CN101236677B

CN101236677B - False proof and false proof tax control integrated system for commodity product

Info

Publication number: CN101236677B
Application number: CN200810030637XA
Authority: CN
Inventors: 黄欣阳; 谭敏生
Original assignee: University of South China
Current assignee: University of South China
Priority date: 2008-02-15
Filing date: 2008-02-15
Publication date: 2011-11-30
Anticipated expiration: 2028-02-15
Also published as: CN101236677A

Abstract

The present invention discloses a merchandise fake prevention and anti-fake tax control integrated system, comprising an anti-fake center, a credible third party and a POS sale query end, wherein the anti-fake center is used to generate anti-fake codes, finish making two-dimensional barcodes, store product information and anti-fake information and provide anti-fake authentication function; the credible third party is used to provide registration information of enterprises and institutions as well as enterprise anti-fake centers which are registered at the credible third party and to announce public key certificates; the POS sale query end is used to finish the functions of common POS sale ends, finish scanning two-dimensional barcodes on outer packages of products, determine query types, send query information to the anti-fake center, verify query results, query and verify a series of anti-fake query functions formed by the strange anti-fake centers of the credible third party; the anti-fake center, the credible third party and the POS sale query end are mutually connected through networks. The present invention is a merchandise fake prevention and anti-fake tax control integrated system which integrates merchandise fake prevention with anti-fake tax control, is high in function integration level, extremely high in query rate, safe and reliable.

Description

A kind of commodity counterfeit prevention and tax-supervise system system ensemble

Technical field

The present invention is mainly concerned with field of anti-counterfeit technology, refers in particular to a kind of commodity counterfeit prevention and tax-supervise system system ensemble.

Background technology

At present, the commodity counterfeit prevention based on technology barriers mainly contains: laser anti-counterfeit, false proof, the special paper China ink of watermark is false proof, lead sealing is false proof, fluorescence falsification preventing, magnetic anti-counterfeit, temperature become false proof, specific information is false proof and special plate-making is false proof or the like.But the high evil spirit in road is high, and nearly all best brand of product is still by forgery and illegal imitation of brand-name products.This is because there are three problems in these anti-counterfeiting technologies: the one, and the easy anti-counterfeiting technology of being discerned by masses, because of textural association easily is decrypted, technology easily spreads, anti-counterfeiting mark is stereotyped easily by counterfeit, antifalse effect is often undesirable; The 2nd, be difficult for or can't be by counterfeit anti-counterfeiting technology, because of losing, the professional instrument of specific information needs that adds and specialized knowledge discriminating discern the crowd that link presets in the anti-counterfeiting mark production run, and make the antifalse effect of this technology have a greatly reduced quality; The 3rd, these are had based on anti-counterfeiting technologies of technology barriers in case by the counterfeiter or after counterfeit cost reduces, will lose anti-fake effect, become manufacturing and marketing the fake person's umbrella on the contrary.Owing to these reasons make them occupy after the false proof mainstream technology.

In the prior art, " systems engineering of national code telephone service " Chinese patent----cipher counterfeit-proof marker of being promoted by Chinese false proof employer's organization tissue (application number: 95203425.5) open the new situation of commodity counterfeit prevention.This anti-counterfeiting mark that adopts number to encode than false proof means such as laser tag, watermarks, has had essential progress, and querying method is also very easy, rapid.But there is following shortcoming in this method: 1. reclaim the phenomenon that old coding fakes, the fakement phenomena that " printing a yard " arranged more; 2. once (can not inquire about and the dealer also can't inquire about) for final user inquiry only at before sales; 3. in addition the fake producer can also forge false proof center; 4. future, contingent exhaustive attack was with a large amount of codes that cancel; 5. because false proof center is to be in charge of by special anti-sham campany, this can cause commodity production producer inquiry cost to increase, and producer's anti-counterfeiting phone data problem such as may divulge a secret; 6. used private mark (being covered) and can't finish automatic input by certain overlayer; 7. 800 freephone popularity rates not high and surpass the then anti-sham campany of certain inquiry rate with the corresponding telephone expenses of unable burden, be difficult to get through and shortcoming such as message search cost height; 8. do not combine with other equipment (as cashing machine) or software (as selling software), we think that code anti-fake is a systems engineering rather than only relies on the problem of a software with regard to solving; 9. each anti-sham campany or false proof center often separately the battle array; the neither one national standard; the dedicated query terminal that is aimed at own Antiforge system that different anti-sham campanies uses; and can not be applicable to other false proof centers; this will limit the further developing of technology of Antiforge inquiry greatly; for example the product that is subjected to a false proof center protection can not be only sold in a market; and when selling the product of other false proof center protections; then need buy different inquiry terminals, this is the thing that is difficult to accept for the market.Wherein Zui Da shortcoming was low inquiry rate.For example, because the best inquiry rate of present false proof code is approximately 10% low person less than 1%.For 6188889.3388 of a certain false proof codes this code being repeated 10 then has 80% probability can not be found, and this makes the fake producer can utilize this principle to print in a large number false proof code, and very big may still not being found arranged.

Simultaneously, as another important step----tax control link in the production marketing, current taxation control system function has bigger limitation, comprises following aspect specifically:

1., mainly be by control the cash gathering of sale enterprise in cashing machine built-in encryption module.Why the tax control machine of this characteristics can control the tax affairs of retailer well, is because these enterprises must rely on the cashing machine sell goods.But not exclusively rely on the enterprise of cashing machine sell goods for other: as manufacturing enterprise and wholesale dealer when the sell goods, may not use cashing machine, also do not draw a bill simultaneously (this according to statistics commercial activity may account for some all sales behaviors of enterprise 50%), the tax revenue of country will be subjected to very big loss this moment;

Do not need to deduct when 2., some unit buys product with VAT invoice, also do not carry out the Antiforge inquiry of invoice, if this unit has used the invoice of writing out falsely or has used false invoice, owing to the limited supervisory ability of state tax authority, then the found chance of these problem invoices of this enterprise is seldom in addition;

3., because the current VAT invoice that has produced of all using national revenue department to provide, the enterprise that receives VAT invoice on the one hand worries that invoice is stolen, and on the other hand, when a certain invoice is cancelled, when the purchaser has accepted anti-fake taxation control invoices that the supplier leaves with the VAT invoice of cancelling, may stand unnecessary loss;

4., can only control the VAT invoice part, and for other tax revenue invoice, as common invoice, country then is difficult to supervision;

5., present taxation control system can not be taken precautions against following situation: if revenue department's operator and stranger collude with, then palm off invoice and can surf the Net inquiry and become true invoice;

6., at present, the inquiry of invoice and deduct cumbersome: could inquire about after when the inquiry invoice, will manually numeral being imported one by one; And when declaring dutiable goods deduction during VAT invoice, then more trouble need be through a poor efficiency step that manually with scanner whole invoice is scanned computer into and identification.Like this inquiry mode of poor efficiency is in case when very low inquiry rate occurring, the total collapse of Antiforge system then may occur;

7., can not the unit of stopping the false invoice of utilization make account, or make the problem of false account;

8., because the tax-supervise system machine mainly relies on technology barriers, if in a single day black box wherein is cracked, then state tax revenue loss is difficult to the appraisal;

After if tax-controlling card is lost, the unit that picks up just may utilize this card to play tricks, cancel even lose unit statement, also is difficult to avoid this behavior, because present taxation control system is not surfed the Net often.If the purchaser carries out value-added tax deduction and also do not carry out under the situation of Antiforge inquiry not needing, country will lose relevant tax revenue.

