CN111915416A - Method and system for authenticating invoice based on micro-service - Google Patents
Method and system for authenticating invoice based on micro-service Download PDFInfo
- Publication number
- CN111915416A CN111915416A CN202010598753.2A CN202010598753A CN111915416A CN 111915416 A CN111915416 A CN 111915416A CN 202010598753 A CN202010598753 A CN 202010598753A CN 111915416 A CN111915416 A CN 111915416A
- Authority
- CN
- China
- Prior art keywords
- authentication
- invoice
- invoice data
- microservice
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000012545 processing Methods 0.000 claims abstract description 52
- 238000012795 verification Methods 0.000 claims abstract description 41
- 238000004891 communication Methods 0.000 claims abstract description 40
- 238000005516 engineering process Methods 0.000 claims description 16
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 claims description 11
- 239000010931 gold Substances 0.000 claims description 11
- 229910052737 gold Inorganic materials 0.000 claims description 11
- 238000010200 validation analysis Methods 0.000 claims 1
- 238000013475 authorization Methods 0.000 description 5
- 238000012937 correction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000011112 process operation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/10—Tax strategies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Development Economics (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Health & Medical Sciences (AREA)
- Finance (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- Medical Informatics (AREA)
- General Business, Economics & Management (AREA)
- Marketing (AREA)
- Economics (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method and a system for authenticating invoices based on micro-service, wherein the method comprises the following steps: acquiring invoice data to be authenticated, and encrypting the invoice data; sending an authentication request to a secure channel, and acquiring a user certificate and user identification information of the tax control equipment based on the secure channel; the secure channel verifies the authentication request; when the authentication request passes the verification, generating a communication message comprising the encrypted invoice data, and sending the communication message to a unified acceptance system; the unified acceptance system sends the received communication message to a processing preposed system; sending the communication message to an invoice authentication microservice through a processing front-end system; analyzing the communication message through the invoice authentication micro-service to obtain analyzed and encrypted invoice data; decrypting the encrypted invoice data to obtain decrypted invoice data; and authenticating the decrypted invoice data, acquiring an authentication result, and storing the authentication result.
Description
Technical Field
The invention relates to the technical field of invoice data security, in particular to a method and a system for authenticating an invoice based on micro-service.
Background
The 'operation change and increase' is implemented comprehensively in our country, and relates to the expansion of industries to multiple industries such as finance, insurance, building, service and the like, the number of value-added tax invoices is continuously increased, and the invoices are certified into a work content with higher pressure for tax paying enterprises and tax authorities. The tax payment enterprise mainly completes the authentication work of the value-added tax invoice through hall authentication, online authentication and tax self-service terminal authentication.
In fact, most enterprises prefer to select online authentication to finish the authentication of the value-added tax invoices, because the enterprises can finish invoice authentication without leaving a house, and authentication time and the number of the authentication invoices can be independently selected according to the conditions of the enterprises, so that the method is more convenient and practical especially for medium and large enterprises with large ticket amount.
However, with the continuous development of internet technology, the problems of hacking and information disclosure are more and more emphasized by people, and the online invoice authentication system is a problem that needs special attention in relation to information security of enterprises, and more in relation to tax security of countries.
In the prior art (application for invoice authentication system and method supporting various invoice types), after an authentication client acquires invoice information, the invoice information is encrypted and then directly transmitted to a handling system of a tax bureau side through the internet, and the handling system transfers an authentication request to an authentication processing system for invoice authentication. Although it can be guaranteed that the transmitted information is encrypted, the transmission channel itself is not specially encrypted, and the tax office network is not specially optimized for security and performance.
The prior art (application for a micro-service calling architecture) is to establish a micro-service architecture, which has flexible form and high efficiency, but is not applied to authentication service at present. With the continuous development of internet technology, the problems of hacker attack and information disclosure become more and more serious, and the invoice authentication system of the tax bureau is related to the national tax security and the information security of enterprises, which are problems that need special attention.
Disclosure of Invention
The technical scheme of the invention provides a method and a system for authenticating an invoice based on micro-service, so as to solve the problem of how to safely authenticate the invoice.
