation method to the security electronic credential format file, effectively improves the standardization of the electronic credential by using the multi-level signature, solves the problem of the credibility of the security electronic credential by recording the information content and the change record of the electronic credential description file, improves the credibility and prevents tampering and repudiation. The safe electronic evidence generation mode provided by the invention can be applied to various electronic evidence, can be oriented to key applications such as internet electronic transaction, financial auditing, enterprise informatization and the like, and covers various electronic evidence such as electronic invoice, accounting evidence, electronic contract, financial non-tax income, electronic file and the like.
The method of the present invention has other features and advantages which will be apparent from or are set forth in detail in the accompanying drawings and the following detailed description, which are incorporated herein, and which together serve to explain certain principles of the invention.
Drawings
The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular descriptions of exemplary embodiments of the invention as illustrated in the accompanying drawings wherein like reference numbers generally represent like parts throughout the exemplary embodiments of the invention.
Fig. 1 shows a flow chart of a trusted secure electronic credential generation method according to one embodiment of the present invention.
Fig. 2 shows a multi-level signature block diagram of a trusted secure electronic credential generation method according to one embodiment of the present invention.
Detailed Description
Preferred embodiments of the present invention will be described in more detail below. While the preferred embodiments of the present invention are described below, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
The trusted security electronic certificate generation method comprises the following steps: step 1: defining a credential type, and generating a plurality of blank credential templates and corresponding credential description files thereof; step 2: selecting a blank credential template according to the service demand; step 3: acquiring a plurality of metadata and generating a signature index file according to information required by the selected blank credential template; step 4: filling metadata in a blank credential template aiming at one piece of metadata to generate a first intermediate credential; filling the credential signature corresponding to the metadata in a first intermediate credential in a multi-level signature mode, generating a second intermediate credential, filling index information of the credential signature in a signature index file, and taking the second intermediate credential as a blank credential template; step 5: and (4) repeatedly executing the step for each metadata, acquiring a second intermediate credential filled with a plurality of metadata and corresponding credential signatures and a signature index file filled with index information of the corresponding credential signatures, and packaging the second intermediate credential and the index file to generate a new electronic credential.
Specifically, the credential type needs to be configured first. The credential types are defined and described in a rule file. Other format attributes and business attributes are also defined and described in the rule file. And the correspondence between the various attributes is also described in the rule file. When blank credential templates are created according to the configured credential types, one credential type is selected in a generating tool, and the blank credential templates and corresponding credential description files are generated, wherein the corresponding credential types are written in the credential description files. Meanwhile, format attributes and service attributes corresponding to the defined credential types, for example: the format and the inclusion relation are also written into the document description file. Other format attributes and business attributes, such as access identity, operation rights, expiration date, etc., may be configured in the package generation tool.
The client selects one type of evidence according to the service requirement, namely selects a corresponding blank evidence template and evidence description file, and acquires a plurality of metadata according to the information required to be filled in by the blank evidence template; filling a data element in a blank credential template to generate a first intermediate credential; filling the credential signature corresponding to the metadata in a first intermediate credential in a multi-level signature mode to generate a second intermediate credential, filling index information of the credential signature in a newly established signature index file, and taking the second intermediate credential as a blank credential template; and until each metadata and the corresponding evidence signature are filled in the evidence and the index information of the corresponding evidence signature is filled in the signature index file, acquiring a second intermediate evidence filled with a plurality of metadata and the corresponding evidence signature and the signature index file filled with the index information of the corresponding evidence signature, and packaging the second intermediate evidence and the index file to generate a new electronic evidence.
According to the method for generating the trusted security electronic evidence, the electronic evidence generating method is applied to the security electronic evidence format file, so that a brand new method for generating the trusted security electronic evidence is formed, each resource file and the whole file are marked by using multi-layer signatures, the data structure of the original electronic evidence is reserved, the standardization of the electronic evidence is effectively improved, the information content and the change record of the electronic evidence are recorded through the evidence description file, the problem of the credibility of the security electronic evidence is solved, the credibility is improved, and the tampering and repudiation are prevented. The trusted security electronic evidence generation method can be applied to various electronic evidence, can be oriented to key applications such as internet electronic transaction, financial auditing, enterprise informatization and the like, and covers various electronic evidence such as electronic invoice, accounting evidence, electronic contract, financial non-tax income, electronic file and the like.
Preferably, in step 3, the metadata is obtained by extraction from the original credentials or by manual entry.
Preferably, the original credential comprises data stored in structured data and data stored in unstructured data; when data stored in the structured data are extracted, the identity verification information is output to the original credential; after the identity verification information passes the verification, decrypting the data stored in the structured data, and reading the data stored in the structured data; when data stored in unstructured data is extracted, a file of the data stored in unstructured data in the original credential is extracted.
Specifically, when accessing data stored in the original credential as structured data, the authentication operation role and the access identity are sent to the original credential, and when the authentication operation role and the access identity pass authentication, an operator with data access authority decrypts the read data by using own private key. For data stored in the original credentials as structured data, the storage may be directly consolidated. For the storage of unstructured data in the original credentials, an automatic file extraction and automatic storage mode is provided. The operator identity data acquisition is read from its identity CA.
Preferably, step 4 further includes: before filling the metadata in the blank credential template, an index file of data and an index file of resources are generated.
Specifically, before the first metadata is filled in, an index file of the data and an index file of the resource are also generated.
Preferably, the metadata includes data stored in structured data and data stored in unstructured data, the metadata is filled in a blank credential template, and the generating the first intermediate credential specifically includes: when the metadata is data stored in the form of structured data, filling the acquired metadata stored in the form of structured data in a blank credential template in an encrypted form to generate a first intermediate credential; filling modification information of the credentials in the credential description file, and filling index information of the data stored in the structured data in the index file of the data; when the metadata is data stored in unstructured data, the data stored in unstructured data is filled in a first intermediate certificate, modification information of the certificate is filled in a certificate description file, and index information of the data stored in unstructured data is filled in an index file of the resource.
Specifically, when the metadata is data stored in the structured data, the acquired metadata stored in the structured data is filled in a blank credential template in an encrypted form, a first intermediate credential is generated, modification information of the credential is filled in a credential description file, and then index information of the data stored in the structured data is filled in an index file of the data; when the metadata is data stored in unstructured data, the data stored in unstructured data is filled in a first intermediate certificate, modification information of the certificate is filled in a certificate description file, and index information of the data stored in unstructured data is filled in an index file of the resource.
As a preferred scheme, filling the credential signature corresponding to the metadata in the first intermediate credential in a multi-level signature manner, generating the second intermediate credential, and filling the index information of the credential signature in the signature index file specifically includes: filling the credential signature in a first intermediate credential as an add credential signature of the present level; combining the added evidence signature of the level with the added evidence signature of the previous level to generate the added evidence signature of the next level, filling the added evidence signature of the next level in the first intermediate evidence, and generating a second intermediate evidence; adding modification information of the credential in the credential description file, and filling index information corresponding to the added credential signature of the present level and the added credential signature of the next level in the signature index file.
Specifically, the credential signatures are stored hierarchically, with each hierarchy storing at most one credential signature. Each credential signature corresponds to a scope, and the signature is valid for data and resource files within the scope. Each credential signature has one to several signature attributes, which typically include creation, combination, etc.
For example, after filling the first metadata, filling the corresponding first credential signature in the first intermediate credential as an add credential signature of level 1, adding modification information of the credential in the credential description file, and filling index information corresponding to the add credential signature of level 1 in the signature index file; after filling in the second metadata, filling in the corresponding second evidence signature in the first intermediate evidence to serve as an add evidence signature of the level 2, combining the add evidence signature of the level 2 with the add evidence signature of the level 1 to generate an add evidence signature of the level 3, and filling in the add evidence signature of the level 3 in the first intermediate evidence to generate the second intermediate evidence; adding modification information of the credential in the credential description file, and filling index information corresponding to the added credential signature of the level 2 and the added credential signature of the level 3 in the signature index file; after filling in the third metadata, filling in the corresponding third credential signature in the first intermediate credential as an add credential signature of the level 4, combining the add credential signature of the level 4 with the add credential signature of the level 3 to generate an add credential signature of the level 5, and filling in the add credential signature of the level 5 in the first intermediate credential to generate a second intermediate credential; adding modification information of the credential in the credential description file, filling index information corresponding to the added credential signature of the level 4 and the added credential signature of the level 5 in the signature index file, and the like until the credential signatures corresponding to all metadata are filled out.
As a preferred solution, encapsulating the second intermediate credential and the index file, generating the new electronic credential includes: integrating the second intermediate certificate, the certificate description file, the index file of the data, the index file of the resource and the signature index file into a file package to generate a new electronic certificate.
Specifically, during packaging, in order not to destroy the signature of the data file in the original credential, the data file, the resource file with the signature and the index file of the corresponding data and the index file of the resource in the original credential are independently stored, the second intermediate credential and the credential description file, the index file of the data, the index file of the resource, the signature index file, the data file with the signature in the original credential and the resource file are integrated into a file package, and a new electronic credential is generated.
Preferably, the metadata stored as structured data is encrypted using an encryption algorithm based on the public key.
Specifically, the metadata stored in the structured data is stored in the credential in encrypted form using a public key with an encryption algorithm.
As a preferred solution, the credential description file further includes format attributes, service attributes, and correspondence between various attributes corresponding to the credential types.
As a preferred solution, the trusted security electronic certificate generation method further includes: generating a state record file, and filling a credential state change record into the state record file when filling data into the blank credential template or the first intermediate credential.
Specifically, a status record file is generated for recording various operation information each time the electronic certificate changes. When the blank credential template or the first intermediate credential changes, a new state change record is added to the state record file through an operation tool, and the attribute in the change record is marked through the current operation tool, wherein the marked attribute comprises a business state, an operation result, an operation behavior, an operation object, an operation identity and an operation time. If the operation result is "failure", the generation of new credentials is not affected, but the attribute of the package state is marked as "operation failure", and the file with the package state of "operation failure" can be revised again until the package state is "normal".
Examples
Fig. 1 shows a flow chart of a trusted secure electronic credential generation method according to one embodiment of the present invention. Fig. 2 shows a multi-level signature block diagram of a trusted secure electronic credential generation method according to one embodiment of the present invention.
As shown in fig. 1 and 2, the trusted security electronic certificate generation method includes:
step 1: defining a credential type, and generating a plurality of blank credential templates and corresponding credential description files thereof;
step 2: selecting a blank credential template according to the service demand;
step 3: acquiring a plurality of metadata and generating a signature index file according to information required by the selected blank credential template;
wherein in step 3, metadata is obtained by extracting or manually entering from the original credentials.
Wherein the original credential comprises data stored in structured data and data stored in unstructured data; when data stored in the structured data are extracted, the identity verification information is output to the original credential; after the identity verification information passes the verification, decrypting the data stored in the structured data, and reading the data stored in the structured data; when data stored in unstructured data is extracted, a file of the data stored in unstructured data in the original credential is extracted.
Step 4: filling metadata in a blank credential template aiming at one piece of metadata to generate a first intermediate credential; filling the credential signature corresponding to the metadata in a first intermediate credential in a multi-level signature mode, generating a second intermediate credential, filling index information of the credential signature in a signature index file, and taking the second intermediate credential as a blank credential template;
wherein, step 4 further includes: before filling the metadata in the blank credential template, an index file of data and an index file of resources are generated.
Wherein the metadata includes data stored in structured data and data stored in unstructured data, filling the metadata in a blank credential template, and generating a first intermediate credential specifically includes: when the metadata is data stored in the form of structured data, filling the acquired metadata stored in the form of structured data in a blank credential template in an encrypted form to generate a first intermediate credential; filling modification information of the credentials in the credential description file, and filling index information of the data stored in the structured data in the index file of the data; when the metadata is data stored in unstructured data, the data stored in unstructured data is filled in a first intermediate certificate, modification information of the certificate is filled in a certificate description file, and index information of the data stored in unstructured data is filled in an index file of the resource.
Wherein metadata stored in structured data is encrypted using an encryption algorithm based on the public key.
Filling the credential signature corresponding to the metadata in the first intermediate credential in a multi-level signature mode, generating a second intermediate credential, and filling index information of the credential signature in a signature index file specifically comprises: filling the credential signature in a first intermediate credential as an add credential signature of the present level; combining the added evidence signature of the level with the added evidence signature of the previous level to generate the added evidence signature of the next level, filling the added evidence signature of the next level in the first intermediate evidence, and generating a second intermediate evidence; adding modification information of the credential in the credential description file, and filling index information corresponding to the added credential signature of the present level and the added credential signature of the next level in the signature index file.
Step 5: and (4) repeatedly executing the step for each metadata, acquiring a second intermediate credential filled with a plurality of metadata and corresponding credential signatures and a signature index file filled with index information of the corresponding credential signatures, and packaging the second intermediate credential and the index file to generate a new electronic credential.
Wherein, encapsulate the second intermediate credential and the index file, generating the new electronic credential includes: integrating the second intermediate certificate, the certificate description file, the index file of the data, the index file of the resource and the signature index file into a file package to generate a new electronic certificate.
The document description file also comprises format attributes corresponding to the document types, business attributes and corresponding relations among various attributes.
The trusted security electronic credential generation method further comprises the following steps: generating a state record file, and filling a credential state change record into the state record file when filling data into the blank credential template or the first intermediate credential.
The foregoing description of embodiments of the invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described.
Claims (9)
1. A method of trusted secure electronic credential generation, comprising:
step 1: defining a credential type, and generating a plurality of blank credential templates and corresponding credential description files thereof;
step 2: selecting a blank credential template according to the service demand;
step 3: acquiring a plurality of metadata and generating a signature index file according to information required by the selected blank credential template;
step 4: filling the metadata in the blank credential template for one piece of metadata to generate a first intermediate credential; filling a credential signature corresponding to the metadata in the first intermediate credential in a multi-level signature mode, generating a second intermediate credential, filling index information of the credential signature in a signature index file, and taking the second intermediate credential as a blank credential template;
the multi-level signature mode specifically comprises the following steps: filling the credential signature in the first intermediate credential as an add credential signature of the present level; combining the added evidence signature of the level with the added evidence signature of the previous level to generate the added evidence signature of the next level, filling the added evidence signature of the next level in the first intermediate evidence, and generating the second intermediate evidence;
adding modification information of the evidence in the evidence description file, and filling index information corresponding to the signature of the added evidence of the current level and the signature of the added evidence of the next level in the signature index file;
step 5: repeatedly executing step 4 for each metadata, obtaining the second intermediate evidence filled with a plurality of metadata and corresponding evidence signatures and a signature index file filled with index information of the corresponding evidence signatures, packaging the second intermediate evidence and the index file, and generating a new electronic evidence;
the index file includes a credential description file and a signature index file.
2. The method of claim 1, wherein in step 3, the metadata is obtained by extraction from an original credential or by manual entry.
3. The trusted secure electronic credential generation method of claim 2, wherein the original credential includes data stored as structured data and data stored as unstructured data therein;
when the data stored in the structured data are extracted, the identity verification information is output to the original credential; after the identity verification information passes verification, decrypting the data stored in the structured data, and reading the data stored in the structured data;
and when the data stored in the unstructured data are extracted, extracting the file of the data stored in the unstructured data in the original credential.
4. The method for generating trusted security electronic credentials of claim 1, wherein said step 4 further comprises:
before filling the metadata in the blank document template, generating an index file of data and an index file of resources.
5. The method of generating trusted security electronic credentials of claim 4, wherein the metadata comprises data stored as structured data and data stored as unstructured data, wherein filling the metadata in the blank credential template, generating a first intermediate credential specifically comprises:
when the metadata is data stored in the form of structured data, filling the acquired metadata stored in the form of structured data in the blank credential template in an encrypted form to generate a first intermediate credential; filling modification information of the credentials in the credential description file, and filling index information of data stored in structured data in an index file of the data;
and when the metadata is data stored in unstructured data, filling the data stored in unstructured data in the first intermediate certificate, filling modification information of the certificate in the certificate description file, and filling index information of the data stored in unstructured data in an index file of the resource.
6. The method of claim 5, wherein the encapsulating the second intermediate credential and the index file to generate a new electronic credential comprises:
and integrating the second intermediate certificate, the certificate description file, the index file of the data, the index file of the resource and the signature index file into a file package to generate a new electronic certificate.
7. The trusted security electronic credential generation method of claim 5, wherein metadata stored in structured data is encrypted using an encryption algorithm based on a public key.
8. The method of claim 1, wherein the trusted security electronic credential is generated,
the document description file also comprises format attributes corresponding to the document types, business attributes and corresponding relations among various attributes.
9. The trusted security electronic credential generation method of claim 1, further comprising:
generating a state record file, and filling a credential state change record into the state record file when filling data into the blank credential template or the first intermediate credential.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911370247.1A CN111192048B (en) | 2019-12-26 | 2019-12-26 | Trusted security electronic certificate generation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911370247.1A CN111192048B (en) | 2019-12-26 | 2019-12-26 | Trusted security electronic certificate generation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111192048A CN111192048A (en) | 2020-05-22 |
| CN111192048B true CN111192048B (en) | 2023-11-03 |
Family
ID=70707566
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911370247.1A Active CN111192048B (en) | 2019-12-26 | 2019-12-26 | Trusted security electronic certificate generation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111192048B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104392184A (en) * | 2014-11-13 | 2015-03-04 | 北京海泰方圆科技有限公司 | Multi-stage electronic file record generating and checking method |
| CN104715401A (en) * | 2013-12-17 | 2015-06-17 | 航天信息股份有限公司 | Electronic invoice issuing system and method |
| CN104715402A (en) * | 2013-12-17 | 2015-06-17 | 航天信息股份有限公司 | Electronic invoice generation method based on digital signatures |
| CN105096172A (en) * | 2015-06-12 | 2015-11-25 | 北京京东尚科信息技术有限公司 | Electronic invoice generating and processing method and system based on e-commerce platform |
| CN106685665A (en) * | 2017-01-24 | 2017-05-17 | 广州天宁信息技术有限公司 | Valid electronic credential generation and public verification method, device and system |
| CN108921627A (en) * | 2018-06-07 | 2018-11-30 | 国信电子票据平台信息服务有限公司 | A kind of method and system generating electronic invoice OFD layout files |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102855587A (en) * | 2012-08-20 | 2013-01-02 | 清华大学 | Electronic invoice generating system for electronic commerce website |
| US9846867B2 (en) * | 2013-11-20 | 2017-12-19 | Mastercard International Incorporated | System and method for point-of-sale electronic receipt generation and management |
| WO2016160052A1 (en) * | 2015-03-31 | 2016-10-06 | Paradigm, Inc. | Systems and methods for generating and validating certified electronic credentials |
-
2019
- 2019-12-26 CN CN201911370247.1A patent/CN111192048B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104715401A (en) * | 2013-12-17 | 2015-06-17 | 航天信息股份有限公司 | Electronic invoice issuing system and method |
| CN104715402A (en) * | 2013-12-17 | 2015-06-17 | 航天信息股份有限公司 | Electronic invoice generation method based on digital signatures |
| CN104392184A (en) * | 2014-11-13 | 2015-03-04 | 北京海泰方圆科技有限公司 | Multi-stage electronic file record generating and checking method |
| CN105096172A (en) * | 2015-06-12 | 2015-11-25 | 北京京东尚科信息技术有限公司 | Electronic invoice generating and processing method and system based on e-commerce platform |
| CN106685665A (en) * | 2017-01-24 | 2017-05-17 | 广州天宁信息技术有限公司 | Valid electronic credential generation and public verification method, device and system |
| CN108921627A (en) * | 2018-06-07 | 2018-11-30 | 国信电子票据平台信息服务有限公司 | A kind of method and system generating electronic invoice OFD layout files |
Non-Patent Citations (2)
| Title |
|---|
| Saurabh Panjwani 等.Practical receipt authentication for branchless banking.ACM DEV '13: Proceedings of the 3rd ACM Symposium on Computing for Development.2013,第1-10页. * |
| 柴跃廷 等.电子发票管理与公共服务体系设计与实现.清华大学学报(自然科学版).2018,第58卷(第6期),第598-602页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111192048A (en) | 2020-05-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11025433B1 (en) | Secure ledger assurance tokenization | |
| US10715334B2 (en) | Methods and apparatus for validating a digital signature | |
| US11902601B2 (en) | System and techniques for digital data lineage verification | |
| CN111932426B (en) | Identity management method, device and equipment based on trusted hardware | |
| US20190095909A1 (en) | Method and system for controlling the performance of a contract using a distributed hash table and a peer-to-peer distributed ledger | |
| CN111814195B (en) | Data management method, device and equipment based on trusted hardware | |
| CN111814196B (en) | Data processing method, device and equipment | |
| WO2001095125A1 (en) | Processing electronic documents with embedded digital signatures | |
| CN109493048B (en) | Financial accounting method, device, equipment and storage medium based on block chain | |
| CN107330304B (en) | Safe production method and device of electronic certificate | |
| CN113408259B (en) | Method, system, device and storage medium for filling in file based on blockchain | |
| CN112487042B (en) | Electric energy metering data processing method, device, computer equipment and storage medium | |
| US11301823B2 (en) | System and method for electronic deposit and authentication of original electronic information objects | |
| CN113672991A (en) | Public electronic contract contracting method based on block chain technology | |
| CN110493011B (en) | Block chain-based certificate issuing management method and device | |
| CN111192048B (en) | Trusted security electronic certificate generation method | |
| CN113297632B (en) | System and method for managing traceable and field-verified paper report certificates based on blockchain | |
| CN114511431A (en) | Service processing method, device and medium based on block chain | |
| KR20050078402A (en) | A system for verifying forged electronic documents of electronic document and a method using thereof | |
| CN112559974A (en) | Picture copyright protection method, equipment and medium based on block chain | |
| CN110598374A (en) | Block chain-based work registration method, device and computer-readable storage medium | |
| Petcu et al. | A Practical Implementation Of A Digital Document Signature System Using Blockchain | |
| KR100934741B1 (en) | A method and apparatus for storing electronic documents, a method and apparatus for distributing electronic documents, and a recording medium having recorded thereon a program for performing the method. | |
| Sanchez et al. | using microsoft office infopath to generate XACML policies | |
| CN111404662B (en) | Data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |