AU2010297872A1

AU2010297872A1 - Method for managing citizen information

Info

Publication number: AU2010297872A1
Application number: AU2010297872A
Authority: AU
Inventors: Gao YE
Original assignee: Individual
Current assignee: Individual
Priority date: 2009-09-25
Filing date: 2010-09-24
Publication date: 2012-06-21
Also published as: CN104408485B; CN104408486A; CN102033901B; CN102667832B; CN104408486B; CN102667832A; CN102033901A; CN105678512A; CN104408485A; WO2011035549A1

Abstract

A method for managing citizen information, relates to the contents: exchanging and managing information between enterprises, public institutions, social organizations, and state organs, collectively called the units, and the citizens, etc. The method includes: establishing a national citizen information management platform, including a citizen information management system, an information service system, and an email box system. The management platform has the management functions: integration, classification, indexing, and statistics of the information of the citizens and the units, etc, provides the application services: inquiry, check, presentation, identity authentication, and retrieval of the information of the citizens and the units, etc, and has the functions of email box, online exchange, social investigation, issuing proclamations, and issuing advertisements. The management platform assigns an email box, uniformly coded and freely used for life, and its address account number, to each citizen and each unit, and gives the email box the function of "collecting and distributing base" of information, achieving the inquiry, check, and presentation of their own information for the citizens and the units and the convenient, quick, and real information exchange between each other.

Description

March 20, 2012 Australian Government IP Australia PO Box 200 Woden ACT 2606 Australia To Australian Government IP Australia: Subject: Request For Entry of PCT International Patent Application Into National Phase In Australia The Unit of Lishui Vocational & Technical College, to which the right, inclusive of the priority, to apply for entry into the national phase in Australia of the PCT international application of an invention titled a "Method of Managing Citizen Information" has been transferred from Mr.Ye Gao on Feb.18, 2012 with the PCT international application number of CN2010/001473 (referring to Appendix 1), hereby files a formal request for an entry of this PCT international application mentioned above into the national phase in Australia and for an substantial examination according to standard patent regulations. The applicant shall be Lishui Vocational & Technical College with Ye Gao as the inventor. The details concerning the PCT international application are as follows: PCT international application No.: PCT/CN2010/001473 International application date: September 24,2010 Priority date: September 25,2009 Priority application No.: 200910153010.8 International publication date: March 31, 2011 International publicationNo.:WO/2011/035549 International publication language: in Chinese Here enclosed are documents for standard patent application: (1)International application document in English version;(2)application documents in English version amended in line with the Articles 28/41 of the Patent Cooperation Treaty, which is to be treated as the basis of patent examination. The details about the applicant are as follows: 2 The IP Australia customer number: 7410363213 Address in Australia: 13, Catani court, Bumside Heights, Vic, 3023 Address in china: No.2 Wuzhaidi Zhongshan St.,Lishui, Zhejiang Province, China China Postcode: 323000 Phone No.: 0578-2886061 The Contacter: Mr. Ye Gao Address in china: No.2 Wuzhaidi Zhongshan St,Lishui, Zhejiang Province, China China Postcode: 323000 E-mail: zjlsyg@sohu.com Phone Nos.: 13216888080 or 0578-2886278 Enclosures: 1. Statement on Transfer of the Application and the Priority Right of PCT Patent in Australia 2.PCT International Searching Report, and International Application Status Report 3.International application documents in English version: the Descriptions, the Claims, the Abstract and the Drawings. 4. Application documents in English version amended in line with the Articles 28/41 of the Patent Cooperation Treaty (to be treated as the bassc6'pkent examination): the Descriptions, the Claims, the Abstract and the Drawings. sYe e on behalf of Lishui Voc il & Tec al College The Chinese version as following: 3 The Chinese version as following: T~~(* 'I~ T2012 I-2 P 18 H i-U -I rMM r~' ( MVTPCT W 'FPCT/CN2OIO/001473, MF;T-i* 9 2010 W012011/035549, [P Mvi-V 2011 =-3 R~ 31 9, [AR Wf Fqr M,±fi"TQ:741036213 ~~ 13. Catani court, Burnsicle Heights, Vic, 3023 PMA J jit fiL: rPMAI-O*71 UJT 9I- 2 S0578-2886061 MA1: 323000 PfL A E-maiI:zjlsyg~qsohu.com TAJt: 13216888080, 0578-28802,1 Wit{4: 201 "F3 21 4. ~2/1 ~ i4t~t 1 PCT/CN 2010/001473 DESCRIPTION A METHOD FOR MANAGING CITIZEN INFORMATION TECHNICAL FIELD [0001] This method adopts WAN technology, communication technology, WEB technology and large database management technology. TECHNICAL BACKGROUND [0002] The world has entered into the information age. Under this trend, administrative departments, numerous enterprises and public institutions of China have developed their own independent websites and database systems. Citizen identity information of citizens and other personal information, such as finance, building property, insurance, property tax, transportation, health care, water and electricity fees, etc., are usually distributed among the databases of the business system of organs or units which are mutually independent. There is need for citizens to know their personal information, display such information to others and check the information of others. State organs, enterprises, public institutions, social organizations and other corporate or unincorporated organizations (hereinafter referred to as "Units"), whose information is also stored among other departments or units, need to know their information, display such information to other units or individuals and to check the information of other units or individuals, therefore, there is a large demand for information exchange among units, units and citizens as well as citizens. The full realization of such a demand will do a lot of contribution to social development and economic prosperity. However, the current situation where such information about citizens or units is separated and unassociated causes severe constraint on inquiry, check and display. Due to the obstructions of communication channel the exchange of information is seriously limited. For example, one may fail to get in touch with an old friend due to the loss of his contact information, and one may fail to consult an expert due to loss of his business card. a court or an administrative organ has to adopt the service of a legal document in the form of public notice as they are unable to locate the defendant or the administrative counterpart, and it is apparently unfair to most units or citizens when a public notice is "not served", which takes place rather often, and most communications among state organs, public institutions and citizens are still paper letters delivered through postal service, which does not only cost a lot, but will also cause unnecessary loss due to delay, miscarriage and omission.