In order to solve the above problems, the present invention provides a method for authenticating an invoice based on a microservice, the method comprising:
acquiring invoice data to be authenticated, and encrypting the invoice data;
sending an authentication request to a secure channel, and acquiring a user certificate and user identification information of the tax control equipment based on the secure channel;
the secure channel verifies the authentication request based on the user certificate and the user identification information;
when the authentication request passes the verification, generating a communication message comprising the invoice data subjected to encryption processing, and sending the communication message to a unified acceptance system;
the unified acceptance system sends the received communication message to a processing front-end system of the intranet;
sending the communication message to an invoice authentication microservice of an intranet through the processing front-end system;
analyzing the communication message through the invoice authentication micro-service to obtain analyzed and encrypted invoice data; decrypting the encrypted invoice data to obtain decrypted invoice data; and authenticating the decrypted invoice data, acquiring an authentication result, and storing the authentication result.
Preferably, the acquiring invoice data to be authenticated and encrypting the invoice data includes:
acquiring invoice data by scanning the invoice or identifying the two-dimensional code of the invoice;
the invoice data is encrypted by PKI technology.
Preferably, the tax control apparatus comprises: a gold tax disk and a tax control disk.
Preferably, the method further comprises the following steps:
feeding the authentication result back to the processing front-end system of the intranet, and sending the authentication result to a unified acceptance system through the processing front-end system;
and feeding back the authentication result to the user through the secure channel by the unified acceptance system.
Preferably, the invoice authentication micro-service comprises a verification micro-service, a decryption micro-service and a warehousing micro-service;
the authority of the user is verified through the verification micro service;
decrypting the encrypted invoice data through the decryption micro-service to obtain decrypted invoice data; authenticating the decrypted invoice data to obtain an authentication result;
and storing the authentication result through the warehousing microservice.
Based on another aspect of the present invention, the present invention provides a system for authenticating invoices based on a micro service, comprising:
the system comprises an acquisition unit, a verification unit and a verification unit, wherein the acquisition unit is used for acquiring invoice data to be authenticated and encrypting the invoice data;
the request unit is used for sending an authentication request to a secure channel and acquiring a user certificate and user identification information of the tax control equipment based on the secure channel;
a verification unit, which verifies the authentication request based on the user certificate and the user identification information;
the first sending unit is used for generating a communication message comprising the invoice data subjected to encryption processing when the authentication request passes verification, and sending the communication message to a unified acceptance system; the unified acceptance system sends the received communication message to a processing front-end system of the intranet;
the second sending unit is used for sending the communication message to invoice authentication microservice of an intranet through the processing front-end system;
the authentication unit is used for analyzing the communication message through the invoice authentication microservice to obtain analyzed and encrypted invoice data; decrypting the encrypted invoice data to obtain decrypted invoice data; and authenticating the decrypted invoice data, acquiring an authentication result, and storing the authentication result.
Preferably, the acquiring invoice data to be authenticated and encrypting the invoice data includes:
acquiring invoice data by scanning the invoice or identifying the two-dimensional code of the invoice;
the invoice data is encrypted by PKI technology.
Preferably, the tax control apparatus comprises: a gold tax disk and a tax control disk.
Preferably, further for:
feeding the authentication result back to the processing front-end system of the intranet, and sending the authentication result to a unified acceptance system through the processing front-end system;
and feeding back the authentication result to the user through the secure channel by the unified acceptance system.
Preferably, the invoice authentication micro-service comprises a verification micro-service, a decryption micro-service and a warehousing micro-service;
the authority of the user is verified through the verification micro service;
decrypting the encrypted invoice data through the decryption micro-service to obtain decrypted invoice data; authenticating the decrypted invoice data to obtain an authentication result;
and storing the authentication result through the warehousing microservice.
The technical scheme of the invention provides a method and a system for authenticating invoices based on micro-service, wherein the method comprises the following steps: acquiring invoice data to be authenticated, and encrypting the invoice data; sending an authentication request to a secure channel, and acquiring a user certificate and user identification information of the tax control equipment based on the secure channel; the secure channel verifies the authentication request based on the user certificate and the user identification information; when the authentication request passes the verification, generating a communication message comprising the encrypted invoice data, and sending the communication message to a unified acceptance system; the unified acceptance system sends the received communication message to a processing front-end system of the intranet; sending the communication message to invoice authentication micro-service of an intranet through a processing front-end system; analyzing the communication message through the invoice authentication micro-service to obtain analyzed and encrypted invoice data; decrypting the encrypted invoice data to obtain decrypted invoice data; and authenticating the decrypted invoice data, acquiring an authentication result, and storing the authentication result. The technical scheme of the invention is based on the existing online authentication encryption technology, an enterprise certificate is obtained by means of a gold tax disk or a tax control disk of an enterprise as the identity authentication of the enterprise, the identity authentication of two-way handshake is carried out with a unified acceptance system deployed on an external network by a tax office, an authentication request is forwarded to a processing preposition of an internal network of the tax office by the unified acceptance system after the authentication is passed, the authentication request is synchronized to an external network gateway by the processing preposition, the authentication request message is finally sent to an invoice authentication micro-service by the external network gateway, and the authentication micro-service respectively calls an authorization check micro-service, a decryption micro-service and a warehousing micro-service after the invoice authentication micro-service analyzes the authentication request message, thereby finally realizing the authentication of the invoice. The application of the system can improve the performance and the safety of the tax bureau invoice authentication service. According to the technical scheme, the security performance of the internal network of the tax bureau terminal is improved, and the architecture mode is improved, so that the security and the efficiency of online invoice authentication can be improved, and the information security and the smoothness of an authentication channel of a tax bureau system and an enterprise can be guaranteed.
Drawings
A more complete understanding of exemplary embodiments of the present invention may be had by reference to the following drawings in which:
FIG. 1 is a flow chart of a method for authenticating invoices based on a microservice, in accordance with a preferred embodiment of the present invention;
FIG. 2 is a flow chart of a method for authenticating invoices based on a microservice, in accordance with a preferred embodiment of the present invention;
FIG. 3 is a flowchart of a method for authenticating invoices based on a microservice, in accordance with a preferred embodiment of the present invention; and
fig. 4 is a block diagram of a system for authenticating invoices based on a microservice, according to a preferred embodiment of the present invention.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the embodiments described herein, which are provided for complete and complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.
Unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
Fig. 1 is a flowchart of a method for authenticating invoices based on a microservice according to a preferred embodiment of the present invention. The invention provides a tax bureau invoice authentication micro-service form, which is a method and a system for realizing invoice authentication by performing data interaction between an authentication client and the micro-service. The authentication client encrypts the acquired data to be authenticated, the encrypted data is spliced with a service message and a technical message, the service message and the technical message are bidirectionally authenticated through an SSL (secure socket layer) security channel and then are sent to a unified acceptance system of a tax bureau external network through the Internet, the unified acceptance system is forwarded to a processing preposition system of an internal network of the tax bureau, an authentication request is synchronized to an external network gateway after the processing preposition, the external network gateway finally sends the authentication request message to an invoice authentication micro-service, and the invoice authentication micro-service respectively calls an authorization check micro-service, a decryption micro-service and a warehousing micro-service after analyzing the authentication request message, so that the invoice authentication is finally realized. The invention can improve the performance and the safety of the tax office invoice authentication service. Meanwhile, each micro-service of the system can also be applied to other related service fields, so that the tax office system can be more flexible and efficient.
As shown in fig. 1, the present invention provides a method for authenticating an invoice based on a microservice, which includes:
preferably, in step 101: acquiring invoice data to be authenticated, and encrypting the invoice data. Preferably, the acquiring invoice data to be authenticated and the encrypting process of the invoice data include: acquiring invoice data by scanning the invoice or identifying the two-dimensional code of the invoice; the invoice data is encrypted by PKI technology.
The online authentication client side obtains invoice information to be authenticated and carries out encryption processing. The online authentication client side obtains invoice data through invoice scanning or invoice two-dimensional code identification, obtains invoice information to be authenticated by matching with manual correction of a user, and encrypts the information to be authenticated transmitted by a network by using a Public Key Infrastructure (PKI) technology, namely an encryption mode combining a symmetric encryption technology DES and an asymmetric encryption technology RSA.
Preferably, at step 102: and sending an authentication request to the secure channel, and acquiring the user certificate and the user identification information of the tax control equipment based on the secure channel. Preferably, the tax control apparatus comprises: a gold tax disk and a tax control disk.