Summary of the invention

The problem to be solved in the present invention just is: at the technical matters that prior art exists, the invention provides and a kind ofly integrate commodity counterfeit prevention and tax-supervise system, functional integration height, have high inquiry rate and safe and reliable commodity counterfeit prevention and tax-supervise system system ensemble.

For solving the problems of the technologies described above, the solution that the present invention proposes is: a kind of commodity counterfeit prevention and tax-supervise system system ensemble is characterized in that it comprises:

False proof center in order to generate security code, is finished the preservation of making, product information and the anti-counterfeiting information of 2 dimension bar-codes, and the anti-fake certificate function is provided;

Trusted third party in order to the register information at the false proof center of enterprises and institutions and enterprise of trusted third party's registration to be provided, and announces public key certificate;

POS sells the inquiry end, in order to finish common POS point-of-sale terminal function and to finish by to the determining of the scanning of 2 dimension bar-codes on the product external packaging, query type, send query messages, Query Result is verified, verified or asks trusted third party to verify a series of Antiforge inquiry functions that false proof center is formed to false proof center;

Described false proof center, trusted third party and POS sell between the inquiry end and interconnect by network.

Described system also comprises:

Tax center, be the taxes at different levels center of setting up by the tax system institutional framework, have Tax Treatment authority and PKI and private key, generate invoice data in order to the anti-fake certificate result who sends here in conjunction with each false proof center for the merchandise sales end, request trusted third party notarizes to important invoice data, and to sales end return electron invoice;

The tax inquiry end is inquired about invoice in order to finish, and promptly carries out Antiforge inquiry and authentication through tax center;

Interconnect by network between described tax inquiry end, tax center and the trusted third party.

Described false proof center comprises:

Network communication module is for being responsible for being forwarded to other modules and by network data being mail to destination after network receives data;

Initialization module is in order to finish initial work such as System self-test, password checking;

The anti-counterfeiting information generation module generates product batches anti-counterfeiting information and product unit anti-counterfeiting information, solicited message security module and generates batch key, solicited message security module and generate the security code that false proof ciphertext, request bar code processing module form this center domain name, level code, commodity sign code and batch sign indicating number and false proof ciphertext and generate the anti-counterfeit bar code function in order to finish;

The information security module generates batch key in order to finish, generates pseudo random number, based on the encryption and decryption of DSE arithmetic, based on the encryption and decryption functions of asymmetric cryptosystem;

The bar code processing module is in order to finish the coding and the recognition work of 1 peacekeeping, 2 dimension bar-codes;

Print module is used for printing antifalsification label, comprising 2 dimension bar-codes;

The anti-fake certificate module, when receiving request such as the inquiry of the outside that communication module is sent such as Antiforge inquiry, at first the validity of end PKI is inquired about in checking, the integrality of data and the validity of digital signature are received in checking, decipher then after ciphertext in the security code, the false proof database of contrast verify, the registration and inquiry situation also sends Query Result to inquiry and relevant destination;

False proof database, the main product batches anti-counterfeiting information that generates by the anti-counterfeiting information generation module and the product unit anti-counterfeiting information etc. preserved;

Above-mentioned each module is operated on the computing machine popular software hardware platform basis.

Described trusted third party comprises initialization module, network communication module, unit information administration module, information security module, unit and false proof center authentication module, certificate repository update service module, distributed certificate storehouse and computing machine popular software hardware, described unit information administration module is mainly finished registration, change, time-out and the cancellation work at the false proof center of enterprises and institutions and enterprise in this mechanism, and produces, verifies and announce digital certificate; Described unit and false proof center authentication module mainly provide the authentication challenge to unit or false proof center; Described certificate repository update service module is regularly published the digital certificate and the certificate revocation list of change.

Described tax center comprises:

Initialization module, taxpayer's information management module, information security module, invoice generation module, invoice authentication module, bar code processing module, tax information storehouse, network communication module and computing machine popular software hardware;

Described taxpayer's information management module is used for finishing taxpayer's registration, change, time-out, cancellation, and described bar code processing module is used for finishing the coding and the recognition of 1 peacekeeping, 2 dimension bar-codes;

Described invoice generation module receive POS sell invoice that the inquiry end sends generate request and this request number comprise the anti-fake certificate result of product after, serve as foundation generation electronic tax invoice and return to the request end with false proof authentication result

Described invoice authentication module, when receiving the invoice query requests that the tax inquiry end sends, often verify at first that validity, the checking of tax inquiry end PKI receive the integrality of data and the validity of digital signature, contrast then invoice data checking in the tax information storehouse errorless after, the registration and inquiry situation is also returned Query Result to the inquiry;

Described tax information storehouse is a distributed data base that is made of all tax central databases, except registration taxpayer information, invoice data, also to register situation that invoice reimbursement inquiry and invoice deduction inquire about to guarantee an invoice and submitted an expense account at most or to deduct once;

Described POS sells the inquiry end and comprises:

Initialization module, daily Sales module, information security module, Antiforge inquiry module, print module, bar code processing module, network communication module and computing machine popular software hardware;

Described bar code processing module is used for finishing the recognition and the coding work of 1 peacekeeping, 2 dimension bar-codes;

Described daily Sales module is in order to finish common POS sales end function and to call the false proof center of Antiforge inquiry module request and carry out anti-fake certificate;

Described Antiforge inquiry module is carried out before the Antiforge inquiry request, must verify the validity at false proof center earlier, and then information such as security code and selling price are issued the authentication of false proof center.

Compared with prior art, advantage of the present invention just is: a kind of commodity counterfeit prevention of the present invention and tax-supervise system system ensemble with two-dimensional bar code as anti-counterfeiting mark, a plurality of false proof center based on the self-built of each producer or trust, under the assurance of trusted third party, can realize convenience, safe and effective commodity counterfeit prevention.If with commodity counterfeit prevention authentication and tax centre junction altogether, can also realize being the more outstanding tax-control anti-counterfeit system of the advantage on basis to make out an invoice in real time.Compare with existing method for anti-counterfeit, the present invention has the following advantages:

1, false proof center can be set up by each enterprise oneself, so both made each commodity is set up anti-dummy record separately, also can not make false proof database too huge, has also that cost is low, safety, an inquiry advantage such as conveniently;

Real-time inquiry when 2, having realized selling, the inquiry rate is very high, according to designing the inquiry rate that can reach 100%;

3, can control the sale of product: as falsifying control or when a certain batch product goes wrong, need only and in the product false proof database, limit accordingly, then can stop the sale of this batch products in China;

4, do not need tax control machine, can reduce the tax control cost, improve compatibility, upgrading is convenient, but the use of tax control machine does not influence the normal use of product anti-fake system;

5, write down all processes of commodity, can control personation and problem intermediate merchant's tax scams problem very effectively in the field of circulation.The process of circulation also can be used as the important clue of tracing the problem agent;

6, not only can carry out better controlled to VAT invoice, and also can better controlled for common invoice;

7, need not manually declare dutiable goods;

8, because the invoice that is used to submit an expense account all posts or has printed 2 dimension anti-counterfeit bar codes, be expected to realize the innovation of financial software--the electronization of-realization original certificate and accounting voucher data, this has profound significance to accountancy and the comprehensive Electronic Data Processing of audits and compliance work, also be expected to all reimbursement invoices are carried out Antiforge inquiry, and guarantee that every invoice for once submits an expense account chance;

9, have good security and reliability;

10, thoroughly stop the agent and write out falsely the invoice problem;

11, need the authentication of trusted third party for important invoice such as VAT invoice, so can take precautions against the individual work personnel's of revenue department illegal act;

12, trusted third party can stop to palm off false proof center.

Description of drawings

Fig. 1 has anti-fraud functional substantially system architecture synoptic diagram in the embodiment of the invention;

Fig. 2 is the system architecture synoptic diagram that has the expanding anti-fake function in another embodiment of the present invention;

Fig. 3 is the structural representation of prioritization scheme among the embodiment of Fig. 1;

Fig. 4 is the structural representation of prioritization scheme among the embodiment of Fig. 2;

Fig. 5 is the workflow synoptic diagram that POS sells the inquiry end among the present invention;

Fig. 6 is the workflow synoptic diagram at false proof center among the present invention;

Fig. 7 is the workflow synoptic diagram of trusted third party among the present invention;

Fig. 8 is the workflow synoptic diagram at tax center among the present invention;

Fig. 9 is the workflow synoptic diagram of tax inquiry end among the present invention;

Figure 10 is the structural representation of anti-counterfeit bar code among the present invention;

Figure 11 is the synoptic diagram that concerns that product unit is deposited level among the present invention;

Figure 12 is the workflow synoptic diagram of information security module among the present invention.

Embodiment

Below with reference to the drawings and specific embodiments the present invention is described in further details.

As shown in Figure 1, the present invention has among the anti-fraud functional substantially embodiment, comprises that POS sells inquiry end 100-1, false proof center 100-2, network 100-3, the 100-4 of trusted third party.Wherein, 1. false proof center 100-2 mainly finishes the generation (these two kinds of information are placed in the false proof database) of product batches anti-counterfeiting information and product unit anti-counterfeiting information and generates and put up antifalsification label (mainly being made up of 2 dimension anti-counterfeit bar codes), function such as anti-fake certificate is provided; 2. the 100-4 of trusted third party provides the unit of the administration for industry and commerce and revenue department's approval and registration, granting public key certificate, the announcement public key certificate at false proof center, maintenance update when unit and the change of false proof center, the issue of latest news, the authentication at enterprise and false proof center reaches the notarization task dispatching of serving as important invoice in expanding system for revenue department; 3. POS sells inquiry end 100-1 and finishes scanning to 2 dimension bar-codes in the packing of product, verifies false proof center (or the request 100-4 of trusted third party checking), sends Antiforge inquiry message to the effective false proof center of checking, Query Result is verified etc. function also should possess the function that common POS point-of-sale terminal is had in addition; 4. network 100-3 mainly refers to wide area network, as the Internet etc.

False proof center 100-2 mainly is made up of initialization module, network communication module, anti-counterfeiting information generation module, anti-fake certificate module, information security module, bar code processing module, print module, false proof database, computing machine popular software hardware.Wherein, 1. network communication module is responsible for being forwarded to other modules and by network data being mail to destination after network receives data; 2. initialization module is mainly finished initial work such as System self-test, password checking; 3. the anti-counterfeiting information generation module task of mainly finishing comprises: generate the product batches anti-counterfeiting information and (comprising: the country of production firm number, factory trading company, product sales area number, product type number, the commodity sign code, product batches, the retail guide price, wholesale guide price, batch key, the production date, the term of validity etc.) and the product unit anti-counterfeiting information (as the commodity sign code, serial number, product batches number, the retail sign, the retail date, middle quotient, current agent, agents at different levels code), the solicited message security module generates batch key, the solicited message security module generates false proof ciphertext, request bar code processing module generates information such as false proof ciphertext work such as anti-counterfeit bar code; 4. information security module major function comprises: generate batch key, generate pseudo random number, based on the encryption and decryption of DSE arithmetic, based on the work such as encryption and decryption of asymmetric cryptosystem, with reach dialogue safe and reliable, prevent purpose such as anti-counterfeiting information forgery; 5. the bar code processing module is finished the coding and the recognition work of 1 peacekeeping, 2 dimension bar-codes; 6. print module mainly prints the antifalsification label that contains 2 dimension bar-codes; When 7. the anti-fake certificate module is received request such as Antiforge inquiry, the validity of at first checking (can ask trusted third party's checking) inquiry end PKI, the integrality of data and the validity of digital signature are received in checking, decipher then after ciphertext in the security code, the false proof database of contrast verify, the registration and inquiry situation also sends authentication result to inquiry and relevant destination; 8. false proof database is mainly preserved by the product batches anti-counterfeiting information of anti-counterfeiting information generation module generation and product unit anti-counterfeiting information etc.; 9. be operated on the computing machine popular software hardware platform basis with upper module.

As shown in Figure 1, POS sells inquiry end 100-1 and mainly is made up of initialization module, daily Sales module, information security module, Antiforge inquiry module, print module, bar code processing module, network communication module, computing machine popular software hardware, finishes the sale and the real-time Antiforge inquiry request of commodity (also will ask the real-time invoicing in tax center certainly in expanding system) of commodity.Wherein: the 1. corresponding module functional similarity among initialization module, network communication module, information security module and the false proof center 100-2; 2. the bar code processing module is finished the recognition work of 1 peacekeeping, 2 dimension bar-codes, read the data in the anti-counterfeit bar code, wherein one of clear data in security code commodity sign code is mainly used in sales management, ciphertext then is used for Antiforge inquiry, so not only possessed common bar code in merchandise sales management function but also be convenient to false proof; 3. print module mainly prints shopping voucher (or purchase invoice); 4. daily Sales module is except traditional POS sales end will be finished the daily sales management work of commodity, also to call the false proof center of Antiforge inquiry module request and be carried out anti-fake certificate selling commodity, could allow after anti-fake certificate passes through to give client, otherwise can not sell merchandise sales; When 5. the Antiforge inquiry module is carried out Antiforge inquiry, must verify the validity at false proof center earlier, and then security code and selling price are issued the authentication of false proof center.

The 100-4 of trusted third party mainly is made up of initialization module, network communication module, unit information administration module, information security module, unit and false proof center authentication module, certificate repository update service module, distributed certificate storehouse, computing machine popular software hardware, the notarization role of the important invoice of revenue department is also served as in the checking and the management of the unit of finishing and false proof center public key certificate in expanding system.Trusted third party operates according to the running standard of CA among the electronic transaction SET of safety.

Wherein: the 1. corresponding module functional similarity among initialization module, network communication module, information security module and the false proof center 100-2; 2. unit information administration module major function comprises registration, change, time-out, nullifies unit and false proof center; 3. unit and false proof center authentication module mainly provide the authentication query service to unit or false proof center; 4. certificate repository update service module is regularly published the digital certificate (comprising certificate revocation list CRL) of change; 5. certificate format is pressed X.509 V3 standard, can issue by this mechanism at the digital certificate that this mechanism announces, also can be that other cooperation certification authorities of this mechanism issue but must be approved after the checking of this mechanism, this mechanism preserves digital certificate and certificate revocation list CRL with the form in distributed certificate storehouse, and the user can obtain the digital certificate that needs by certificate repository update service module.

Preferred version as this embodiment, as shown in Figure 3, the basic Antiforge system of optimizing is sold inquiry end 300-1, false proof center 300-2, network 100-3 and the 300-4 of trusted third party by POS and is formed, and this optimization system is sold at POS has increased local certificate repository (its structure and trusted third party's certificate repository are basic identical) and update module thereof the running efficiency with the raising total system on the composition basis of inquiry end 100-1, false proof center 100-2, the 100-4 of trusted third party.

Local certificate repository running is as follows: when the signature of information security module verification unit is not the digital certificate of asking this unit to trusted third party earlier, but from local certificate repository, search earlier its digital certificate, just to trusted third party's request, after obtaining this digital certificate, can carry out the checking work of digital signature when can not find.Certainly, for guaranteeing the validity of local certificate repository, we have increased update functions in initialization module, guarantee to upgrade every day.

In another embodiment, as shown in Figure 2, be the Antiforge system that the present invention has the expanding anti-fake function, it comprises that POS sells inquiry end 200-1, false proof center 200-2, network 200-3, the 200-4 of trusted third party, tax inquiry end 200-5, tax center 200-6.

Wherein, 1. POS sells the inquiry end 200-1 function that 100-1 possessed in basic Antiforge system, also requires to send invoice to tax center 200-6 when carrying out Antiforge inquiry and generates request; 2. the false proof center 200-2 function that 100-2 possessed in basic Antiforge system, also to when returning the anti-fake certificate result, the inquiry end send anti-fake certificate result (so that tax center generates invoice data) to tax center, (being used to generate important invoice) also will send authentication result to trusted third party if the Antiforge inquiry end carries out important inquiry, so that notarization is made for the important invoice that tax center produces by trusted third party; 3. the 200-4 of the trusted third party function that 100-4 possessed in basic Antiforge system, or the notary organization of the important invoice of revenue department; 4. the same 100-3 of the explanation of network 200-3.

As shown in Figure 2, tax inquiry end 200-5 mainly is made up of initialization module, invoice enquiry module, information security module, bar code processing module, network communication module and computing machine popular software hardware, finishes the Antiforge inquiry function of tax invoice.Usually it should combine that common realization invoice can not rendered an account by anti-fake certificate with the Account Disposal system of unit and function restriction such as record keeping, makes the existence of false invoice lose meaning.Wherein: 1. initialization module, network communication module, information security module and POS sell the corresponding module functional similarity among the inquiry end 200-1; 2. the bar code processing module is finished the recognition work of 1 peacekeeping, 2 dimension bar-codes, read the data in the invoice bar code, wherein the clear data in the bar code promptly is an invoice data, do not need manual typing, and ciphertext mainly is digital signature (signed data that comprises tax center is if important invoice (as VAT invoice) also comprises the signature of trusted third party); 3. the invoice enquiry module at first calls the bar code processing module and scans data in the invoice two-dimensional bar code, and the validity of certifying digital signature, send the invoice query requests to tax center then, submitted an expense account at most or deducted once the affair disposal system of at last Query Result being handed over the accounts to guarantee every invoice.

As shown in Figure 2, tax center 200-6 mainly is made up of initialization module, taxpayer's information management module, information security module, invoice generation module, invoice authentication module, bar code processing module, tax information storehouse, network communication module, computing machine popular software hardware, mainly finishes taxpayer's management, invoice generation and invoice anticounterfeiting authentication tasks.Wherein: the 1. corresponding module functional similarity among initialization module, network communication module, information security module and the false proof center 200-2; 2. taxpayer's information management module is mainly finished taxpayer's work such as registration, change, time-out, cancellation; 3. the bar code processing module is finished the coding and the recognition task of 1 peacekeeping, 2 dimension bar-codes; 4. the invoice generation module receive POS sell invoice that inquiry end 200-1 sends generate request and this request number comprise the anti-fake certificate result of product after, with false proof authentication result serves as according to generating electronic tax invoice (comprising tax data and digital signature, if important invoice also needs the digital signature of trusted third party with the expression notarization) and returning to the request end; When 5. invoice authentication module receipt of invoice inquiry as reimbursement query requests, often at first the validity of holding PKI is inquired about in checking, the integrality of data and the validity of digital signature are received in checking, contrast then invoice data checking in the tax information storehouse errorless after, the registration and inquiry situation is also returned Query Result to the inquiry; 6. the tax information storehouse is except registration taxpayer information, invoice data, also will register situation that invoice reimbursement inquiry and invoice deduction inquire about to guarantee an invoice and submitted an expense account at most or to deduct once.

As the preferred version of the foregoing description, as shown in Figure 4, the expanding anti-fake system of optimization comprises that POS sells inquiry end 400-1, false proof center 400-2, network 400-3, the 400-4 of trusted third party, tax inquiry end 400-5 and tax center 400-6.This optimization system is the optimal combination of the ultimate system (shown in Figure 3) of expanding system (shown in Figure 2) and optimization.Wherein, on the basis of tax inquiry end 200-5 shown in Figure 2, increase financial software, local certificate repository, on the basis of tax center 200-6, increased local certificate repository.The expanding anti-fake system that optimizes possesses commodity counterfeit prevention, the false proof comprehensive function of the tax, has characteristics such as safety, quick, automaticity height.

Below workflow of the present invention is described in further details, when receiving or send message, suppose that the information security module carried out the work of treatment that ensures communication safety, promptly comprise relevant data carried out enciphering/deciphering, signature and checking.

As shown in Figure 5, sell the schematic flow sheet of inquiry end program for POS among the present invention, POS sells the inquiry end as the most important commodity counterfeit prevention inquiry of native system end, except finishing common POS marketing function, also serve as the key player of commodity counterfeit prevention inquiry (contain to tax center and send the request of drawing a bill), can significantly improve the inquiry rate of anti-fake product.In some Antiforge system, POS can only send the Antiforge inquiry request to a false proof center, the POS of native system design sells the inquiry end can be to any false proof center requests anti-fake certificate that is applicable to native system, just can and obtain the false proof center requests anti-fake certificate of trusted third party's permission and registration to anti-counterfeit bar code form, the communication format of any use native system compatibility.

As shown in Figure 5, the working routine flow process of POS sale inquiry end is:

1), system initialization, starting computer software and hardware among the 500-1, the operator imports the user name and password to confirm identity, the operator carries out the renewal (then can omit this step as adopting automatic renewal) of certificate repository;

2), 500-2 operator prepares to new client's merchandising;

3), 500-3 operator is scanned the anti-counterfeit bar code district (the bar code content form as shown in figure 10) of commodity with barcode scanner, obtain information such as false proof center domain name 500-3A, commodity sign code 500-3B and false proof ciphertext 500-3C, wherein, false proof ciphertext sees Figure 10 and explanation thereof for details.

4), 500-4,500-7,500-9,500-10,500-12 major function among Fig. 5 be the validity of the false proof center of checking domain name, the legitimacy of trade mark, to prevent to palm off false proof center or counterfeit trademark.Specifically; at first search this false proof center domain name from local certificate repository; find the back to check that its state (comprising the protection authority to current goods marks) then is considered as checking as no problem and passes through; if can not find then ask this false proof center of trusted third party authentication; after receiving the authentication answer of trusted third party, recalls information security module confirmation validity and integrality are if authentication effectively; then will this false proof center be kept at for information about in the local certificate repository, otherwise change issue handling.Checking to false proof center finishes.

5), the 500-5 among Fig. 5,500-6 mainly finish the task of listing statement of merchandise sales.

6), the 500-8 among Fig. 5,500-11 mainly finish the anti-fake certificate of product.Wherein, 500-8 sends false proof request to false proof center 500-3A, comprise anti-counterfeiting information (commodity sign code 500-3B, batch sign indicating number and false proof ciphertext 500-3C) and marketing information (as dealer, selling price etc.), can certainly send the request of drawing a bill to tax center simultaneously.500-11 recalls information security module is confirmed the validity of authentication result, if effectively then continue, otherwise changes issue handling.

7), issue handling at first the reporting errors reason so that error correction, this product of deletion from selling inventory then.

8) if continue sell goods, then change step 3) to same client, otherwise, step 9) changeed.

9), registration sales figure, printing sale voucher/invoice etc. are given this client and collection of cash.

10), finish the sale of current customer, and change step 2) prepare to new client's sell goods.

False proof center groundwork program circuit synoptic diagram as shown in Figure 6, two functions are mainly finished at false proof center: the one, finish false proof preliminary work (this comprises: generate product batches anti-counterfeiting information and product unit anti-counterfeiting information, generate security code, generate and put up work such as anti-counterfeit bar code); Another function is to finish anti-fake certificate work; Also have other additional functions: as the generation and the renewal work of local certificate repository.

From these three aspects false proof central task program circuit shown in Figure 6 is described below:

(1), false proof preliminary work

A), 600-5 generates batch anti-counterfeiting information and is kept in the false proof database.These information comprise: the country of production firm number, factory trading company, product sales area number, product type number, commodity sign code, product batches, retail guide price, wholesale guide price, batch key, production date, term of validity etc., wherein batch key is for generating the key of this false proof ciphertext in batch products unit, random number generator by the information security module generates, and then registration gets final product other information according to production information;

B), 600-9 generates each product unit anti-counterfeiting information and is kept in the false proof database.Product unit (referring to product consumption unit and storage unit) anti-counterfeiting information comprises: unit rank, commodity sign code, serial number, product batches number, retail sign, retail date, integrity flag, higher level's unit number, the initial serial number in subordinate unit, subordinate unit stop serial number, middle quotient, current agent, agents at different levels code etc.; Wherein, " unit rank " represents the residing rank in this unit (seeing Figure 11 and explanation thereof), " retail sign " is that this product of true respresentation is by retail, " integrity flag " can wholesale or retail for true time, " current agent " shows whom product just sold by, " higher level's unit number " shows the storage unit serial number of depositing this product unit, " the initial serial number in subordinate unit; the subordinate unit stops serial number " shows respectively then that the product unit of being deposited by this unit is initial and stops serial number that (consumer unit (as a cigarette package) is not deposited subordinate's product unit certainly, and a cigarette (storage unit) can be deposited 10 continuous cigarette packages of serial number (as from 0021 to 0030);

C), the symmetric cryptography function in the 600-12 recalls information security module is encrypted the false proof ciphertext (see Figure 10 and explanation thereof) that can obtain product unit to the identity code (seeing Figure 10 and explanation thereof) of product unit with result and this random number of the functional value XOR of certain random number with batch key.At last, can obtain security code by false proof center domain name, level code, commodity sign code, batch number and false proof ciphertext;

D), 600-14 bar code processing module encodes to security code by the coding rule of two-dimensional bar code and obtains anti-counterfeit bar code and it is printed on the antifalsification label, at last antifalsification label is sticked on the product external packaging.The antifalsification label that requirement is puted up must keep the corresponding relation between the product unit identity code in the false proof database (specifically with reference to Figure 11 and explanation thereof).

(2), anti-fake certificate work

The groundwork of anti-fake certificate is to sell authentication query.Here, we are that example illustrates with POS sale authentication query only.Mainly comprise two parts in the inquiry request message: anti-counterfeiting information and marketing information, wherein anti-counterfeiting information comprises commodity sign code, product batches and false proof ciphertext.

In general, for any information of receiving and sending, all suppose the recalls information security module sign/encrypt and decipher/verify.Below work and promptly suppose and under the errorless situation of requestor identity checking, carry out.

A), 600-6,7,10 finishes anti-counterfeiting information and tentatively authenticates.600-7 obtains key according to commodity sign code in the anti-counterfeiting information and product batches from database, and according to the false proof ciphertext in Figure 10 and the explanation deciphering anti-counterfeiting information thereof and can obtain identity code ', then, 600-10 judge the data among the 600-6 be commodity sign code, product batches with identity code ' in corresponding information whether identical, be then to change next step to continue authentication, otherwise, show that this anti-counterfeiting information forges, change issue handling e);

B), 600-11,13,15, the false proof database of 16 contrasts are finished authentication query.If it is complete (the subordinate unit that promptly this unit comprised is not separated sale) and not by retail that and the inquiry merchant's consistent (being used to control falsifying and accident treatment) and commodity of this commercial product identification sign indicating number and current agent is arranged in the false proof storehouse, show that then these commodity can be sold, otherwise change issue handling e);

C), two kinds of registration process of selling inquiry of wholesale and retail.At first be that the registration work that this commodity unit and subordinate unit (if the subordinate unit is arranged) thereof are finished: 600-17,19 finishes wholesale inquiry registration process, i.e. this purchases of registration merchant in the record at these commodity unit and subordinate unit thereof (if the subordinate unit is arranged) place in false proof storehouse, and to put it be current agent; 600-18,20 then in false proof storehouse the mid-retail of record at these commodity unit and subordinate unit thereof (if the subordinate unit is arranged) place be masked as very, promptly finish the retail registration process.Then, 600-22 puts the integrity flag of all higher level unit (if the higher level unit is arranged) of this unit for false.

D), the reason that Reports a Problem of 600-21, problem is handled;

E), send the authentication query result.600-23 sends Query Result by network communication module to inquiry end (tax is false proof if desired also will be to tax center, trusted third party's (if important inquiry));

(3), the local certificate repository of additional work-upgrade

Local certificate repository is preserved the up-to-date effective public key certificate and the relevant information of contact unit, to improve the efficient of authentication.Can upgrade certificate repository or before every day work, upgrade the up-to-date public key certificate and the relevant information of contact unit in morning every day., also can be saved after authentication effectively for the public key certificate of strange unit.

As shown in Figure 7, workflow synoptic diagram for trusted third party of the present invention, trusted third party is as the public key certificate bulletin and the certification authority at the related enterprises and institutions of this Antiforge system, the false proof center of enterprise and tax center, also be the notary organization of the important tax invoice in tax center (as VAT invoice) simultaneously, the checking of unit and false proof center public key certificate and the authentication query at daily management mission and the unit of providing and false proof center, the notarization of important invoice and certificate repository update service are provided in groundwork.Preserve the public key certificate (its form according to X.509 V3 standard) at registered juristic person unit and false proof center in the certificate repository, certificate repository is also preserved other data at registered juristic person unit and false proof center.

From four aspects trusted third party shown in Figure 7 workflow is described below.

(1), trusted third party's fill order 700-3 registration, change, cancellation unit or false proof center

1), legal entity's this Antiforge system of applying for the registration of

The legal entity that application adds this Antiforge system (comprises industrial and commercial enterprises, revenue department (tax center), anti-sham campany etc. possesses the unit of legal personality) must carry relevant data and apply for registration of to the trusted third party of locality, these data comprise its legal person's certificate (industrial and commercial operation license), tax registration certificate, manage the trade mark of product, digital certificate (is respectively applied for and encrypts and signature verification for 2 parts, can not generate for it by trusted third party if having) and other certificates that need, checking is errorless through trusted third party, then important content and the relevant information that these data comprised can be kept at the line number word signature approval of going forward side by side in the certificate repository, announce its information in the suitable time then, finish registration work.

2), registered unit is at this Antiforge system false proof center of applying for the registration of

Have only after trusted third party applies for the registration of, false proof central party can obtain the false proof qualification of approval in native system.False proof center can not add this Antiforge system with status of a legal person (being that false proof center does not possess legal personality); can only add as the affiliated institutions of unit or anti-sham campany; therefore; only after native system was finished registration, product was protected at the false proof center of could apply for the registration of false proof center or the anti-sham campany of trust in legal entity.The registrable a plurality of false proof centers of certain legal entity; but the false proof center of manufacturing enterprise can only protect our unit's registered trademark (in native system; the protection registered trademark is meant that the product to using this registered trademark carries out anti-fake certificate), and the false proof center of anti-sham campany is in the registered trademark that can protect agent authorized after entrusting the unit mandate.

False proof center must be provided the data of protected registered trademark, false proof center domain name, 2 parts of false proof center digital certificates, be reached other data when applying for the registration of.Errorless through trusted third party checking, in certificate repository, preserve this application for information about and through the digital signature approval, announce its information in the suitable time then, finish this false proof center registration work.

3), change, cancellation unit or false proof center

When registered legal entity or false proof center need be changed, during operation such as cancellation, can carry out as long as supply relevant data.

When the false proof center of anti-sham campany increases protected trade mark, the contract of authorization, registered trademark data, and other data that need of clientage (clientage must in the native system registration) signature must be provided, but clientage's registered trademark can only be protected.

When the false proof center of manufacturing enterprise increases new protected registered trademark, as long as provide the data of this registered trademark.

Errorless through trusted third party checking, preserve this and operate in the certificate repository and and carry out the digital signature approval update, announce its information in the suitable time then, finish this work.

Above data generally formally effective at second day (this is because each registered units generally only carries out the certificate repository down loading updating in every day before the work) is if urgent the renewal then receives urgent the renewal by each registered units of responsible proactive notification as soon as possible of trusted third party.

(2), 700-4 certificate repository update service

According to the update request of update request end, trusted third party after compression and digital signature, sends to the requesting party with nearest renewal or the needed unit of requesting party and false proof central information (comprising public key certificate and relevant information).

Can be any lastest imformation that tax center is not provided in the unit of this center registration.

(3), the authentication query processing of request at 700-5,8,11 pairs of units or false proof center

For the authentication query of legal entity, trusted third party need check following condition: whether certified legal entity is in validity of the public key certificate of native system registration, the character of unit, the registered trademark that has, this unit etc.

For the authentication query at false proof center, trusted third party need check following condition: the authority of this registered trademark of this enterprise of protection, the validity of its public key certificate etc. are registered, whether had in certified false proof center whether.

If above condition is all out of question, then returns essential information and the public key certificate and the legal sign at certified legal entity or false proof center, otherwise return the details and the illegal sign of problem to the request end.

(4), 700-6,7,9, the 13 pairs of important invoice notarization in tax center processing of request processes

1. number be foundation with same legal entity the same request of making out an invoice, the anti-fake certificate result who sends according to each false proof center examines the tax data in the invoice notarization request; If 2. audit meets the requirements, then the call format according to tax center carries out issuing tax center after the digital signature to data; 3. otherwise change issue handling;

As shown in Figure 8, workflow synoptic diagram for tax center among the present invention, tax center is the affiliated institutions of the tax bureaus at various levels, can be divided into according to China revenue department hierarchical structure: national general bureau tax center, province office tax center, districts and cities office tax center, county telephone central office tax center.The taxes at different levels center at first obtains public and private key and digital certificate by certain way, and after digital certificate is announced separately in mechanism of trusted third party registration, can normally carry out the work, this comprises: taxpayer's qualification authentication, the service of drawing a bill in real time is provided, tax tax control work such as invoice authentication query service are provided.

Tax central task flow process shown in Figure 8 is described from three aspects below:

(1), 800-3 finishes taxpayer's qualification authentication

To the legal person who possesses the qualification of paying taxes register, change of registration, cancellation registration and other registrations.As long as legal person's certificate (industrial and commercial operation license), pertinent certificate and digital certificate are provided, through examining requirement up to specification, can grant registration, relevant information is kept at the tax information database.

(2), 800-4 etc. finishes the service of drawing a bill

Suppose that the information security module has been verified the legitimacy of sender's identity and the validity of data when receiving request of drawing a bill or commodity counterfeit prevention authentication message.

1. 800-4 receives request of drawing a bill and related data; 2. the sales data in the true and false and data audit: the 800-10 request of will making out an invoice compares with the authentication message of sending from relevant false proof center, if be verified as true and consumption sum no problem by sell goods, then continues next step, otherwise changes issue handling; 3. generate common or important invoice: if request generates common invoice, after then the amount of tax to be paid is answered in calculating according to the tax rate by 800-15, generate the common invoice data and be kept in the tax information storehouse, change 800-27 simultaneously.If request generates important invoice (as VAT invoice), then calculate tax liability according to the commodity tax rate and generate the invoice tax data by 800-16,800-20 issues trusted third party's notarization with the tax data of invoice then, receiving that third party's data that 800-24 and 800-16 as a result generate of will notarizing of 800-21 after the message of notarizing compare, if no problem then be attached to and change next step after generating important invoice data behind the invoice tax data and being kept at the tax information storehouse, otherwise change issue handling by the 800-25 signature of will notarizing; 4. 800-27 tax center is carried out digital signature to invoice data and is obtained electronic invoice (also may need sometimes data such as invoice, digital signature are carried out barcode encoding); 5. 800-29 sends to the requesting party that makes out an invoice with electronic invoice.

(3), 800-5 etc. finishes the service of various invoice authentication query

1. 800-5 receipt of invoice authentication query request; 2. digital signature validity and data consistency authentication: 800-8 at first verifies the digital signature of invoice, inquire about then in the invoice data preserved in the tax information storehouse and the request invoice data whether once, if signature effectively and data consistent then continue next step, otherwise change issue handling; 3. various authentication query is handled (for the sake of simplicity, we temporarily only consider three kinds of authentication challenges): the common authentication query of A. (only inquiring about the true and false and the invoice reimbursement deduction situation of invoice), 800-19 changes next step read reimbursement deduction information from the tax information database after; B. submit an expense account authentication query (being the query requests that certain treasurer's department of unit sends to tax center the invoice of being rendered an account), 800-18 checks that the requesting party has no problem and this invoice whether to be submitted an expense account, if two aspects are no problem all, then 800-23 writes down this inquiry unit in the reimbursement field in this invoice (in the tax information storehouse), continues next step then; C. authentication query: the 800-17,22 that deducts checks that requesting parties have no problem, this invoice whether to be submitted an expense account and deducted and whether other aspects have problem (for example: deduction inquiry unit and purchasing unit are to denying whether purposes consistent, goods satisfies deduction condition etc.), if tax deduction is carried out for the inquiry unit in these aspects all no problem then 800-26, and 800-28 this inquiry unit of registration in the reimbursement field of this invoice (in the tax information storehouse) and deduction unit field; 4. 800-31 sends Query Result to the inquiry end, and this authentication query service finishes.

As shown in Figure 9, workflow synoptic diagram for tax inquiry end among the present invention, the 900-1 groundwork comprises: system initialization, operator import the user name and password and upgrade local certificate repository, the renewal of the taxes especially at different levels center digital certificate to confirm identity and recalls information security module.

The process of an invoice of tax inquiry end inquiry is as follows:

1. the bar code on invoice of 900-2 scanning can obtain corresponding electronic invoice (comprising information such as invoice code, invoice number, the date of making out an invoice, the side's of purchasing number of paying taxes, the number of paying taxes of pin side, commodity sign code, the amount of money, the amount of tax to be paid and digital signature); 2. whether the digital signature on the 900-3 recalls information security module checking invoice is effective, invalidly then changes issue handling, otherwise continues next step; 3. dissimilar query processings: the common authentication challenge of A. invoice: 900-5 sends information such as " query type, invoice data, invoice signatures " to tax center; After receiving the authentication result of returning at tax center, 900-8 (validity that needs recalls information security module authentication verification result) judges according to authentication result content (comprising situations such as the true and false, reimbursement and deduction): if false invoice or submitted an expense account/deducted and then changeed issue handling, otherwise 900-11,13 preserve (electronics) original certificates and fill and present accounting voucher (this invoice must by reimbursement or deduction authentication query could as effective original certificate examined by and record keeping); B. the processing procedure of reimbursement inquiry and deduction inquiry: 900-6 or 7 sends information such as " query type, invoice data, invoice signatures " to tax center; After receiving the authentication result of returning the Help Center, 900-9 (validity that needs recalls information security module authentication verification result) judges according to authentication result content (comprising situations such as the true and false, reimbursement and deduction), if false invoice or submitted an expense account/deducted and then changeed issue handling, otherwise 900-12,14,15 add the authentication signature at tax centers and preserve (electronics) original certificate or on the electronics original certificate of having preserved, add tax center authentication signature, fill and present/revise accounting voucher and examine accounting voucher.

As shown in figure 10, be the structural representation of anti-counterfeit bar code among the present invention, the anti-counterfeit bar code content comprises three parts: false proof center domain name 1000-1 (must with false proof center being consistent in trusted third party registration), commodity rank batch sign indicating number 1000-2, false proof ciphertext 1000-3.Wherein: 1. commodity rank batch sign indicating number 1000-2 is made up of level code 1000-5 (level of representative products unit sees the explanation of Figure 11 for details), commodity sign code 1000-6 (with reference to GB12904-2003), batch number 1000-7; 2. 1000-8 is the generative process of false proof ciphertext 1000-3: false proof ciphertext=E _Key(identity code

Integer 1, integer 2), to be symmetric cryptography function E with batch key (can with increasing key safety than complicated approach) encrypt the result of identity code 1000-4 (abbreviation identity code) Yu integer 1 XOR of product unit (promptly expressly part 1) and integer 2 (i.e. plaintext part 2) obtains false proof ciphertext, wherein, identity code 1000-4 is by level code 1000-5, commodity sign code 1000-6, batch number 1000-7 and serial number 1000-9 form, integer 1=L (integer 2) is that certain stuffing function L acts on integer 2 (being a random number) and the number isometric with identity code that obtain

It is xor operation.

On the contrary, can from false proof ciphertext 1000-3, obtain product unit identity code 1000-4 according to the following procedure:

1. false proof plaintext=decryption function _Key(false proof ciphertext), decryption function is identical with encryption function E, and key is an encryption key; 2. part 1 in product unit identity code=false proof plaintext L (part 2 expressly).

As shown in figure 11, among the present invention product unit deposit the hierarchical relationship synoptic diagram, false proof center product unit promptly leaves in the high rank unit with a kind of product low level product unit according to the order of depositing from rudimentary to senior.Use " D-C-B-*? " among the figure or the identity code PID of " D-C-B-* " expression product unit, the implication of forming is: the rank of digital D representative products unit is D, C represents the commodity sign code, B representative products batch number, * represent the some bit digital in front or the whole serial number of serial number,? represent a tens digit.Here product unit refers to the storage unit of consumer unit and different stage.

Be exemplified below:

A kind of cigarette, commodity sign code be 1234567890123,071101 batches 10000 cigarette packages (genus consumer unit) and storage unit to deposit relationship description as follows:

1. the identity code PID that establishes this ten thousand cigarette package (belonging to 0 grade of unit) is: 0-1234567890123-071101-00001,0-1234567890123-071101-00002, ..., 0-1234567890123-071101-10000, wherein '-' can remove for separator; 2. this ten thousand cigarette package is assembled into 1000 cigarettes (belonging to 1 grade of unit), and their identity code PID are: 1-1234567890123-071101-0001, and 1-1234567890123-071101-0002 ..., 1-1234567890123-071101-1000; 3. then these thousand group, of cigarettes are dressed up 20 casees cigarettes (belonging to 2 grades of unit), identity code PID is: 2-1234567890123-071101-001, and 2-1234567890123-071101-002 ..., 2-1234567890123-071101-020; 4. corresponding relation: suppose that this 10 cigarette package of 0-1234567890123-071101-00001～0-1234567890123-071101-00010 leaves in this cigarette of 1-1234567890123-071101-0001, same these 50 cigarettes of hypothesis 1-1234567890123-071101-0001～1-1234567890123-071101-0050 are left in again in the 2-1234567890123-071101-001 case, and the relation of depositing of this product unit must correspondingly be reflected in the false proof database.

This corresponding relation can significantly improve the efficient of Antiforge inquiry.If look into the true and false of a FCL cigarette,, and do not need each bag in this case or each bar cigarette are carried out Antiforge inquiry then as long as inquire about the security code of this case.

As shown in figure 12, workflow synoptic diagram for information security module among the present invention, the information security module is mainly finished three functions: to the message that sends is carried out digital signature and encryption, the message that receives is decrypted and verifies the signature of transmit leg, upgrade local certificate repository, wherein preceding two functions show at needs and use when confirming correspondent's identity, the purpose of design of local certificate repository is to improve verification efficiency in order to reduce Internet traffic, a part that belongs to trusted third party's distributed certificate storehouse content is upgraded local certificate repository and is in order to guarantee local certificate repository consistent with the trusted third party certificate repository.

(1), message sends safe submodule---to the message that sends is carried out digital signature and encryption

1200-2 etc. finish digital signature and encryption function, below by being with digital envelope and not being with two kinds of situations of digital envelope to describe respectively:

1), be not with digital envelope message to send safe submodule

1. 1200-5 digital signature function carries out digital signature with private key to the data that are about to send; 2. communication key that take out to preserve of 1200-9,1200-12 and with it data that are about to send and signed data are encrypted and to be obtained the ciphertext of communicating by letter; 3. the 1200-15 communication module ciphertext of will communicating by letter sends to the other side by network;

2), band digital envelope message sends safe submodule

1. 1200-5 digital signature function carries out digital signature with private key to the data that are about to send; 2. 1200-10,1200-13 generate communication key and with it the data that are about to send and signed data are encrypted and obtain the ciphertext of communicating by letter; 3. 1200-16,1200-18 be after the validity of verifying take over party's public key certificate, with this PKI communication key encrypted and obtained digital envelope; 4. will communicate by letter ciphertext and digital envelope of 1200-20 communication module sends to the take over party;

(2), message sink safety submodule---message that receives is decrypted and verifies the signature of transmit leg

1. 1200-6 obtains communication key with one of following two kinds of methods: method one: can obtain communication key if contain digital envelope in the data that receive then decipher digital envelope with the private key of oneself.Method two:, then find the corresponding communication key to get final product from this locality according to the transmit leg identity if do not contain digital envelope in the data that receive; 2. 1200-8 can obtain communication expressly with communication key decrypt communication ciphertext; 3. whether the digital certificate of 1200-11 checking transmit leg is effective, is then to change next step, otherwise changes issue handling; 4. after 1200-14 is errorless to the digital signature authentication in the communication expressly, 1200-17 delivers corresponding module with cleartext information (generally having removed digital signature) and handles and preserve strange transmit leg public key certificate and relevant information at local certificate repository;

(3), upgrade local certificate repository

Local certificate repository derives from trusted third party's certificate repository, upgrades local certificate repository and be in order to guarantee local certificate repository consistent with trusted third party distributed certificate storehouse.Upgrade local certificate repository one day and upgrade and once get final product, unless, general be updated in second talent and can come into force because private key is divulged a secret to be waited outside the promptly renewal.Urgent renewal will initiatively be sent update notification by trusted third party, receive renewal by the user then.

Claims

1. commodity counterfeit prevention and tax-supervise system system ensemble is characterized in that it comprises:

POS sells the inquiry end, in order to finish POS point-of-sale terminal function and finish by to the determining of the scanning of 2 dimension bar-codes on the product external packaging, query type, send query messages, checking Query Result, checking or request trusted third party to false proof center and verify a series of Antiforge inquiry functions that false proof center is formed;

Described false proof center, trusted third party and POS sell between the inquiry end and interconnect by network;

2. commodity counterfeit prevention according to claim 1 and tax-supervise system system ensemble is characterized in that described false proof center comprises:

Initialization module, in order to finish initial work, described initial work comprises System self-test, password checking;

The anti-fake certificate module, when receiving the query requests of the outside that communication module is sent, at first the validity of end PKI is inquired about in checking, the integrality of data and the validity of digital signature are received in checking, decipher then after ciphertext in the security code, the false proof database of contrast verify, the registration and inquiry situation also sends Query Result to the inquiry;

False proof database, main product batches anti-counterfeiting information and the product unit anti-counterfeiting information that generates by the anti-counterfeiting information generation module of preserving;

Above-mentioned each module is operated on the computer software hardware platform basis.

3. commodity counterfeit prevention according to claim 2 and tax-supervise system system ensemble, it is characterized in that: described trusted third party comprises initialization module, network communication module, unit information administration module, information security module, unit and false proof center authentication module, certificate repository update service module, distributed certificate storehouse and computer software hardware, described unit information administration module is mainly finished registration, change, time-out and the cancellation work at the false proof center of enterprises and institutions and enterprise in this mechanism, and produces, verifies and announce digital certificate; Described unit and false proof center authentication module mainly provide the authentication challenge to unit or false proof center; Described certificate repository update service module is regularly published the digital certificate of change.

4. commodity counterfeit prevention according to claim 3 and tax-supervise system system ensemble is characterized in that described tax center comprises:

Initialization module, taxpayer's information management module, information security module, invoice generation module, invoice authentication module, bar code processing module, tax information storehouse, network communication module and computer software hardware;

Described invoice generation module receive POS sell invoice that the inquiry end sends generate request and this request number comprise the anti-fake certificate result of product after, serve as foundation generation electronic tax invoice and return to the request end with false proof authentication result;

Described invoice authentication module, when receiving the invoice query requests that the tax inquiry end sends, verify that at first validity, the checking of tax inquiry end PKI receive the integrality of data and the validity of digital signature, contrast then invoice data checking in the tax information storehouse errorless after, the registration and inquiry situation is also returned Query Result to the inquiry;

5. commodity counterfeit prevention according to claim 4 and tax-supervise system system ensemble is characterized in that described POS sells the inquiry end and comprises:

Initialization module, daily Sales module, information security module, Antiforge inquiry module, print module, bar code processing module, network communication module and computer software hardware;

Described daily Sales module is in order to finish POS sales end function and to call the false proof center of Antiforge inquiry module request and carry out anti-fake certificate;

Described Antiforge inquiry module is carried out before the Antiforge inquiry request, must verify the validity at false proof center earlier, and then information is issued the authentication of false proof center, and described information comprises security code and selling price.