2 PCT/CN 2010/001473 [0003] With the robust development of e-commerce, the issues about network security is becoming increasingly prominent, especially the issue of identity identification. The endless fraud resulted from the virtualization of network identity often succeeds. Such identity authentication issues exist among both citizens and units. As the main participants in social activities, the units, whose identity information has been publicized by the industrial and commercial administrations, are relatively easy to be authenticated concerning their real identity. However, a unit which wants to handle business on the Interne should take the initiative to identify its real identity to other citizens, units or systems, which is subject to great limitation in the existing information system. [0004] The authentication of a citizen's identity has always been a difficult social issue, primarily due to the fact that the forging of citizen identity card fails to be completely solved. Though, by 2008, China had basically replaced old ID cards with the second-generation identity cards with higher technology and better anti-forgery performance, the phenomenon of forging of ID cards has never ceased. The key technology for a better anti-forgery performance of the second-generation identity card lies in that an IC card, where identity information processed with data encryption is stored, has been installed in the ID card, while the identity information in the IC card is only accessible to special ID card readers, with which the authentication of the ID card can just be done. Several cases concerning bank credit card fraud show a new tendency in ID card fraud, that is, a faked ID card is forged only with the photo replaced or just with the same information as the real one after the real citizen identity information is obtained by pilferage, bought or fraud. Even worse, in some cases the IC card in a real ID card is placed or duplicated into a faked one with the surface information consistent with the IC card and only the photo replaced. Such forged ID cards, which are of great deception, will succeed as long as a certain step of the authentication is not well done, when, for example, strict accordance with the authentication procedure is not observed (like a common phenomenon of nonperformance of a stipulations) or photos are not carefully checked. In a long run, the data encryption system is not that indestructible because all encryption algorithms are open and the attackers can decrypt such data once they obtain the key and the corresponding plaintext value directly. There are many methods to obtain the key. The most direct one is to find the key management bug, and an individual can obtain the key through password analysis all by himself. If the key of a digital anti-forgery system is decrypted or stolen, the attackers can install an IC card into the forged ID card and input the real identity information the same as that they see or that with only the photo replaced, so that the forged ID card can also be read and displayed by normal ID card readers, which is namely ID card "cloning". Basically such "cloned" ID cards cannot be authenticated either visually or with a computer, while abnormity of the ID cards with the photo "cloned" even can not be discovered through network inquiry with existing technology. If the lawbreakers defraud citizens of their ID cards and forge faked ones by duplicating the IC cards, or 3 PCT/CN 2010/001473 use others' real ID cards directly stolen, the machine reading or network inquiry will both fail. In such cases, the only method of authentication is to visually tell apart the conformity between the photo and real person. However, as the valid period of an ID card may be twenty years or even longer, the visual discrimination between the photo taken long ago and real person will be affected by the corresponding staff's work attitude, sense of responsibility and discrimination as well as the dressing of the person under discrimination, resulting in unstable accuracy. In other words, the risk of being cheated exists objectively. Especially, when other identity information are checked as consistent and even network check result is consistent, the corresponding staff will "naturally" thinks that the photo is real. As a result, there is huge potential safety hazard in case of such high-tech ID card forgery. [0005] At the end of 2006, the Ministry of Public Security launched the National Citizen Identity Card Number Inquiry Service Center, through which inquiry about whether a citizen's name is consistent with the ID card number and whether an ID card is real is realized. Mobile users and Unicom users can make an inquiry at the cost of five yuan. If the information is consistent, the users can also check the photo with the password in the text message. Such inquiry seems to have satisfied the demand for ID card authentication. However, if an ID card is forged with the above real ID card information, the judgment of such an ID card merely based on the relevance between the name and ID card number is apparently not enough. In the case where it is difficult to discriminate the conformity between the photo on the real ID card and the holder because the photo was taken long ago, such inquiry method will fail to check the authenticity of the ID card, but will even be propitious to the forged ID card. In addition, the action to make the inquiry about the logical relationship between the ID card number, the name and the photo indiscriminately available to any person shows obvious a lack of caution, which may be utilized by evil persons. After all, Law of the People's Republic of China on Resident Identity Cards has applied strict constraint concerning the situation where policemen should authenticate citizens' ID cards. The most ideal situation is that: through system arrangement and technical design, the system can discriminate "proper" and "wrongful" requirements on citizen ID card authentication and reject the "wrongful" requirements out of the information authentication process while "proper" requirements should be fully public and free. [0006] From the above ID card forging cases we can see that it is important to prevent the citizen identity information from being disclosed for stopping ID card forgery. There are two problems in the existing second-generation ID card information marking structure: firstly, the citizen must duplicate both sides when it is necessary to duplicate the ID card, which is a waste of resources. Secondly, when the ID card is duplicated, all personal identity information are fully exposed, which 4 PCT/CN 2010/001473 facilitates unlawful persons' stealing of personal information data for purposes against the law. The easy access to real identity information is closely associated with the full exposure of ID card information and the casual requirement and agreement to duplicate the ID cards in any occasions. [0007] Targeted at the above problems, now there are no technical obstacles in developing an integrated information network solution with existing WAN technology, computer technology, communication technology and database management technology. The development, implementation and operation of such an integrated information network solution will achieve enormous economic and social benefits. [0008] The exchange and full utilization of citizen information cannot be separated from the participation of units, while the exchange and full utilization of units information involves broader aspects, more complicated relations and problems to be solved. The system constructed in this invention patent is based on the management system for citizen identity card and household registration at the public security organ and aims at facilitating the implementation and promotion of this patent. For the units information problems involved, the problems that can or should be solved by this system framework will be solved, while those cannot be solved will be simplified or avoided. That is why though this invention patent mainly deals with citizen information demand issues; it also involves the information inquiry, check, display and exchange as well as identity authentication of units. However, this invention patent is still named with "A Method for Citizen Information Management System" instead of a concept of a broader sense. CONTENTS OF INVENTION GENERAL IDEA FOR THE TECHNICAL SCHEME OF THIS INVENTION [0009] Targeted at the above situation, this invention aims at developing an integrated solution to aforementioned issues with the computer network system to realize the identity authentication of citizens or units, to realize inquiry, check and display of citizens' and units' information including the identity information, to make communication and usage of citizens' and the units' information real, convenient and quick, and to improve the utilization efficiency of citizens' and the units' information resources. [0010] After a careful observation of the aforementioned pending problems, we can find that citizens or units (collectively called as "the subjects") are both the creators of information and the recipients and users of information. The information environment of each subject is formed by 5 PCT/CN 2010/001473 various information systems of different levels and scales. The various information systems (which can be understood as the various database systems of all departments, industries and units) are generating or modifying information related or unrelated to the subjects every day. The information related to the subjects and generated by the subjects themselves among the various information systems are called as subject information, and the sum of all subject information forms subject information resource. A relationship of many-to-many information exchange is formed between subjects with the subject information resource as the object. [0011] The technical scheme realized in this invention is to establish, on the basis of the existing information management system of citizen identity cards and household registration in the public security organ, a national platform for citizen information management (hereinafter referred to as CIP for the citizen information platform), which comprises the citizen information management system, the information service system and the E-mailbox system (hereinafter referred to as CIMS,ISS and EMS respectively). The citizen information management system is for the management of business relating to ID cards and allocation of E-mailboxes. The ISS provides managing functions of integration, classification, indexing and statistics of the information of citizens or units, and application services of inquiry, check, display, identity authentication and search of the information of citizens or units. The EMS is, through the E-mailbox websites, to provide services of E-mailbox, online communication, social research, public announcement and advertisement. The CIP assigns a permanent legal E-mailbox to each citizen upon birth for free use. the sending and receiving account of the mailbox (referring to the mailbox account dedicated for sending and receiving E-mails, the same below) which is set as the ID card number of a citizen shall remain unchanged, and the login account of the mailbox (referring to the mailbox account dedicated for opening the E-mailbox, the same below) which is initialized as the ID card number of a citizen can be modified. As the "collection and distribution base" of a citizen's personal information, the citizen's E-mailbox can, through the links provided by ISS, integrate each citizen's various personal information resources of their own distributed outside of CIP, like systems of bank, social insurance, housing, transportation, water and power supply (hereinafter referred to as "external systems"), and display such resources in the E-mailbox in form of various personal information files, (actually the links to various personal information), which the citizen can consult or display externally. EMS also assigns various units legal various units E-mailboxes for permanently free use, the sending and receiving account of which, to be initialized as the national unified organization registration code, shall remain unchanged, and the login account of which, to be initialized as the national unified organization Registration code, can be modified, possibly the E-mailbox of a unit can also be used as the "collection and distribution base" of its own information, the E-mailbox of a unit can, through the links provided by ISS, integrate each unit's various information resources of their own 6 PCT/CN 2010/001473 distributed outside of CIP, like systems of identity, bank, housing, transportation, water and power supply, and display such resources in the E-mailbox in form of various unit information files (actually the links to various unit information, the unit information files and the aforementioned personal information files in a citizen's E-mailbox are collectively called as "user's information files", the same below), which the unit can consult or display externally. EMS is provided with graphical stamps associated with the content of an E-mail, which are to change obviously with any modifications to the content of the E-mail with them. Improvements are made to the layout design of the second-generation ID card, where two ID card validation codes are added and the display of some ID card information is rearranged, and where the ID card information is classified into three levels as "basic", "general" and "complete", which can be displayed accordingly by inserting the ID card into a protective sleeve. improvements are also made to the reader-writer of the IC card, where according to the three display levels of the ID card information, the reader-writer is classified into three types with three kinds of reading access to the IC card as "basic", "general" and "complete", and where each type has been equipped with the function of comparison among ID card validation codes, ID card passwords and network authentication frequency as well as the function of fingerprint identification. the IC card will, according to the aforementioned three levels of reading access, save the ID card information in separate areas to satisfy the needs of the three display levels, furthermore, the IC card, which saves the serial number of the IC chip, ID card password and two pieces of fingerprint information, also saves respectively according to the types of reader-writers the information of frequency of ID card network authentication done on the ID card reader-writer, among which the home address, the ID card password and the two pieces of fingerprint information can be modified with statutory authority, and the information of frequency of ID card network authentication done on the ID card reader-writer saved respectively according to the types of reader-writers will be refreshed as the frequency increases, while other information remains unmodified. the IC card reserves information storage space for extended applications to employee's cards, driver's licenses, bus cards, medical cards, social insurance cards and bank cards, thus to realize one card for multiple use. each citizen or unit can get a U Shield (i.e. the digital certificate that contains the basic identity information of a citizen or unit) through certain formalities directly from the administrative organ of CIP for application to various identity authentication at CIP [0012] The CIP constructed can realize the following twelve functions: firstly, information exchange function, i.e. citizens and units can send E-mails or have real-time one-to-one and one-to-many communications or video calls through the network. Secondly, information inquiry function, i.e. citizens or units can inquire about their information in other information systems through their mailboxes in CIP. Thirdly, information display function, i.e. units or citizens can use their real identity, credit and assets, etc. as third-party certification by calling and displaying 7 PCT/CN 2010/001473 information about its identity, credit and assets, etc. in other information systems independent from its own to other units or citizens. Fourthly, identity authentication, i.e. the real identity or the authenticity of the ID card and whether the holder is the owner of the ID card can be checked through the ID card network authentication of ISS or the ID card network authentication based on ID card reader-writers. Fifthly, business operation function, units or citizens can conduct relevant business operations via the links to ISS and external systems in their mailboxes, such as to transfer capital through business operations of the capital accounts. Sixthly, information statistics function, such as the statistics of the quantity and composition and other indicators of various units or citizens at different times. Seventhly, online search function, through which units or citizens can conduct one-to-many special researches on all targets, breaking through the limit of traditional sample research. Eighthly, search function, through CIP, all mailboxes named with the names of units and citizens can be found by searching the contact list of legal mailboxes published on the platform. Ninthly, advertisement issuance function, i.e. to set up advertisement issuance areas according to administrative levels or community types by fully utilizing the unique units and natural person resources advantages of CIP. Tenthly, information issuance function, i.e. various social s can publish information to specific or unspecific targets by utilizing the information issuance areas in EMS of the platform, and CIP can offer several kinds of information issuance service. Eleventh, real-time dynamic monitoring function, under the authority of the law, the motion tracks of specific citizens can be monitored through the background system of CIP, thus to facilitate the public security organs in seizing suspects. Twelfth, policy-making support function, by utilizing the advanced technologies, such as data integration, data warehousing and data mining, CIP can make deep analysis and mining of the data information in the information resource system of units or citizens to offer support to national policy-making in macro-management and micromanagement. On the basis of above functions, various network platform services can be developed by utilizing the unique advantages of national units' and all citizens' resources, such as e-commerce service, news report and video services of films and television programs. [0013] The citizen information management system, ISS and EMS of the citizen information management platform adopt centralized framework and unified management. The citizen information management system can provide functions like research, statistics, mining classification, analysis, processing and collection, etc. of relevant data information, thus to offer support to national policy-making in macro-management and micromanagement. Based on the information system of citizen identity card and household registration at the public security organ, CIMS constructs a database of citizen identity information-a database of units identity information can be developed if appropriate-to store citizens' ID card information, the fingerprint information of ten human fingers and household registration information, which can also store the basic identity 8 PCT/CN 2010/001473 information of various units and record the identity authentication information of citizens or units if appropriate. Based on the information data of citizens and units, ISS can link the information concerning citizens or units in various systems and construct various index databases of the information about citizens or units to provide information inquiry and identity authentication as well as the inquiry, check and display of the information about citizens or units through EMS. The EMS can provide mailbox services for citizens or units, mailbox contact list service and online information exchange service through mailbox websites. To ensure the independency, confidentiality and security of the data in CIP and other external systems, firewalls, access rights, password and other security measures should be set up between CIP and various other external information systems, and the information transmission between different systems should all adopt advanced encryption and decryption methods to prevent disclosure during data transmission. ID CARDS AND THE IMPROVED DESIGN OF THE IC CARD EMBEDDED [0014] Targeted at the phenomena that real identity information is easy to access and unlawful persons often forge faked ID cards with the real identity information, this invention patent conceives of dividing the information contained in an ID card into basic identity information and relatively confidential identity information. Through the E-mailbox website, generally the display of basic identity information can already meet the purpose of checking the real identity, and only under special circumstances will the relatively confidential identity information be checked additionally, such as the ID card validation code and home addresses, etc. For units necessary and entitled to check the relatively confidential identity information, they should apply strict regulations on prevention against disclosure to the confidentiality system of identity information. Thus, it will be more difficult for unlawful persons to obtain the complete real identity information and prevent ID card forgery from the source. Therefore, it is necessary to improve the design of existing ID card layout. [0015] Based on the existing second-generation citizen ID card (with the dimensions, outline, pattern, texture, font, glyph, font size and material of the ID card and the capsulation method of the IC card remaining unchanged) two pieces of ID card validation code information are added on the ID card, the words "Citizen Identity Card" are added at the top of the photo, on the front side are printed certain items including name, gender, date of birth, nationality, ID card number, issuance organ, date of issuance and valid period, on the back side are printed home address and two pieces of ID card validation code information, which all are covered with special adhesive tape (to be uncovered and covered repeatedly) inosculated with the texture and patterns of the ID card, characters indicating the position of covered information can be printed on the back side of the 9 PCT/CN 2010/001473 special adhesive tapes, thus these three pieces of identity information are not to be displayed nor duplicated when unnecessary. When these three pieces of identity information need displaying or duplicating, it is only need to uncover the opaque adhesive tape on the surface of the protective sleeve without removing the ID card. Characters indicating the positions of the covered information are printed on the back side of the opaque adhesive tape which is on the surface of the protective sleeve. [0016] ID card information can be classified into three levels of "complete", "general" and "basic" through the new design of the ID card layout. "Complete" information refers to the public ID card information except the second group of ID card validation code, "general" information to the public ID card information except the ID card validation codes, and "basic" information to the public ID card information except the ID card validation codes and home address. [0017] The date of issuance and the valid period on the front side of the ID card are indicated with a 7-digit code and displayed right after the name of the issuance organ. The year, the month and the day are indicated with totally 6 digits of one 2-digit number each, and there is another1-digit number indicating the term of use. The term below 9 years is to be marked directly with a particular number, while the capital letter "X" to stand for 10 years, "Y" for 20 years and "Z" for long term. [0018] Two groups of ID card validation codes, each of which consists of 9 digits comprising 8 digits of validation code and 1 digit of check code, are automatically generated by CIMS each time when an ID card is issued or renewed. The first group of ID card validation code can be applied to identity network authentication in ISS and the ID card network authentication done on the ID card reader-writer, while the second group of ID card validation code can only be applied to identity network authentication in ISS. The two groups of ID card validation codes are generated through the following method: firstly, a 16-digit number to be derived from numbers of the ID card and those randomly generated upon the issuance of the ID card through asymmetric encryption algorithm, secondly, a 1-digit check code derived from checkout arithmetic of the first 8 digits to be added to the end of the first 8 digits so as to form the first group of 9-digit ID card validation code, at last, the other 1-digit check code derived from checkout arithmetic of the last 8 digits to be added to the end of the last 8 digits so as to form the second group of 9-digit ID card validation code. General identity network authentication, such as real name authentication of online games and tickets, can just be done with the first group of validation code. While in application systems of finance, customs and airports etc., the second group of validation code is needed for network identity authentication. Due to the low usage frequency of the second group of validation code and the failure of ID card reader-writers to display, the second group of validation code will have higher 10 PCT/CN 2010/001473 confidentiality than the first group, thus to achieve the confidential effects of ID card validation codes at different levels. [0019] The IC card is designed to store identity information and that of no more than 10 extended applications. The fingerprint information in the identity information embraces the fingerprint data of two frequently used fingers, which can be replaced by other fingerprint data if necessary by applying to the administrative organ of CIP. The home address and ID card password information in the identity information are allowed to be modified by applying to the administrative organ of CIP. One of the three levels of the ID card information in the IC card that is accessible to be read according to different levels of access is only to be read by the ID card reader-writers authorized by the administrative organ of CIP as per corresponding levels of access, and the information of extended applications can be read by the readers installed with the modules authorized by the administrative organ in charge of relative application system. CHECK OF THE AUTHENTICITY OF ID CARD AND LEGALITY OF THE HOLDER [0020] Corresponding improvements are also made to the reader-writers of the IC card to adapt to the new layout design of the ID card. Based on the three levels of ID card information, the reader-writers are classified accordingly into three types of "basic", "general" and "complete" with three kinds of reading access to the IC card as "basic", "general" and "complete". Each type of the reader-writer can only display one of three levels of the ID card information so as to satisfy the needs of collecting ID card information of various industries in different situations. The "complete" type displays the external information of ID card except the second group of the ID card validation code, the "general" type displays the external information of ID card except the ID card validation codes, and "basic" type displays the external information of ID card except the ID card validation codes and home address. Any other-information in the IC card is not accessible to the ID card reader-writer except for such three levels of ID card information. [0021] Corresponding to the "basic", "general" and "complete" display levels of the ID card information in the IC card, three levels of reading access are set to the IC card, i.e. "basic", "general" and "complete". The external information of ID card excluding the second group of the ID card validation code is stored in three areas of different levels of access in the IC card. the first of which stores the "basic" ID card information readable to all the three levels of "basic", "general" and "complete" access, the second of which stores the "general" ID card information excluding "basic" ID information readable to the two levels of "general" and "complete" access, and the third of which store the "complete" ID card information excluding the "general" ID 11 PCT/CN 2010/001473 information, readable to the sole level of "complete" access. [0022] Several encrypted authorization module interfaces are embedded inside the ID card reader-writer for installation of ID card read-and-write authorization modules, which shall be granted by the public security organ, to read and write ID card information according to one of the three access levels by the ID card reader-writer. The authorization modules of extended application systems, which shall be granted by the corresponding administrative organs of other business systems with the authorization from public security organs, can also be embedded for extending use of ID card to other business systems. [0023] When ID card reader-writers are offline (meaning they are not connected to ISS), the authenticity of an ID card is verified through the following steps: firstly, whether the ID card can be read, if it can be read, it means the information read from the IC card has passed the authentication of the authorization module of ID information in the reader-writer; secondly, whether the information displayed by the reader-writer is consistent with the external information of the corresponding ID car, i.e. it is to verify the consistency between the information inside and outside the ID card and to prevent against malevolent "core change" of the ID card. "Core change" is a kind of ID card forgery, where the surface information of the ID card is real or only the photo is faked, while the IC card inside is replaced with a real one from another natural person' s real ID card or its duplicated card. This forgery is the most difficult to discriminate. [0024] When ID card reader-writers are offline, the legality of the holder of ID card is verified with the following methods: first, visual inspection of conformity between the photo on the ID card, the one displayed by the reader-writer and that of the real person; second, whether the ID card password input into the reader-writer passing the password authentication of IC card; third, whether the fingerprint information input into the reader-writer matching the fingerprint information in the IC card. The above three verification functions of ID card reader-writer on the legality of the holder are mutually independent, which can be used separately or simultaneously. [0025] ISS has set up ID card network authentication frequency counters for the three types of ID card reader-writers respectively. After each ID card network authentication through a type of ID card reader-writer, the authentication frequency of the corresponding type will be increased by 1. The IC card also stores the current ID card network authentication frequency value based on various types of ID card reader-writers respectively. The ID card network authentication with an ID card reader-writer is done by sending the information in the IC card read by any type of ID card 12 PCT/CN 2010/001473 reader-writer, including the displayed ID card information, fingerprint information and the current value of the authentication frequency counter, to ISS for network ID card authenticity comparison. If the compared content is the same, the corresponding type of counter in ISS will add 1 and ISS will refresh the network authentication frequency value of the same type in the IC card. [0026] The service life of the IC card for repeatedly reading and writing is solved by leaving separate storage space in the IC card in advance. [0027] The methods to verify by the ID card reader-writer through network the legality of the ID card holder are as follows: firstly, to send the ID card password input into the reader-writer to ISS for ID card password authentication; secondly, to send the fingerprint information input into the reader-writer to ISS for fingerprint information matching. [0028] The difference between the ID card authentication with the online ID card reader-writer based on CIP and that with the off-line ID card reader-writer is that the former can timely discover forgery, clone or embezzling of citizens' IC cards by setting up ID card network authentication frequency counters, thus to root out such forgery, clone or embezzling of citizens' IC cards. [0029] If the ID card is lost and falsely used or the IC card is duplicated, the citizen can report the loss to the administrative organ of CIP and obtain a new ID card, the original ID card will not pass the ID card network authentication and thus cannot be used any more. If unlawful persons forged an ID card with real identity information or duplicated an ID card and the IC card thereof, as the information of the ID card network authentication frequency is stored in ISS, such forgers cannot know that the ID card is already unable to pass the network authentication. Even under the worst circumstance where the forger has obtained all information including identity information, ID card password and ID card network authentication frequency and so on, and where the real ID card and the faked one which are the same at certain point cannot be discriminated, either one will be unable to pass the network authentication after the other one passes the network authentication and the information of ID card network authentication frequency is modified. The result is either that the real ID card is always able to pass the network authentication normally while the forged one is always not, or that the forged ID card passes the network authentication while the legal holder can immediately report the loss to the police and stop the usage of forged ID card in the shortest time when the real ID card fails to pass the network authentication. Though it is relatively easy to obtain individual identity information (after the ID card validation code is added into the ID card, it is not easy to obtain the validation code any more), it is almost impossible to obtain the information of ID card network authentication frequency so that full security of the aforementioned anti-forgery 13 PCT/CN 2010/001473 technology of IC cards is guaranteed. [0030] As for the verification of the holder's legality, when the requirements on security is high, both authentication of ID card password and fingerprint information can be required. Special attention should be paid that strict provisions should be applied to the application scope of the fingerprint information in the IC card through administrative rules or regulations. For business operation of important matters like cash withdrawal and remittance at banks, the authentication of ID card password shall be mainly adopted with a possible combination of the authentication of fingerprint information, which shall not be used alone mainly out of the consideration for the confidentiality of individual fingerprint information and personal safety. NETWORK IDENTITY AUTHENTICATION [0031] For a newly issued ID card, it shall not be effectively used until the initial identity information of the ID card (including the name, the serial number of the chip inside the IC card, the ID card number, the ID card validation codes and the current ID card network authentication frequency), is saved in both CIP and the IC card, which is called as the identity information initialization of the ID card. The function of comparison among the ID card password and the two pieces of fingerprint information shall only be enabled separately or simultaneously by application to the administrative organ of CIP for approval to launch. [0032] The modification of ID card information shall be done with an ID card reader-writer connected to ISS through the following steps: firstly, to validate the old password; secondly, to set a new one. The reader-writer will apply to CIP for password modification through ISS when it validates that the new passwords input twice are the same. After the password is successfully modified, the reader-writer will write the new password into the IC card. [0033] If power failure and other unexpected situations occur in modifying the ID card password, which causes that the writing of ID card password and the password storage in ISS is only effective at one end with the other end ineffective, the ID card cannot pass the network authentication. Under such circumstance, the holder cannot only use the ID card normally until the identity information of the ID card is the initialized at a public security organ above county level (or the administrative organ of CIP). [0034] Identity network authentication can be done through the identity authentication interface in ISS by using the unit's digital certificate U Shield and imputing into it "the full name of the unit or 14 PCT/CN 2010/001473 the sending and receiving account of the mailbox + the password of the unit's digital certificate U Shield", thus the authentication is done. [0035]There exist three methods for doing a citizen identity network authentication in the identity authentication interface in ISS: firstly, to input the "the name or the ID card number + the ID card validation code 1" and "the ID card password"; secondly, to input the "the name or the ID card number + the ID card validation code 2" and the "ID card password", thirdly, to use the citizen's digital certificate U Shield and to input "the name or the ID card number + the password of the citizen's digital certificate U Shield", thus the authentication is done. The identity network authentication can also be done in the identity authentication interface of ISS embedded in the other application systems including banks and telecommunications. After the authentication is confirmed, the application system can obtain the citizen identity information needed by the very application system in accordance with administrative rules and regulations or with the authorization of the owner of the personal information. [0036] The classification of the citizen identity information obtained by application systems from CIP , which can be one of the three levels of ID card information or comprehensive information including employee's cards, driver's license, occupational title, educational degree and household registration information and so on, is to satisfy the needs of application systems with the principle of getting the consent of the owner of individual information and the authority of administrative rules and regulations. Thus, individual information can be reasonably used by various application systems according to regulations and misuse and illegal use of individual information can be avoided. The classification can also facilitate the implementation of real name identity system of various businesses, such as the real name systems of mobile phones and online games and tickets. [0037] The embedding of identity authentication service into various business systems can realize close links between various business systems, and the authentication process is automatically done in conducting the business, which will neither call for manual intervention nor change the business process and practice of various systems, thus to greatly improve the efficiency of the business process of various systems. [0038] As the above inquiry and authentication methods of identity information done on the basis of the statutory authorization or a citizen's own authorization, a due, necessary and legal inquiry of information are guaranteed systematically and technologically. It has overcome the shortcomings of an inquiry about ID card information, which is too easy and excessive with a charged fee, through network or mobile phones based on the database of "National Citizen Identity Information System" 15 PCT/CN 2010/001473 in the society. This checking method, which includes the check of basic identity information and special identity information (such as driver's license, various occupational certificates, educational degree and credit), put an end to the problems of verifying basic and special identity information, i.e. those of "who the holder is" and "what the holder is". It offers technical support to the "evidence collection" of an honest society. [0039] The banking system adopts the above ID card network authentication method for the examination of account opening, loss report, deposit and withdrawal, and will send the notice text message of business operation to the mobile phone and mailbox of the citizen. To notice the mailbox users at the very first time can root out the phenomena of opening or reporting loss of an account and withdrawing cash with other persons' ID cards, thus to prevent against various relevant fraud. By opening or reporting loss of an account and conducting other business with such ID card network authentication, mailbox users can know the usage conditions of their ID cards at the very first time, such as whether the ID card falsely used by other persons. Once the mailbox users find any abnormal condition, they can report it to the police and effective prevent against various illegal activities as a result of falsely use of ID cards. Such ID card network authentication will totally negate the excuses of banks and other financial institutes that "they are only responsible to examine the ID cards, not to check their authenticity" and ensure secure and reliable deposit, withdrawal and loss report of customers. The application of ID card network authentication in the business system of banks will ensure the implementation of real name system for bank accounts and guarantee fully traceable fund flow of bank accounts, thus incoming funds will not disappear due to the nature of nominal accounts. INFORMATION SERVICE SYSTEM [0040] The ISS which is linked to various external systems offering unit or personal information includes information resource system and business application systems. Based on various unit or individual information, the ISS establishes various information item index or classification index databases for the search and statistics of identity information of units or individuals, provides the identity authentication of units or individuals through CIP, provides classified inquiry, classified check and classified display of units or individuals information through EMS, and provides the aforementioned information service by offering information service embedded modules to the applications systems (including EMS of this platform) of parties demanding information service. The application system of banks, for example, where identity authentication modules can be embedded for network identity authentication, can help open and cancel bank accounts.

16 PCT/CN 2010/001473 E-MAILBOX SYSTEM [0041] The E-mailbox system provides E-mailbox users with independent network storage space, where the user can set their own hierarchical directory to store all kinds of their own files (hereinafter referred to as the "user's file"). The user can set passwords for the user's file or the user's information views in the E-mailbox according to their needs, and associated links can be set between the user's file and the user 's information views, through which the user can open a user's information view from the user's file and vice versa. For example, E-mailbox users can place the sorting results such as abstracts and compilation of the content of user information files into the user's files for check. [0042] The E-mailbox users can set user information views that they need as display views, which they can number and set display passwords. When an E-mailbox user wants to display the content of such user information views, it's needed first to do identity network authentication of units or citizens in the information display interface of the unit or the individual in EMS, then to input the "file number" and the "display password" so as to view or display the unit or individual information (the identity information included).This method can be done online through both a computer and a mobile phone. When it is necessary to display individual identity information and other contents, citizens can realize it without opening their mailboxes, thus to avoid leaking other information in their mailboxes. When an individual forgets to take his ID card, he can prove his real identity with this method. Therefore, it provides travelers with great convenience in looking for hotels. [0043] When a unit or a citizen logs in the E-mailbox, the user information views needed can be selected, the files can be viewed and the links of such user information views on which the E-mailbox user has set a time limit can be sent through EMS to the target E-mailboxes of the parties demanding unit or individual information within this EMS after identity authentication, and the links of the user information views can also be transferred to other designated target E-mailboxes. For example, submitting the ID card information of a certain citizen with authorization to a court through CIP will make it possible for the online receipt of indictments and online filing of cases of courts. Such method of providing information of the inspected units or individuals with authorization through CIP as the third party will prevent against online fraud to the maximum. [0044] An online information exchange system embedded in the E-mailbox has set chat rooms for units, communities and various industries all year round, apart from the functions of common chat system which include one-to-one private chat and friend group chat. The chat rooms are managed 17 PCT/CN 2010/001473 by persons specially designated for the job as per administrative levels. People who join in a chat room shall all use their real names, and the E-mailbox users who put each other in their "Friend List" can show their own information (including their identity information), inclusive of the identity information, to each other in the chat system through authorization (by ticking directly in the option box of a certain user's information file). [0045] The E-mails sent and received in EMS can be set in two forms of "online reading" and "download reading", either of which may be designated by the E-mail sender, and either of which may be designated by the receiver to the E-mails in the "download reading" form set by the sender. The E-mails set "online reading" by the sender are only to be read with the E-mail management software specially dedicated for EMS and shall not be downloaded. The E-mails in the "download reading" form can be downloaded to local terminals for storage and reading with the E-mail management software, specially dedicated or universal. Thus, for some E-mails with strict requirements on confidentiality, the option of "online reading" can soundly prevent the E-mails from being disclosed. [0046] Each E-mailbox has set various letter modules to satisfy the writing needs of various types of practical electronic letters. The E-mails of legal instrument nature should be in the written form in accordance with the requirements of laws and regulations. That is to say, the E-mails can display the contents in a tangible manner and can be called for use at any time, accurately show the contents originally created, sent or received, and guarantee that the contents remain complete and unchanged since the final formation with some exception that some changes in formats can exist during the transfer, storage and display of the E-mails like the changes in the properties of the E-mails. Any changes in the content and form of the E-mails can be noticed. To be specific, the E-mails of legal instrument nature will be sent and received in a cipher text form, and the E-mails seen by the receiver will be the same as the ones generated by the sender in terms of content, format and type of paper. Graphical stamps which are stored in EMS in advance are associated with the content of the E-mails, and any modifications to the content will cause the stamp graphs to change obviously. The E-mails received contain the characters and marks of CIP, the sending and receiving accounts of the senders' and the receivers' E-mailboxes as well as the sending and receiving time. The E-mails successfully sent will be saved automatically and can be downloaded, displayed or printed, the saved content, format and type of paper of the E-mails, the abovementioned characters and marks of CIP, the sending and receiving account of the senders' and the receivers' E-mailboxes as well as the sending and receiving time cannot be modified, otherwise the stamp graphs will be caused to change obviously. The E-mailbox can classify and save the E-mails received into different categories according to the user's needs.

18 PCT/CN 2010/001473 [0047] Two kinds of E-mailboxes of Class A and Class B are set up in EMS, where Class A E-mailboxes owned by state organs or the administrative organs of CIP at various levels receives only the E-mails from other E-mailboxes in this EMS other than those from the E-mailboxes in other websites, and the E-mails from the senders blacklisted by a special E-mailbox will be directly dumped into the dustbin of the E-mailbox and be eliminated when the set term expires, upon which a returned notice will be sent to remind the sender that the E-mail have been dumped into the dustbin. Class A E-mailboxes are provided with a function that E-mails and text messages for cell phones are sent in the one-to-one or group form to all target E-mailboxes within the administrative or authorized areas, beyond which E-mails and text messages for cell phones are only sent in one-to-one form to target E-mailboxes. The E-mails and text messages for cell phones are received unconditionally by all target E-mailboxes, and an automatic notice will be returned notifying that "The E-mail has been received". Class B E-mailboxes are owned by units or citizens excluding Class A E-mailbox users. [0048] Class B E-mailboxes have six modes of receiving E-mails: the "mode of receiving all messages" and the "mode of receiving messages from within the system", the "mode of receiving small-group messages" and the "mode of receiving non-group messages" and the "mode of receiving messages from friends". The "mode of receiving all messages" means that the E-mailbox can receive all E-mails from both outside and within this system. The "mode of receiving messages from within the system" means that the E-mailbox receives only the E-mails from within this system, including group E-mails. The "mode of receiving small-group messages" means that the E-mailbox receives only the E-mails from within this system, excluding non-friend group E-mails that exceed the specified quantity. The "mode of receiving non-group messages" means that the E-mailbox receives only the E-mails from within this system and does not receive non-friend group E-mails. The "mode of receiving messages from friends" means that the E-mailbox receives only the E-mails from friends within the system, including group E-mails from friends. [0049] Class B E-mailbox users can send through EMS text messages for cell phones to other E-mailbox users within this system in the one-to-one or group form subject to the receiving modes of the target E-mailboxes, the users of which receive text messages for cell phones from E-mailbox users within this system in the one-to-one or group form where the receiving mode of the target E-mailbox is the "mode of receiving all messages" and the "mode of receiving messages from within the system". The users of the E-mailbox with the "mode of receiving small-group messages" receives text messages for cell phones from E-mailbox users within this system, excluding non-friend group text messages for cell phones that exceed the specified quantity. The 19 PCT/CN 2010/001473 users of the E-mailbox with the "mode of receiving non-group messages" receives text messages for cell phones from E-mailbox users within this system and does not receive non-friend group text messages for cell phones. The users of the E-mailbox with the "mode of receiving messages from friends" receives only text messages for cell phones from his friends within this system, including group text messages for cell phones from friends. [0050] The first opening of citizen E-mailbox should be done by applying to the administrative organ of CIP for approval. The account of citizen E-mailbox includes the sending and receiving account and the login account of the E-mailbox, which are initialized as citizens' ID card number. After the mailbox is opened, the sending and receiving account of the mailbox will be fixed as the ID card number permanently, while the login account of the mailbox (mainly consisting of English letters, Arabic numbers and Chinese characters) can be modified by the mailbox users through application. When the login account of the E-mailbox is successfully modified, the former login account of the mailbox will become null and void immediately and the user can only log in his E-mailbox with the new login account and password. Thus, the mailbox of each citizen is in relatively confidential status. [0051] An exclusive "legal representative E-mailbox" with the full name of the unit may be set to represent that unit under the directory of each of the unit's E-mailbox in EMS. Divisional E-mailboxes of various levels may be set by application of that unit and a certain number of post E-mailboxes may be set by each level of division according to their needs. The unit can determine to name the divisional E-mailboxes of various levels with their corresponding division names by applying to the administrative organ of CIP. Both The legal representative E-mailbox and divisional E-mailboxes of a unit act as a tool for external communications and a public platform for the information exchange within the unit. When executives are transferred, the divisional E-mailboxes and post E-mailboxes will remain unchanged. The information concerning work in the E-mailboxes will be saved permanently and become the historical records of that division or post on the web. [0052] The E-mailbox mailing list service offered by EMS publishes the sending and receiving accounts of units' and citizens' E-mailboxes in the form of names on the E-mailbox website of CIP, i.e. each E-mailbox is named with the real name of the E-mailbox user and is linked to the corresponding sending and receiving account of the E-mailbox, thus the E-mailbox mailing list is displayed directly according to names of units or citizens, forming a national public E-mailbox mailing list. According to the classifications of state organs, enterprises (including a corporate entity, a non-corporate entity and individual business household), public institutions and social organizations (a corporate entity, a non-corporate entity) the E-mailboxes of units are arranged in 20 PCT/CN 2010/001473 the order of the administrative areas of the Central Government ; the province (including municipal cities and the autonomous regions, the same below) the city, the county and the township (the village) where the units belong. The citizen E-mailbox mailing list, where the legal E-mailboxes of all citizens are collected, is are arranged according to the administrative area of the citizens' household registration, i.e. the administrative areas of the province, the city, the county, the township (the village), the street district or the administrative village to which the place of citizens' household registration belong. The citizens who are unwilling to publish their specific domicile can apply to the administrative organ of CIP for arranging the E-mailbox mailing list in the order of family names at the level of the county or the city. The citizens are entitled to select either of the two arrangement methods with the first one as the default. The citizen E-mailbox mailing list can also be arranged according to the classification of units, each of which can apply to EMS for putting the legal E-mailboxes of the employees and the ex-employees of that unit on the same E-mailbox mailing list of the unit. An employee is entitled to decide to display his E-mailbox to other parties out of the unit or limit the access only to the employees in the same unit instead of others out of the unit. When a citizen moves to other administrative areas or is transferred to a new unit, his/her legal E-mailbox, which is to be put on a new E-mailbox mailing list of the new place of household registration or the new unit, remains on the original mailing list, capable of receiving E-mails as usual, except that it is to be marked with the words of "Moved Out" or "Transferred", and that sending and receiving account of the E-mailbox on the different mailing lists remains the same, directing to the exclusive E-mail address. EMS provides for units a public E-mailbox mailing list arranged according to the classification of industry and vocation and for citizens a public E-mailbox mailing list arranged according to the classification of industry, vocation and professional title, and each unit or citizen may apply for joining in an E-mailbox mailing list of a particular classification by submitting relevant certificate of evidence to the administrative organ of CIP, which aims at facilitating the information exchange among like units or groups. [0053] In the above arrangement method of the public contact list of E-mailboxes, each unit or citizen can conveniently find the E-mailboxes of relevant administrative organs within certain administrative area, which brings about great convenience for units or citizens to carry on relevant administrative affairs. For example, in the case of online fraud, units or citizens can lodge a complaint or report the fraud after finding the E-mailbox of the public security organ or the administration for industry and commerce within that administrative area. In the case of tax payment, units or citizens can log in the tax hall through the website link displayed on the E-mailbox of the tax authority within that administrative area, thus the virtual cyber world and the real world are truly joined together and realize the actualization of virtual world.

21 PCT/CN 2010/001473 [0054] Descriptions about the E-mailbox users, the content of which shall be approved by the administrative organ of CIP, can be attached by application to the said E-mailboxes of units or citizens, and the E-mailboxes of a unit can be linked to this unit's external website by application. [0055] The E-mailbox of a unit or a citizen can be opened with two methods: one is to input the correct login account of the E-mailbox with the login password in EMS interface, after the verification of which the E-mailbox is to be opened , the other is to use the digital U Shield of the unit or the citizen and to input the correct "login account of the E-mailbox + the password of the digital U Shield" after the verification of which the E-mailbox is to be opened. [0056] CIP provides a notification function of sending text messages for cell phones to a mobile phone with its number bound to the E-mailbox, which is for publishing a system announcement or for real-timely sending authentication information of the E-mailbox login and ID card network authentication. Units and citizens are entitled to decide for themselves to use complete or partial notification service of text messages. [0057] An E-mailbox which has been logged in on a computer through passwords and has not been logged out shall not be logged in again on any other computers through passwords. When a computer tries to login through passwords an E-mailbox already logged in, the system is to prompt "This E-mailbox Is In Use Now" provided that the passwords input are correct, and this information is sent immediately for warning to a mobile phone of the E-mailbox user who has applied for the text message service. [0058] EMS provides identity network authentication through embedded module of the identity network authentication service in ISS, the users of the unit or citizen E-mailbox passing the identity network authentication can restore the initial login account of the E-mailbox, or take back the current login account of the E-mailbox, restore or reset the E-mailbox passwords, and the users can enable or disable this function in the E-mailbox. By applying to the administrative organ of CIP, both units and citizens can restore the initial login account of the E-mailbox, take back the current login account of the E-mailbox, restore or reset the E-mailbox passwords through certain formalities. OPERATION LOG AND ID CARD AUTHENTICATION LOG [0059] The citizen information platform has set an operation log and an ID card authentication log, the operation log consists of E-mailbox login records and records of relative operations of a user's 22 PCT/CN 2010/001473 information in the E-mailbox, the E-mailbox login records includes the total number of times of login, the IP address of the login computer and the login time, if the E-mailbox is logged in through a mobile phone, the mobile phone number will be recorded, the records of relative operations on a user's information in the E-mailbox include E-mailbox password modifications, user information inquiry and display; the ID card authentication log contains the ID card authentication frequency corresponding to all three types of ID card reader-writers, the IP address of the authentication computer and the time of login, and the mailbox user can timely notice whether his ID card is stolen or "cloned" by checking the ID card authentication log; the operation log and ID card authentication log can realize the tracing of the "motion tracks" of specific citizens. [0060] CIP has set special accounts for statutory organs, with which the logs (the operation log and ID card authentication log) and citizen identity information may be visited, only statutory organs (generally public security organs or procuratorial organs above provincial level) can visit the logs with a written authorization from the system programmers on special posts, and the scope of right to visit such logs shall be regulated by law for statutory organs of various kinds and at different levels. [0061] As for the benefits of this invention, the social and economic benefits are already enormous concerning the following aspects: the fast and convenient inquiry, check, display, ID card authentication and exchange of the information of citizens or units, the prevention against identity information disclosure and the elimination of ID card forgery. Through the realization of the aforementioned 12 great functions of mailbox websites and the integration of existing systems, the construction of a platform for sharing and exchanging information of citizens and units is actually the construction of the foundation of national information construction. It will provide network environment support for accelerating information construction and various business innovations. In addition, it will play an important role in many respects such as driving the exchange and sharing of all social information, social honesty construction, population management, social order as well as the information construction of all industries and eliminating repeated construction of information resources, and so on. DESCRIPTION OF DRAWINGS [0062] Figure 1 is a schematic representation of the structure of CIP, which is for the management of the identity information of citizens (units). The ISS provides identity authentication service. The EMS (including E-mailbox websites) provides E-mailbox management and online communication. The business management systems of various levels are mainly for the management of the issuance 23 PCT/CN 2010/001473 of ID cards and the distribution of mailboxes. Application systems refer to the various application systems using identity authentication service. Network terminals refer to various terminals that can log in E-mailbox websites. [0063] Figure 2 is a schematic representation of the front view of an ID card protective sleeve that is not sealed. It includes Part 1-the plastic material of the sealing fold, Part 2-the waterproof tape of the sealing fold, Part 3-the inlet of the protective sleeve and Part 4-the front side of the protective sleeve. Among them, Part 1--the plastic material of the sealing fold and Part 2-the waterproof tape of the sealing fold can fully seal the protective sleeve, thus to endow it with waterproof function. Part 3-the inlet of the protective sleeve is the place where to insert the ID card. Part 4-the front side of the protective sleeve is fully transparent and the front side of an ID card can be fully displayed and duplicated. [0064] Figure 3 is a schematic representation of the rear view of an ID card protective sleeve that is sealed. 5 refers to the back side of the protective sleeve, 6 refers to the masking tape of home address, 7 refers to the masking tape of the first group of ID card validation code and 8 refers to the masking tape of the second group of ID card validation code. Among them, 5- the back side of the protective sleeve is the transparent part beyond the masking tapes that can display ID card information. 6- the masking tape of home address indicates the display position of home address. 7-the masking tape of the first group of ID card validation code and 8-the masking tape of the second group of ID card validation code indicate the display positions of ID card validation codes. These three tapes can be uncovered and covered respectively. [0065] Figure 4 is a schematic representation of the using status of ID card protective sleeve. The information on the front side of the ID card can be fully displayed and duplicated. [0066] Figure 5 is a schematic representation of the No. I using status of ID card protective sleeve. The information on the back side of the ID card can be fully displayed and duplicated. [0067] Figure 6 is a schematic representation of the No. 2 using status of the rear view of ID card protective sleeve. It is the status when the information about ID card validation codes and home address on the back side of the ID card are covered with three tapes. [0068] Figure 7 is the structure drawing of the ID card reader-writer. It includes a radio frequency unit, a display unit, a storage unit, a keyboard unit, a fingerprint unit, a security unit, a communication unit and a control unit.

24 PCT/CN 2010/001473 [0068a] The radio frequency unit can realize wireless information exchange with the IC card through RF. [0068b] The display unit can display ID card information and other information with color LCD. [0068c] The storage unit can store the character library for reading dot matrix information about characters when the display unit displays characters. [0068d] The keyboard unit can input numbers or password. [0068e] The fingerprint unit can collect human fingerprints and conduct comparison of human fingerprints. [0068f] The security unit can install various authorization modules. [0068g] The communication unit can be connected to a computer. [0068h] The control unit is for the management of other units and mainly realizes the read of identity information, offline identity authentication and online network identity authentication through a computer. SPECIFIC IMPLEMENTATION METHOD [0069] The administrative organ of CIP is to integrate the institutional framework of previous public securities which are in charge of the administration of the information of citizens' identity card and household registration, and to manage hierarchically according to the Central Government, provinces, cities, counties and communities. The administrative organs above county level apply corresponding business management system to the management of issuance and maintenance of ID cards, the issuance of ID card reader-writers and authorization modules as well as the allocation of mailboxes. The community organs apply the business management system at community level to authorize community staff to offer such commercial or social services in chat rooms as to manage various group chat rooms based on the E-mailbox accounts, to publish notifications and advertisements and to conduct social investigation. [0070] The purchase, selling and disclosure of individual information is very serious in China and 25 PCT/CN 2010/001473 has caused widespread attention from national citizens, but no solution that can root out such phenomena has been developed. Laws and self-discipline are now the main channels for individual information protection, and there lacks preventive (or technical) protection. With the new design of ID card layout and the revolution of three display methods of ID card reader-writers, this invention fills the gap in preventive protection. For legislation, amendments should be made to The Law of the People's Republic of China on Resident Identity Cards, especially to the information carried by ID cards, the layout design and information in the IC card as this invention. Citizen Information Protection Law should be enacted and adopted as soon as possible to regulate the registration, check and usage of citizen identity information. Laws should be made that for any places and occasions where registration and application for certificates with individual names are necessary, real names and ID card numbers should be registered. [0071] The construction and promotion of CIP and its E-mailbox website include five stages: at the first stage, to build CIP and its E-mailbox website, to build CIMS and provide E-mailbox service by relying on the existing system of citizen identity card and household registration at the public security organ; at the second stage, to construct ISS and launch citizen identity authentication service; third, to carry on information services, such as the inquiry, check and display of citizen information through EMS; at the fourth stage, to improve CIMS and gradually stop the operation according to the former system of citizen identity card and household registration at the public security organ; at the fifth stage, to improve all functions of CIP, including to build the legal mailboxes of various units and realize the information exchange among units, citizens and between units and citizens. All the above stages should be experimented from local counties and cities, and then be gradually promoted to the whole nation. Through the strong popularization and introduction by administrative means and the market operation among the unique widespread mass audience based on the E-mailbox website of CIP, which can realize successful operation.

Claims

1. A method for managing citizen information, which includes exchange of information between citizens and enterprises, public institutions, social organizations and state organs (collectively called -"units"), as well as inquiry, check, display, identity authentication and statistics of information, is to establish, on the basis of the existing information management system of citizen identity cards and household registration in the public security organ, a national platform for citizen information management (hereinafter referred to as CIP for the "citizen information platform"), which comprises the citizen information management system, the information service system and the E-mailbox system with E-mailbox websites (hereinafter referred to as CIMS, ISS and EMS respectively);-CIMS is for the management of business related relating to ID cards and allocation of E-mailboxes, ISS provides managing functions of integration, classification, indexing and statistics of the information of citizens or units, and provides application services of inquiry, check, display, identity authentication and search of the information of citizens or units, and EMS is , through the E-mailbox websites, to provide services of E-mailbox, online communication, social research, public announcement and advertisement; the administrative organ of CIP assigns each citizen upon birth a legal E-mailbox for permanently free use, the sending and receiving account which (referring to the mailbox account dedicated for sending and receiving E-mails, the same below), set as the ID card number of a citizen, shall remain unchanged, and the login account of which (referring to the mailbox account dedicated for opening the E-mailbox, the same below), initialized as the ID card number of a citizen, can be modified, as the "collection and distribution base" of a citizen's personal information, the citizen's E-mailbox can, through the links provided by ISS, integrate each citizen's various personal information resources of their own distributed outside of CIP, like systems of bank, social insurance, housing, transportation, water and power supply (hereinafter referred to as "external systems"), and display such resources in the E-mailbox in form of various personal information files, (actually the links to various personal information), which the citizen can consult or display externally; EMS also assigns various units legal various units E-mailboxes for permanently free use, the sending and receiving account of which, to be initialized as the national unified organization registration code, shall remain unchanged, and the login account of which, to be initialized as the national unified organization Registration code, can be modified, possibly as the "collection and distribution base" of its own information, the E-mailbox of a unit can, through the links provided by ISS, integrate each unit's various information resources of their own distributed outside of CIP, like systems of identity, bank, housing, transportation, water and power supply, and display such resources in the E-mailbox in 2 PCT/CN.20 10/00 1473 form of various unit information files (actually the links to various unit information, the unit information files and the aforementioned personal information files in a citizen's E-mailbox are collectively called as "user's information files", the same below), which the unit can consult or display externally; EMS is provided with graphical stamps associated with the content of an E-mail, which are to change obviously with any modifications to the content of the E-mail with them; improvements are made to the layout design of the second-generation ID card, where two ID card validation codes are added and the display of some ID card information is rearranged, and where the ID card information is classified into three levels as "basic", "general" and "complete", which can be displayed accordingly by inserting the ID card into a protective sleeve; improvements are also made to the reader-writer of the IC card, where according to the three display levels of the ID card information, the reader-writer is classified into three types with three kinds of reading access to the IC card as "basic", "general" and "complete", and where each type has been equipped with the function of comparison among ID card validation codes, ID card passwords and network authentication frequency as well as the function of fingerprint identification; the IC card will, according to the aforementioned three levels of reading access, save the ID card information in separate areas to satisfy the needs of the three display levels, furthermore, the IC card, which saves the serial number of the IC chip, ID card password and two pieces of fingerprint information, also saves respectively according to the types of reader-writers the information of frequency of ID card network authentication done on the ID card reader-writer, among which the home address, the ID card password and the two pieces of fingerprint information can be modified with statutory authority, and the information of frequency of ID card network authentication done on the ID card reader-writer saved respectively according to the types of reader-writers will be refreshed as the frequency increases, while other information remains unmodified; the IC card reserves information storage space for extended applications to employee's cards, driver's licenses, bus cards, medical cards, social insurance cards and bank cards, thus to realize one card for multiple use; each citizen or unit can get a U Shield (i.e. the digital certificate that contains the basic identity information of a citizen or unit) through certain formalities directly from the administrative organ of CIP for application to various identity authentication at CIP.

2. A method for managing citizen information according to Claim 1 wherein based on the existing second-generation citizen ID card (with the dimensions, outline, pattern, texture, font, glyph, font size and material of the ID card and the capsulation method of the IC card remaining unchanged) two pieces of ID card validation code information are added on the ID card, the words "Citizen Identity Card" are added at the top of the photo, on the front side are printed certain items including name, gender, date of birth, nationality, ID card number, issuance organ, date of issuance 3 PCT/CN 2010/001473 and valid period, on the back side are printed home address and two pieces of ID card validation code information, which all are covered with special adhesive tape (to be uncovered and covered repeatedly) inosculated with the texture and patterns of the ID card, characters indicating the position of covered information can be printed on the back side of the special adhesive tapes, thus these three pieces of identity information are not to be displayed nor duplicated when unnecessary.

3. A method for managing citizen information according to Claim 2 wherein the date of issuance and the valid period on the front side of the ID card are indicated with a 7-digit code and displayed right after the name of the issuance organ; the year, the month and the day are indicated with totally 6 digits of one 2-digit number each, and there is another I -digit number indicating the term of use; the term below 9 years is to be marked directly with a particular number, while the capital letter "X" to stand for 10 years, "Y" for 20 years and "Z" for long term.

4. A method for managing citizen information according to Claim 1 or 2 wherein two groups of ID card validation codes, each of which consists of 9 digits comprising 8 digits of validation code and 1 digit of check code, are automatically generated by CIMS each time when an ID card is issued or renewed; the first group of ID card validation code can be applied to identity network authentication in ISS and the ID card network authentication done on the ID card reader-writer, while the second group of ID card validation code can only be applied to identity network authentication in ISS; the two groups of ID card validation codes are generated through the following method: firstly, a 16-digit number to be derived from numbers of the ID card and those randomly generated upon the issuance of the ID card through asymmetric encryption algorithm, secondly, a 1-digit check code derived from checkout arithmetic of the first 8 digits to be added to the end of the first 8 digits so as to form the first group of 9-digit ID card validation code, at last, the other 1-digit check code derived from checkout arithmetic of the last 8 digits to be added to the end of the last 8 digits so as to form the second group of 9-digit ID card validation code.

5. A method for managing citizen information according to Claim I wherein the IC card is designed to store identity information and that of no more than 10 extended applications; the fingerprint information in the identity information embraces the fingerprint data of two frequently used fingers, which can be replaced by other fingerprint data if necessary by applying to the administrative organ of CIP; the home address and ID card password information in the identity information are allowed to be modified by applying to the administrative organ of CIP; one of the three display levels of the ID card information in the IC card that is accessible to be read according to different levels of access is only to be read by the ID card reader-writers authorized by the administrative organ of CIP as per corresponding levels of access, and the information of extended 4 PCT/CN 2010/001473 applications can be read by the readers installed with the modules authorized by the administrative organ in charge of relative application system.

6. A method for managing citizen information according to Claim I or Claim 2 wherein the protective sleeve of ID card information, which is a transparent ID card security pocket with anti-wear, antifouling, waterproof and fireproof functions, is made from transparent plastic materials, on the surface of the protective sleeve at the location corresponding to ID card validation codes and home address there are three opaque adhesive tapes, which can be uncovered and covered repeatedly, thus these three pieces of identity information are not to be displayed nor duplicated when unnecessary, when these three pieces of identity information need displaying or duplicating, it's only need to uncover the opaque adhesive tapes on the surface of the protective sleeve without removing the protective sleeve from the ID card; characters indicating the positions of the covered information are printed on the back side of the opaque adhesive tapes on the surface of the protective sleeve.

7. A method for managing citizen information according to Claim 1 or Claim 2 wherein corresponding improvements are also made to the reader-writers of the IC card to adapt to the new layout design of the ID card, based on the three levels of ID card information, the reader-writers are classified accordingly into three types of "basic", "general" and "complete" with three kinds of reading access to the IC card as "basic", "general" and "complete", each type of the reader-writer can only display one of three levels of the ID card information so as to satisfy the needs of collecting ID card information of various industries in different situations, the "complete" type displays the ID card external information except the second group of the ID card validation code, the "general" type displays the ID card external information except the ID card validation codes, "basic" type displays the ID card external information except the ID card validation codes and home address; any other information in the IC card is not accessible to the ID card reader-writer except for such three levels of ID card information.

8. A method for managing citizen information according to Claim 7 wherein corresponding to the "basic", "general" and "complete" display levels of the ID card information in the IC card, three levels of reading access are set to the IC card, i.e. "basic", "general" and "complete", the ID card external information excluding the second group of the ID card validation code is stored in three areas of different levels of access in the IC card, the first of which stores the "basic" ID card information readable to all the three levels of "basic", "general" and "complete" access, the second of which stores the "general" ID card information excluding "basic" ID information readable to the two levels of "general" and "complete" access, and the third of which store the "complete" ID card 5 PCT/CN 2010/001473 information excluding the "general" ID information, readable to the sole level of "complete" access.

9. A method for managing citizen information according to Claim 1 wherein several encrypted authorization module interfaces are embedded inside the ID card reader-writer for installation of ID card read-and-write authorization modules, which shall be granted by the public security organ, to read and write ID card information according to one of the three access levels by the ID card reader-writer; the authorization modules of extended application systems, which shall be granted by the corresponding administrative organs of other business systems with the authorization from public security organs, can also be embedded for extending use of ID card to other business systems.

10. A method for managing citizen information according to Claim 1 wherein apart from the complete citizen ID card information, the information stored in CIP includes the fingerprint information, consisting of the fingerprint data of a citizen's ten fingers, and household registration information of a citizen and his/her immediate family members containing the spouse, sons and daughters and parents.

11. A method for managing citizen information according to Claim 1 wherein when ID card reader-writers are offline (meaning they are not connected to ISS), the authenticity of an ID card is verified through the following steps: first, whether the ID card to be read and displayed, second, whether the information displayed by the reader-writer to be consistent with the external information of the corresponding ID card.

12. A method for managing citizen information according to Claim 1 wherein when ID card reader-writers are offline , the legality of the holder of ID card is verified with the following methods: first, visual inspection of conformity between the photo on the ID card, the one displayed by the reader-writer and that of the real person; second, whether the ID card password input into the reader-writer is authenticated by the IC card; third, whether the fingerprint information input into the reader-writer matches the fingerprint information in the IC card.

13. A method for managing citizen information according to Claim 1 wherein ISS has set up ID card network authentication frequency counters for the three types of ID card reader-writers respectively, after each ID card network authentication through a type of ID card reader-writer, the authentication frequency of the corresponding type will be increased by 1, the IC card also stores the current ID card network authentication frequency value based on various types of ID card 6 PCT/CN 2010/001473 reader-writers respectively, the ID card network authentication with an ID card reader-writer is done by sending the information in the IC card read by any type of ID card reader-writer, including the displayed ID card information, fingerprint information and the current value of the authentication frequency counter, to ISS for network ID card authenticity comparison, if the compared content is the same, the corresponding type of counter in ISS will add 1 and ISS will refresh the network authentication frequency value of the same type in the IC card.

14. A method for managing citizen information according to Claim 1 wherein the methods to verify by the ID card reader-writer through network the legality of the ID card holder are as follows: first, to send the ID card password input into the reader-writer to ISS for ID card password authentication; second, to send the fingerprint information input into the reader-writer to ISS for fingerprint information matching.

15. A method for managing citizen information according to Claim 1 wherein for a newly issued ID card, it shall not be effectively used until the initial identity information of the ID card (including the name, the serial number of the chip inside the IC card, the ID card number, the ID card validation codes and the current ID card network authentication frequency), is saved in both CIP and the IC card, which is called as the identity information initialization of the ID card; the function of comparison among the ID card password and the two pieces of fingerprint information shall only be enabled separately or simultaneously by application to the administrative organ of CIP for approval to launch.

16. A method for managing citizen information according to Claim 1 or Claim 5 wherein the modification of ID card information shall be done with an ID card reader-writer connected to ISS through the following steps: first, to validate the old password; second, to set a new one, and the reader-writer will apply to CIP for password modification through ISS when it validates that the new passwords input twice are the same, after the password is successfully modified, the reader-writer will write the new password into the IC card.

17. A method for managing citizen information according to Claim 1 wherein the method for doing a network authentication of an unit identity through the identity authentication interface in ISS is to use the unit's digital certificate U Shield by imputing into it "the full name of the unit or the sending and receiving account of the E-mailbox thereof + the password of the unit's digital certificate U Shield", thus the authentication is done.

18. A method for managing citizen information according to Claim 1 wherein there exist three 7 PCT/CN 2010/001473 methods for doing a citizen identity network authentication in the identity authentication interface in ISS: first, to input the "the name or the ID card number + the ID card validation code 1" and the "the ID card password", second, to input the "the name or the ID card number + the ID card validation code 2" and the "ID card password", third, to use the citizen's digital certificate U Shield and to input "the name or the ID card number + the password of the citizen's digital certificate U Shield", thus the authentication is done ; the identity network authentication can also be done in the identity authentication interface of ISS embedded in the other application systems including banks and telecommunications, after the authentication is confirmed, the application system can obtain the citizen identity information needed by the very application system in accordance with administrative rules and regulations or with the authorization of the owner of the personal information.

19. A method for managing citizen information according to Claim I wherein ISS, which is linked to various external systems that offer unit or personal information include information resource systems and business application systems, establishes various databases of information item index or classification index for the search and statistics of identity information of the units or individuals on the basis on various unit or individual information; and provides the identity authentication of units or individuals through CIP; and provides classified inquiry, classified check and classified display of the information of units or individuals through EMS; and provides the aforementioned information services with embedded information service modules offered by application systems (including the electronic mailbox system of this platform) of the parties demanding information service.

20. A method for managing citizen information according to Claim 1 wherein EMS provides E-mailbox users with independent network storage space, where the user can set their own hierarchical directory to store all kinds of their own files (hereinafter referred to as the "user's file"); the user can set passwords for the user's file or the user's information views in the E-mailbox according to their needs, and associated links can be set between the user's file and the user 's information views, through which the user can open a user's information view from the user's file and vice versa.

21. A method for managing citizen information according to Claim 1, 17, 18, 19 or 20 wherein the E-mailbox users can set user information views that they need as display views, which they can number and set display passwords; when an E-mailbox user wants to display the content of such user information views, it's needed first to do identity network authentication of units or citizens in the information display interface of the unit or the individual in EMS, then to input the 8 PCT/CN 2010/001473 "file number" and the "display password" so as to view or display the unit or individual information (the identity information included).

22. A method for managing citizen information according to Claim 1, 17, 18, 19 or 20 wherein in EMS, when a unit or a citizen logs in the E-mailbox, the user information views needed can be selected, the files can be viewed and the links of such user information views on which the E-mailbox user has set a time limit can be sent through EMS to the target E-mailboxes of the parties demanding unit or individual information within this EMS after identity authentication, and the links of the user information views can also be transferred to other designated target E-mailboxes.

23. A method for managing citizen information according to Claim 1 wherein an online information exchange system embedded in the E-mailbox has set chat rooms for units, communities and various industries all year round, apart from the functions of common chat system which include one-to-one private chat and friend group chat, the chat rooms are managed by persons specially designated for the job as per administrative levels, people who join in a chat room shall all use their real names, and the E-mailbox users who put each other in their "Friend List" can show their own information (including their identity information), to each other in the chat system through authorization (by ticking directly in the option box of a certain user's information file).

24. A method for managing citizen information according to Claim 1 wherein the E-mails sent and received in EMScan be set in two forms of "online reading" and "download reading", either of which may be designated by the E-mail sender, and either of which may be designated by the receiver to the E-mails in the "download reading" form set by the sender; the E-mails set "online reading" by the sender are only read with the E-mail management software specially dedicated for EMSand shall not be downloaded; the E-mails in the "download reading" form can be downloaded to local terminals for storage and reading with the E-mail management software, specially dedicated or universal.

25. A method for managing citizen information according to Claim 1 wherein each E-mailbox has set various letter modules to satisfy the writing needs of various types of practical letters, the E-mails of legal instrument nature will be sent and received in a cipher text form, and the E-mails seen by the receiver will be the same as the ones generated by the sender in terms of content, format and type of paper, graphical stamps which are stored in EMS in advance are associated with the content of the E-mails, and any modifications to content will cause the stamp graphs to change obviously; the E-mails received contain the characters and marks of CIP, the sending and receiving accounts of the senders' and the receivers' E-mailboxes as well as the sending and receiving time; 9 PCT/CN 2010/001473 the E-mails successfully sent will be saved automatically and can be downloaded, displayed or printed, the saved content, format and type of paper of the E-mails, the abovementioned characters and marks of CIP, the sending and receiving account of the senders' and the receivers' E-mailboxes as well as the sending and receiving time cannot be modified, otherwise the stamp graphs will be caused to change obviously; the E-mailbox can classify and save the E-mails received into different categories according to the user's needs.

26. A method for managing citizen information according to Claim I wherein two kinds of E-mailboxes of Class A and Class B are set up in EMS, where Class A E-mailboxes owned by state organs or the administrative organs of CIP at various levels receives only the E-mails from other E-mailboxes in this EMS other than those from the E-mailboxes in other websites, and the E-mails from the senders blacklisted by a special E-mailbox will be directly dumped into the dustbin of the E-mailbox and be eliminated when the set term expires, upon which a returned notice will be sent to remind the sender that the E-mail have been dumped into the dustbin, Class A E-mailboxes are provided with a function that E-mails and text messages for cell phones are sent in the one-to-one or group form to all target E-mailboxes within the administrative or authorized areas, beyond which E-mails and text messages for cell phones are only sent in one-to-one form to target E-mailboxes, the E-mails and text messages for cell phones are received unconditionally by all target E-mailboxes, with an automatic notice returned notifying that "The E-mail has been received"; Class B E-mailboxes are owned by units or citizens excluding Class A E-mailbox users.

27. A method for managing citizen information according to Claim 1 or Claim 26 wherein Class B E-mailboxes have six modes of receiving E-mails: the "mode of receiving all messages" and the "mode of receiving messages from within the system", the "mode of receiving small-group messages" and the "mode of receiving non-group messages" and the "mode of receiving messages from friends"; the "mode of receiving all messages" means that the E-mailbox can receive all E-mails from both outside and within this system, the "mode of receiving messages from within the system" means that the E-mailbox receives only the E-mails from within this system, including group E-mails, the "mode of receiving small-group messages" means that the E-mailbox receives only the E-mails from within this system, excluding non-friend group E-mails that exceed the specified quantity, the "mode of receiving non-group messages" means that the E-mailbox receives only the E-mails from within this system and does not receive non-friend group E-mails, the "mode of receiving messages from friends" means that the E-mailbox receives only the E-mails from friends within the system, including group E-mails from friends.

28. A method for managing citizen information according to Claim 27 wherein Class B 10 PCT/CN 2010/001473 E-mailbox users can send through EMStext messages for cell phones to other E-mailbox users within this system in the one-to-one or group form subject to the receiving modes of the target E-mailboxes, the users of which receive text messages for cell phones from E-mailbox users within this system in the one-to-one or group form where the receiving mode of the target E-mailbox is the "mode of receiving all messages" and the "mode of receiving messages from within the system"; the users of the E-mailbox with the "mode of receiving small-group messages" receives text messages for cell phones from E-mailbox users within this system, excluding non-friend group text messages for cell. phones that exceed the specified quantity; the users of the E-mailbox with the "mode of receiving non-group messages" receives text messages for cell phones from E-mailbox users within this system and does not receive non-friend group text messages for cell phones; the users of the E-mailbox with the "mode of receiving messages from friends" receives only text messages for cell phones from his friends within this system, including group text messages for cell phones from friends.

29. A method for managing citizen information according to Claim 1 wherein a citizen E-mailbox, the accounts of which includes the sending and receiving account and the login account, both initialized as the citizens' ID card number, shall be opened initially by applying to the administrative organ of CIP for approval, after the opening of the citizen E-mailbox the sending and receiving account of the E-mailbox is fixed permanently as the ID card number, while the login account of the E-mailbox (mainly consisting of English letters, numbers and Chinese characters) is allowed to be modified by the citizen E-mailbox user by application; where the login account of the E-mailbox is successfully modified, the former login account of the E-mailbox becomes null and void immediately and only the new login account and password can be used to log in the E-mailbox.

30. A method for managing citizen information according to Claim 1 wherein a unit E-mailbox, the accounts of which includes the sending and receiving account and the login account, both initialized as the unit's national unified organization registration code number, shall be opened initially by applying to the administrative organ of CIP for approval, after the opening of the unit's E-mailbox the sending and receiving account of the E-mailbox is fixed permanently as national unified organization registration code, while the login account of the E-mailbox (mainly consisting of English letters, numbers and Chinese characters) is allowed to be modified by the unit E-mailbox user by application; while the login account of the E-mailbox is successfully modified, the former login account of the E-mailbox becomes null and void immediately and only the new login account and password can be used to log in the E-mailbox 11 PCT/CN 2010/001473

31. A method for managing citizen information according to Claim 30 wherein an exclusive "legal representative E-mailbox" with the full name of the unit may be set to represent that unit under the directory of each of the unit's E-mailbox in EMS, divisional E-mailboxes of various levels may be set by application of that unit and a certain number of post E-mailboxes may be set by each level of division according to their needs; the unit can determine to name the divisional E-mailboxes of various levels with their corresponding division names by applying to the administrative organ of CIP.

32. A method for managing citizen information according to Claim 1, 29, 30 or 31 wherein the E-mailbox mailing list service offered by EMS publishes the sending and receiving accounts of units' and citizens' E-mailboxes in the form of names on the E-mailbox website of CIP, i.e. each E-mailbox is named with the real name of the E-mailbox user and is linked to the corresponding sending and receiving account of the E-mailbox, thus the E-mailbox mailing list is displayed directly according to names of units or citizens, forming a national public E-mailbox mailing list; according to the classifications of state organs, enterprises (including a corporate entity, a non-corporate entity and individual business household), public institutions and social organizations (a corporate entity, a non-corporate entity) the E-mailboxes of units are arranged in the order of the administrative areas of the Central Government , the province (including municipal cities and the autonomous regions, the same below) the city, the county and the township (the village) where the units belong; the citizen E-mailbox mailing list, where the legal E-mailboxes of all citizens are collected, is arranged according to the administrative area of the citizens' household registration, i.e. the administrative areas of the province, the city, the county, the township (the village), the street district or the administrative village to which the place of citizens' household registration belong, the citizens who are unwilling to publish their specific domicile can apply to the administrative organ of CIP for arranging the E-mailbox mailing list in the order of family names at the level of the county or the city, the citizens are entitled to select either of the two arrangement methods with the first one as the default; the citizen E-mailbox mailing list can also be arranged according to the classification of units, each of which can apply to EMS for putting the legal E-mailboxes of the employees and the ex-employees of that unit on the same E-mailbox mailing list of the unit, an employee is entitled to decide to display his E-mailbox to other parties out of the unit or limit the access only to the employees in the same unit instead of others out of the unit; when a citizen moves to other administrative areas or is transferred to a new unit, his/her legal E-mailbox, which is to be put on a new E-mailbox mailing list of the new place of household registration or the new unit, remains on the original mailing list, capable of receiving E-mails as usual, except that it is to be marked with the words of "Moved Out" or "Transferred", and that sending and receiving account of the E-mailbox on the different mailing lists remains the same, 12 PCT/CN 2010/001473 directing to the exclusive E-mail address; EMS provides for units a public E-mailbox mailing list arranged according to the classification of industry and vocation and for citizens a public E-mailbox mailing list arranged according to the classification of industry, vocation and professional title, and each unit or citizen may apply for joining in an E-mailbox mailing list of a particular classification by submitting relevant certificate of evidence to the administrative organ of CIP.

33. A method for managing citizen information according to Claim 32 wherein descriptions about the E-mailbox users, the content of which shall be approved by the administrative organ of CIP, can be attached by application to the said E-mailboxes of units or citizens, and the E-mailboxes of a unit can be linked to this unit's external website by application.

34. A method for managing citizen information according to Claim I wherein the E-mailbox of a unit or a citizen can be opened with two methods: one is to input the correct login account of the E-mailbox with the login password in EMS interface, after the verification of which the E-mailbox is to be opened , the other is to use the digital U Shield of the unit or the citizen and to input the correct "login account of the E-mailbox + the password of the digital U Shield", after the verification of which the E-mailbox is to be opened.

35. A method for managing citizen information according to Claim 1 wherein CIP provides a notification function of sending text messages for cell phones to a mobile phone with its number bound to the E-mailbox, which is for publishing a system announcement or for real-timely sending authentication information of the E-mailbox login and ID card network authentication, units and citizens are entitled to decide for themselves to use complete or partial notification service of text messages.

36. A method for managing citizen information according to Claim 1 wherein an E-mailbox which has been logged in on a computer through passwords and has not been logged out shall not be logged in again on any other computers through passwords, when a computer tries to login through passwords an E-mailbox already logged in, the system is to prompt "This E-mailbox Is In Use Now" provided that the passwords input are correct, and this information is sent immediately for warning to a mobile phone of the E-mailbox user who has applied for the text message service.

37. A method for managing citizen information according to Claim 1 wherein EMS provides identity network authentication through embedded module of the identity network authentication service in ISS, the users of the unit or citizen E-mailbox passing the identity network authentication 13 PCT/CN 2010/001473 can restore the initial login account of the E-mailbox, or take back the current login account of the E-mailbox, restore or reset the E-mailbox passwords, and the users can enable or disable this function in the E-mailbox; by applying to the administrative organ of CIP, both units and citizens can restore the initial login account of the E-mailbox, take back the current login account of the E-mailbox, restore or reset the E-mailbox passwords through certain formalities.

38. A method for managing citizen information according to Claim 1 wherein an operation log and an ID card authentication log have been established in CIP, and the operation log, which may be visited by the E-mailbox user to find in time any abnormal login of the E-mailbox, consists of E-mailbox login records and records of relative operations of a user's information in the E-mailbox, the E-mailbox login records includes the total number of times of login, the IP address of the login computer and the login time, if the E-mailbox is logged in through a mobile phone, the mobile phone number will be recorded, the records of relative operations on a user's information in the E-mailbox include E-mailbox password modifications, user information inquiry and display; the ID card authentication log, which may be visited by the E-mailbox user to find whether the ID card has been duplicated or "cloned" by others, contains the ID card authentication frequency corresponding to all three types of ID card reader-writers, the IP address of the authentication computer and the login time.

39. A method for managing citizen information according to Claim 1 or Claim 38 wherein CIP has set special accounts for statutory organs, with which the logs (the operation log and ID card authentication log) and citizen identity information can be checked, only statutory organs (generally public security organs or procuratorial organs above provincial level) can open the logs with a written authorization from the system programmers on special posts, and the scope of right to open such logs shall be regulated by law for statutory organs of various kinds and at different levels.

40. A method for managing citizen information according to Claim I wherein the administrative organ of CIP integrates the institutional framework managing the information of citizens' identity card and household registration by the previous public securities, and manages hierarchically according to different levels of Central Government, provinces, cities, counties and communities; the administrative organs above county level apply corresponding business management system to the management of issuance and maintenance of ID cards, the issuance of ID card reader-writers and authorization modules as well as the allocation of E-mailboxes; the community organs apply the business management system at community level to authorize community staff to offer such commercial or social management services in chat rooms, to manage 14 PCT/CN 2010/001473 various group chat rooms based on the E-mailbox accounts, to publish notifications and advertisements and to conduct social investigation.