Preferably, in step 103: the secure channel verifies the authentication request based on the user credentials and the user identification information.
Preferably, at step 104: and when the authentication request passes the verification, generating a communication message comprising the encrypted invoice data, and sending the communication message to the unified acceptance system.
The online authentication client reads the tax number, the tax disk number and the certificate in the gold tax disk or the tax control disk, uniformly accepts and accepts system requirements according to tax authorities, assembles service messages and technical messages according to different service functions, and sends a handshake request to the secure access. And after the secure access channel receives the request, the functions of signature verification and certificate authentication are completed. And after the verification is passed, accessing the tax bureau unified acceptance system.
Preferably, at step 105: and the unified acceptance system sends the received communication message to the processing front-end system.
Preferably, at step 106: and sending the communication message to invoice authentication micro-service of an intranet through a processing front-end system.
Preferably, in step 107: analyzing the communication message through the invoice authentication micro-service to obtain analyzed and encrypted invoice data; decrypting the encrypted invoice data to obtain decrypted invoice data; and authenticating the decrypted invoice data, acquiring an authentication result, and storing the authentication result.
Preferably, the invoice authentication micro-service comprises a verification micro-service, a decryption micro-service and a warehousing micro-service; the authority of the user is verified through the verification micro service; decrypting the encrypted invoice data through the decryption micro-service to obtain decrypted invoice data; authenticating the decrypted invoice data to obtain an authentication result; and storing the authentication result through the warehousing microservice.
The unified acceptance system forwards the authentication request to a processing preposition system of the internal network of the tax office, the processing preposition system synchronizes the authentication request to an external network gateway, and the external network gateway finally sends the authentication request message to invoice authentication microservice. The micro-service can simultaneously process the authentication request from the online authentication user, the authentication request of the tax bureau side hall authentication and the authentication request of the self-service tax handling terminal.
The invention carries out authentication message analysis through the invoice authentication micro-service, and sends the analyzed taxpayer information to the authorization verification micro-service for authority verification. And sending the analyzed invoice to-be-authenticated information to the decryption microservice for invoice decryption and authentication after the verification is passed. And after the decryption is passed, the invoice authentication microservice sends the authentication result to the warehousing microservice for authentication information storage. As shown in fig. 3.
Preferably, the method further comprises the following steps: feeding back the authentication result to the processing front-end system, and sending the authentication result to the unified acceptance system through the processing front-end system; and feeding back the authentication result to the user through a secure channel by the unified acceptance system.
The invoice authentication microservice returns the final authentication result to the direct processing preposition in the original way, and the processing preposition forwards the authentication result to the unified acceptance system of the external network. And finally returning the authentication result to the online authentication client through the security access channel by the unified acceptance system, and giving a prompt whether the user passes the authentication after the client analyzes the returned result. And finally completing the invoice authentication process. As shown in fig. 2.
The online authentication client of the embodiment of the invention needs to be used in cooperation with a gold tax disk and a tax control disk, and the security verification of the security access unified acceptance system is completed by reading the information and the certificate of the tax disk; the unified acceptance platform of the tax office end outer network forwards the request data subjected to information security verification to a processing prepositive system of the tax office end inner network, the processing prepositive system synchronizes an authentication request to an outer network gateway, and the outer network gateway finally sends an authentication request message to invoice authentication microservice; the invention decomposes the original online authentication processing system into invoice authentication micro-service (mainly used for invoice authentication main process operation), authority verification micro-service, decryption micro-service and warehousing micro-service. The invoice authentication micro-service supports the authentication request of the online authentication user and also supports the authentication request from a hall authentication terminal and a self-service tax handling terminal. The permission verification micro service, the decryption micro service and the warehousing micro service support the functions of authentication permission verification, authentication decryption and authentication warehousing, and simultaneously can support and process request services with corresponding functional requirements in other business fields of tax bureaus. The integration of a plurality of original service functions is realized, and the application range is wider, more flexible and more efficient.
On the basis of the existing online authentication encryption technology, the embodiment of the invention acquires an enterprise certificate as the identity authentication of an enterprise by means of a gold tax disk or a tax control disk of the enterprise, performs the identity authentication of two-way handshake with a unified acceptance system deployed on an external network by a tax office, forwards an authentication request to a processing front end of an internal network of the tax office by the unified acceptance system after the authentication is passed, synchronizes the authentication request to an external network gateway by the processing front end, finally sends the authentication request message to an invoice authentication micro-service by the external network gateway, respectively calls an authorization check micro-service, a decryption micro-service and a warehousing micro-service after the invoice authentication micro-service analyzes the authentication request message, and finally realizes the authentication of the invoice. The application of the system can improve the performance and the safety of the tax bureau invoice authentication service. Meanwhile, each micro-service of the system can also be applied to other related service fields, so that the tax office system is more flexible and efficient.
Fig. 4 is a block diagram of a system for authenticating invoices based on a microservice, according to a preferred embodiment of the present invention. As shown in fig. 4, the present invention provides a system for authenticating invoices based on a microservice, which comprises:
the acquiring unit 401 is configured to acquire invoice data to be authenticated, and encrypt the invoice data. Preferably, the acquiring invoice data to be authenticated and the encrypting process of the invoice data include: acquiring invoice data by scanning the invoice or identifying the two-dimensional code of the invoice; the invoice data is encrypted by PKI technology.
The online authentication client side obtains invoice information to be authenticated and carries out encryption processing. The online authentication client side obtains invoice data through invoice scanning or invoice two-dimensional code identification, obtains invoice information to be authenticated by matching with manual correction of a user, and encrypts the information to be authenticated transmitted by a network by using a Public Key Infrastructure (PKI) technology, namely an encryption mode combining a symmetric encryption technology DES and an asymmetric encryption technology RSA.
A requesting unit 402, configured to send an authentication request to the secure channel, and obtain a user certificate and user identification information of the fiscal device based on the secure channel. Preferably, the tax control apparatus comprises: a gold tax disk and a tax control disk.
The verification unit 403, the secure channel, based on the user certificate and the user identification information, verifies the authentication request.
A first sending unit 404, configured to generate a communication packet including encrypted invoice data when the authentication request passes verification, and send the communication packet to the unified acceptance system. And the unified acceptance system sends the received communication message to a processing front-end system.
The online authentication client reads the tax number, the tax disk number and the certificate in the gold tax disk or the tax control disk, uniformly accepts and accepts system requirements according to tax authorities, assembles service messages and technical messages according to different service functions, and sends a handshake request to the secure access. And after the secure access channel receives the request, the functions of signature verification and certificate authentication are completed. And after the verification is passed, accessing the tax bureau unified acceptance system.
And a second sending unit 405, configured to send the communication packet to an invoice authentication microservice of the intranet through the processing front-end system.
The authentication unit 406 is configured to analyze the communication packet through the invoice authentication microservice, and obtain encrypted invoice data after analysis; decrypting the encrypted invoice data to obtain decrypted invoice data; and authenticating the decrypted invoice data, acquiring an authentication result, and storing the authentication result.
Preferably, the invoice authentication micro-service comprises a verification micro-service, a decryption micro-service and a warehousing micro-service; the authority of the user is verified through the verification micro service; decrypting the encrypted invoice data through the decryption micro-service to obtain decrypted invoice data; authenticating the decrypted invoice data to obtain an authentication result; and storing the authentication result through the warehousing microservice.
The unified acceptance system forwards the authentication request to a processing preposition system of the internal network of the tax office, the processing preposition system synchronizes the authentication request to an external network gateway, and the external network gateway finally sends the authentication request message to invoice authentication microservice. The micro-service can simultaneously process the authentication request from the online authentication user, the authentication request of the tax bureau side hall authentication and the authentication request of the self-service tax handling terminal.
The invention carries out authentication message analysis through the invoice authentication micro-service, and sends the analyzed taxpayer information to the authorization verification micro-service for authority verification. And sending the analyzed invoice to-be-authenticated information to the decryption microservice for invoice decryption and authentication after the verification is passed. And after the decryption is passed, the invoice authentication microservice sends the authentication result to the warehousing microservice for authentication information storage. As shown in fig. 3.
Preferably, further for: feeding back the authentication result to the processing front-end system, and sending the authentication result to the unified acceptance system through the processing front-end system; and feeding back the authentication result to the user through a secure channel by the unified acceptance system.
The invoice authentication microservice returns the final authentication result to the direct processing preposition in the original way, and the processing preposition forwards the authentication result to the unified acceptance system of the external network. And finally returning the authentication result to the online authentication client through the security access channel by the unified acceptance system, and giving a prompt whether the user passes the authentication after the client analyzes the returned result. And finally completing the invoice authentication process. As shown in fig. 2.
The invention has been described with reference to a few embodiments. However, other embodiments of the invention than the one disclosed above are equally possible within the scope of the invention, as would be apparent to a person skilled in the art from the appended patent claims.
Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a// the [ device, component, etc ]" are to be interpreted openly as at least one instance of a device, component, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
Claims (10)
1. A method of authenticating invoices based on microservice, the method comprising:
acquiring invoice data to be authenticated, and encrypting the invoice data;
sending an authentication request to a secure channel, and acquiring a user certificate and user identification information of the tax control equipment based on the secure channel;
the secure channel verifies the authentication request based on the user certificate and the user identification information;
when the authentication request passes the verification, generating a communication message comprising the invoice data subjected to encryption processing, and sending the communication message to a unified acceptance system;
the unified acceptance system sends the received communication message to a processing front-end system;
sending the communication message to an invoice authentication microservice of an intranet through the processing front-end system;
analyzing the communication message through the invoice authentication micro-service to obtain analyzed and encrypted invoice data; decrypting the encrypted invoice data to obtain decrypted invoice data; and authenticating the decrypted invoice data, acquiring an authentication result, and storing the authentication result.
2. The method according to claim 1, wherein the obtaining invoice data to be authenticated and the encrypting the invoice data comprises:
acquiring invoice data by scanning the invoice or identifying the two-dimensional code of the invoice;
the invoice data is encrypted by PKI technology.
3. The method of claim 1, the tax control device comprising: a gold tax disk and a tax control disk.
4. The method of claim 1, further comprising:
feeding the authentication result back to the processing front-end system, and sending the authentication result to a unified acceptance system through the processing front-end system;
and feeding back the authentication result to the user through the secure channel by the unified acceptance system.
5. The method of claim 1, the invoice authentication microservice comprising a validation microservice, a decryption microservice, and a warehousing microservice;
the authority of the user is verified through the verification micro service;
decrypting the encrypted invoice data through the decryption micro-service to obtain decrypted invoice data; authenticating the decrypted invoice data to obtain an authentication result;
and storing the authentication result through the warehousing microservice.
6. A system for authenticating invoices based on microservice, the system comprising:
the system comprises an acquisition unit, a verification unit and a verification unit, wherein the acquisition unit is used for acquiring invoice data to be authenticated and encrypting the invoice data;
the request unit is used for sending an authentication request to a secure channel and acquiring a user certificate and user identification information of the tax control equipment based on the secure channel;
a verification unit, which verifies the authentication request based on the user certificate and the user identification information;
the first sending unit is used for generating a communication message comprising the invoice data subjected to encryption processing when the authentication request passes verification, and sending the communication message to a unified acceptance system; the unified acceptance system sends the received communication message to a processing front-end system;
the second sending unit is used for sending the communication message to invoice authentication microservice of an intranet through the processing front-end system;
the authentication unit is used for analyzing the communication message through the invoice authentication microservice to obtain analyzed and encrypted invoice data; decrypting the encrypted invoice data to obtain decrypted invoice data; and authenticating the decrypted invoice data, acquiring an authentication result, and storing the authentication result.
7. The system of claim 6, wherein the obtaining invoice data to be authenticated and the encrypting the invoice data comprises:
acquiring invoice data by scanning the invoice or identifying the two-dimensional code of the invoice;
the invoice data is encrypted by PKI technology.
8. The system of claim 6, the tax control device comprising: a gold tax disk and a tax control disk.
9. The system of claim 6, further to:
feeding the authentication result back to the processing front-end system, and sending the authentication result to a unified acceptance system through the processing front-end system;
and feeding back the authentication result to the user through the secure channel by the unified acceptance system.
10. The system of claim 6, the invoice authentication microservice comprising a verification microservice, a decryption microservice, and a warehousing microservice;
the authority of the user is verified through the verification micro service;
decrypting the encrypted invoice data through the decryption micro-service to obtain decrypted invoice data; authenticating the decrypted invoice data to obtain an authentication result;
and storing the authentication result through the warehousing microservice.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010598753.2A CN111915416A (en) | 2020-06-28 | 2020-06-28 | Method and system for authenticating invoice based on micro-service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010598753.2A CN111915416A (en) | 2020-06-28 | 2020-06-28 | Method and system for authenticating invoice based on micro-service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111915416A true CN111915416A (en) | 2020-11-10 |
Family
ID=73226692
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010598753.2A Pending CN111915416A (en) | 2020-06-28 | 2020-06-28 | Method and system for authenticating invoice based on micro-service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111915416A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108108952A (en) * | 2017-12-14 | 2018-06-01 | 税友软件集团股份有限公司 | A kind of service implementation method, system, equipment and computer storage media |
| CN109561098A (en) * | 2018-12-20 | 2019-04-02 | 航天信息股份有限公司 | A kind of safety access method and system for being authenticated to invoice data |
| CN110852839A (en) * | 2019-10-29 | 2020-02-28 | 车主邦(北京)科技有限公司 | Method, device and storage medium for interfacing energy service business |
| CN111191180A (en) * | 2020-01-15 | 2020-05-22 | 百望股份有限公司 | Method and device for constructing micro-service system in invoice field and storage medium |
| CN111221511A (en) * | 2020-01-02 | 2020-06-02 | 航天信息股份有限公司 | Development system of plug-in type micro-service interface |
-
2020
- 2020-06-28 CN CN202010598753.2A patent/CN111915416A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108108952A (en) * | 2017-12-14 | 2018-06-01 | 税友软件集团股份有限公司 | A kind of service implementation method, system, equipment and computer storage media |
| CN109561098A (en) * | 2018-12-20 | 2019-04-02 | 航天信息股份有限公司 | A kind of safety access method and system for being authenticated to invoice data |
| CN110852839A (en) * | 2019-10-29 | 2020-02-28 | 车主邦(北京)科技有限公司 | Method, device and storage medium for interfacing energy service business |
| CN111221511A (en) * | 2020-01-02 | 2020-06-02 | 航天信息股份有限公司 | Development system of plug-in type micro-service interface |
| CN111191180A (en) * | 2020-01-15 | 2020-05-22 | 百望股份有限公司 | Method and device for constructing micro-service system in invoice field and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
| CN108834144B (en) | Method and system for managing association of operator number and account | |
| CN100518411C (en) | Dynamic cipher system and method based on mobile communication terminal | |
| US20120017095A1 (en) | Software Service for Encrypting and Decrypting Data | |
| TW202117603A (en) | Two-dimensional code processing method, device and system | |
| US20070074027A1 (en) | Methods of verifying, signing, encrypting, and decrypting data and file | |
| CN101216923A (en) | A system and method to enhance the data security of e-bank dealings | |
| CN101841525A (en) | Secure access method, system and client | |
| CN103312691A (en) | Method and system for authenticating and accessing cloud platform | |
| US20150208238A1 (en) | Terminal identity verification and service authentication method, system and terminal | |
| TWM623435U (en) | System for verifying client identity and transaction services using multiple security levels | |
| CN112632593B (en) | Data storage method, data processing method, device and storage medium | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
| US20140013116A1 (en) | Apparatus and method for performing over-the-air identity provisioning | |
| CN113515756B (en) | High-credibility digital identity management method and system based on block chain | |
| CN114531277A (en) | User identity authentication method based on block chain technology | |
| CN114143082B (en) | Encryption communication method, system and device | |
| CN106936588A (en) | A kind of trustship method, the apparatus and system of hardware controls lock | |
| CN103634265A (en) | Method, device and system for security authentication | |
| CN107819766B (en) | Security authentication method, system and computer readable storage medium | |
| CN106656955A (en) | Communication method and system and user terminal | |
| JP2006221566A (en) | Caring service support system using network | |
| CN111770081B (en) | Role authentication-based big data confidential file access method | |
| CN116112242B (en) | Unified safety authentication method and system for power regulation and control system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |