CN109561075B - Enterprise tax handling safety channel system - Google Patents
Enterprise tax handling safety channel system Download PDFInfo
- Publication number
- CN109561075B CN109561075B CN201811297828.2A CN201811297828A CN109561075B CN 109561075 B CN109561075 B CN 109561075B CN 201811297828 A CN201811297828 A CN 201811297828A CN 109561075 B CN109561075 B CN 109561075B
- Authority
- CN
- China
- Prior art keywords
- enterprise
- tax
- digital certificate
- server
- signature server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/12—Accounting
- G06Q40/123—Tax preparation or submission
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Abstract
The invention discloses an enterprise tax handling safety channel system. The system comprises: the system comprises an RA digital certificate signature server, a data transmission module and an identity authentication module, wherein the RA digital certificate signature server comprises an enterprise end RA digital certificate signature server and a tax end RA digital certificate signature server, one end of the data transmission module is connected with the enterprise end RA digital certificate signature server, the other end of the data transmission module is connected with the tax end RA digital certificate signature server, the identity authentication module is used for binding the enterprise end RA digital certificate signature server with a corresponding enterprise, and the RA digital certificate signature server automatically identifies a corresponding certificate container according to taxpayer identification to complete signature operation. The enterprise tax-handling safe channel system provided by the invention realizes the direct connection and interconnection of the enterprise and the tax system, avoids the congestion of tax-handling peak and simultaneously guarantees the safety of enterprise tax-handling data.
Description
Technical Field
The invention relates to the field of informatization tax handling safety, in particular to an enterprise tax handling safety channel system.
Background
A plurality of subsidy companies are arranged under a group enterprise, finance of each company is independently accounted, but the requirement of centralized financial management is met, a declaration system of a current tax department is an independent single-point system, the requirement of centralized management of the group enterprise cannot be met, tax risks cannot be centrally controlled, and the declaration system cannot be butted with an existing internal management and chemistry system, so that the management cost of a declaration link is high, and the tax risks are high.
The group enterprises urgently need to establish a centralized tax-related management channel directly connected with the tax department, and the last kilometer distance of tax handling with the tax department is opened, so that centralized management of tax-related services is realized.
The enterprise tax handling safety channel system is a standardized service channel scheme designed for reducing the tax burden of large group enterprises and improving the working efficiency of the tax business of the large group enterprises, and solves the problems of large group enterprise declaration, invoice management and tax risk management and control.
Disclosure of Invention
The invention aims to provide an enterprise tax-handling safe channel system, which is used for realizing direct interconnection between an enterprise and a tax system, avoiding congestion of tax-handling peaks and ensuring the safety of enterprise tax-handling data.
In order to achieve the purpose, the invention provides the following scheme:
an enterprise tax security channel system, the system comprising:
the system comprises an RA digital certificate signature server, a data transmission module and an identity authentication module, wherein the RA digital certificate signature server comprises an enterprise end RA digital certificate signature server and a tax end RA digital certificate signature server, one end of the data transmission module is connected with the enterprise end RA digital certificate signature server, the other end of the data transmission module is connected with the tax end RA digital certificate signature server, the identity authentication module is used for binding the enterprise end RA digital certificate signature server with a corresponding enterprise, and the RA digital certificate signature server automatically identifies a corresponding certificate container according to taxpayer identification to complete signature operation.
Optionally, the data transmission module performs data transmission by using an http transmission protocol.
Optionally, the RA digital certificate signing server performs signing and signature verification on the data.
Optionally, the RA digital certificate signing server performs signing transmission on the transmission data through the digital certificate.
Optionally, the identity authentication module binds the device serial number of the RA digital certificate signing server with the MAC address of the enterprise-side front-end processor.
Optionally, the identity authentication module further binds the enterprise with a subordinate enterprise tax number of the enterprise.
Optionally, the system further includes a transmission encryption module, where the transmission encryption module encrypts the transmission data by using an encryption algorithm.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects: the enterprise tax-handling safety channel system provided by the invention comprises: the RA digital certificate signature server comprises an enterprise end RA digital certificate signature server and a tax end RA digital certificate signature server, one end of the data transmission module is connected with the enterprise end RA digital certificate signature server, the other end of the data transmission module is connected with the tax end RA digital certificate signature server, the identity authentication module is used for binding the enterprise end RA digital certificate signature server with a corresponding enterprise, and the RA digital certificate signature server automatically identifies a corresponding certificate container according to taxpayer identification to complete signature operation, so that the direct interconnection of the enterprise and a tax system is realized, and the congestion of tax handling peaks is avoided. In addition, the data transmission module of the invention adopts an http transmission protocol to transmit data, and binds the equipment serial number of the RA digital certificate signing server with the MAC address of the enterprise end front-end processor, the RA digital certificate signing server performs signing transmission on the transmission data through a digital certificate, and the transmission encryption module adopts an encryption algorithm to encrypt the transmission data, thereby ensuring the security of enterprise tax-related data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
Fig. 1 is a schematic structural diagram of an enterprise tax security channel system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide an enterprise tax-handling safe channel system, which is used for realizing direct interconnection between an enterprise and a tax system, avoiding congestion of tax-handling peaks and ensuring the safety of enterprise tax-handling data.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is a schematic structural diagram of an enterprise tax security channel system according to an embodiment of the present invention, and as shown in fig. 1, the enterprise tax security channel system provided by the present invention includes: the system comprises an RA digital certificate signature server, a data transmission module 102 and an identity authentication module 104, wherein the RA digital certificate signature server comprises an enterprise end RA digital certificate signature server 103 and a tax end RA digital certificate signature server 101, one end of the data transmission module 102 is connected with the enterprise end RA digital certificate signature server 103, the other end of the data transmission module is connected with the tax end RA digital certificate signature server 101, the identity authentication module 104 is used for binding the enterprise end RA digital certificate signature server 103 with a corresponding enterprise, and the RA digital certificate signature server automatically identifies a corresponding certificate container according to a taxpayer identifier to complete signature operation.
The tax side and the large enterprise side are simultaneously provided with an RA digital certificate signature server for establishing a bidirectional authentication channel. And the tax-related data of the group enterprise end is signed through the signature server and sent to the tax end, and the subsequent process is continued after the tax end successfully signs off, so that the security of the tax-related data of the group enterprise is ensured. Two-way authentication passageway based on tax bureau RA digital certificate, the effect lies in: the security of the tax-handling direct-connection tax channel of the large enterprise tax enterprise is ensured, and the signature server performs bidirectional verification on the tax-handling direct-connection tax channel of the large enterprise tax enterprise, so that the secure communication of the channel is realized; and the system automatically identifies the corresponding certificate container according to the taxpayer identification through a special signature verification server to finish signature operation, so that the burden of frequent switching of the large enterprise by using a third party CA is reduced.
The data transmission module 102 performs data transmission by using an http transmission protocol, where http is an SSL-based http channel targeting security, and the security of data channels of group enterprises and tax systems is ensured by dual security protection.
The identity authentication module 104 binds the equipment serial number of the RA digital certificate signing server with the MAC address of the enterprise-side front-end processor, thereby realizing binding of the access enterprise with the equipment and ensuring the uniqueness of the access group enterprise. The identity authentication module also binds the enterprises and subordinate enterprise tax numbers of the enterprises to realize identity authentication of subordinate enterprise access.
The system also comprises a transmission encryption module, the transmission encryption module encrypts transmission data by adopting an encryption algorithm, and group enterprise data transmission encrypts the data by using the encryption algorithm meeting the requirement of the security standard of the State tax administration. And the large enterprise terminal accesses the tax terminal to encrypt the request data, the tax terminal decrypts the request data successfully to allow the access, and otherwise, the access is interrupted. And returning the data returned by the tax terminal to the large enterprise terminal after the data is encrypted, and successfully receiving the result by the large enterprise terminal after the data is decrypted, otherwise, interrupting the connection.
The enterprise tax-handling safety channel system provided by the invention comprises:
1) a bidirectional authentication channel based on a tax administration RA digital certificate;
2) the identity authentication of group enterprises is safe;
3) data transmission encryption;
4) and adding and checking tax-related data.
Wherein, 1) based on the bidirectional authentication channel of the RA digital certificate of the tax administration, the large enterprise terminal can realize the bidirectional authentication of the HTTPS bidirectional channel based on the RA digital certificate through SSL equipment, which specifically comprises the following steps;
step 1: the large enterprise terminal sends information such as SSL version of the large enterprise terminal to the tax terminal;
step 2: the tax side returns information such as SSL version, random number, public key and the like to the large enterprise side, the large enterprise side verifies whether the certificate of the tax side is legal or not, if so, handshake is carried out, otherwise, access is denied;
and step 3: and after the large enterprise terminal certificate passes the verification, the certificate and the public key are sent to the tax terminal, and the tax terminal verifies the large enterprise terminal certificate and acquires the large enterprise terminal public key. And realizing bidirectional authentication.
2) The identity authentication security of group enterprises specifically comprises: the tax terminal binds the equipment serial number in the signature verification server with the MAC address of the front-end processor of the large enterprise in the DMZ domain service, thereby realizing the binding of the access enterprise and the equipment and ensuring the uniqueness of the access group enterprise. Under the condition, subordinate enterprises of the group enterprise are added, so that the group enterprise and the subordinate enterprise tax number are bound, and the identity authentication of the subordinate enterprise access is realized.
3) Data transmission encryption specifically comprises the following steps:
and the group enterprise data transmission uses an encryption algorithm meeting the safety standard requirement of the national tax administration to encrypt the data. And the large enterprise terminal accesses the tax terminal to encrypt the request data, the tax terminal decrypts the request data successfully to allow the access, and otherwise, the access is interrupted. And returning the data returned by the tax terminal to the large enterprise terminal after the data is encrypted, and successfully receiving the result by the large enterprise terminal after the data is decrypted, otherwise, interrupting the connection.
4) Tax-related data is signed and checked, and the method specifically comprises the following steps:
and the tax-related data of the group enterprise end is signed through the signature server and sent to the tax end, and the subsequent process is continued after the tax end successfully signs off, so that the security of the tax-related data of the group enterprise is ensured.
Compared with the prior art, the enterprise tax-handling safety channel system provided by the invention has the following technical effects:
(1) the RA digital certificate is adopted for bidirectional authentication, the identities of opposite parties are mutually verified, illegal user requests are directly filtered, and data transmission safety is guaranteed;
(2) the complicated operation of switching login among multiple enterprises is solved, and group tax clerks can switch at any time among the managed enterprises without verifying enterprise tax numbers and passwords;
(3) the paperless tax handling can be completed without plugging the digital certificates, the RA digital certificates of a plurality of enterprises are uniformly filled, the digital certificates do not need to be plugged by tax handling personnel during paperless tax handling, and the system automatically performs paperless signing on tax handling data.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.
Claims (5)
1. An enterprise tax security channel system, the system comprising:
the digital certificate signing server comprises an enterprise terminal digital certificate signing server and a tax terminal digital certificate signing server, one end of the data transmission module is connected with the enterprise terminal digital certificate signing server, the other end of the data transmission module is connected with the tax terminal digital certificate signing server, and the identity authentication module is used for binding the enterprise terminal digital certificate signing server with a corresponding enterprise, and specifically comprises the following steps: the tax end binds the equipment serial number in the enterprise end signature verification server with the MAC address of the enterprise end front-end processor in the DMZ domain service, thereby realizing the binding of an access enterprise and an enterprise end digital certificate signature server, enabling a group enterprise accessed with the enterprise end digital certificate signature server to be unique, and binding the enterprise and the subordinate enterprise tax number of the enterprise by the identity authentication module, and realizing the identity authentication of the access of the subordinate enterprise; and the digital certificate signature server automatically identifies the corresponding certificate container according to the taxpayer identification to finish signature operation.
2. The enterprise tax security channel system according to claim 1, wherein the data transmission module employs http transport protocol for data transmission.
3. The enterprise tax-handling secure channel system according to claim 1, wherein the digital certificate signing server performs signing and signature verification operations on data.
4. The enterprise tax-handling secure channel system according to claim 3, wherein the digital certificate signing server performs signed transmission of the transmission data via a digital certificate.
5. The enterprise tax security channel system according to claim 1, wherein the system further comprises a transmission encryption module, wherein the transmission encryption module encrypts the transmission data using an encryption algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811297828.2A CN109561075B (en) | 2018-11-02 | 2018-11-02 | Enterprise tax handling safety channel system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811297828.2A CN109561075B (en) | 2018-11-02 | 2018-11-02 | Enterprise tax handling safety channel system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109561075A CN109561075A (en) | 2019-04-02 |
| CN109561075B true CN109561075B (en) | 2021-07-13 |
Family
ID=65865781
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811297828.2A Active CN109561075B (en) | 2018-11-02 | 2018-11-02 | Enterprise tax handling safety channel system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109561075B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110086632A (en) * | 2019-05-07 | 2019-08-02 | 山东浪潮商用系统有限公司 | A kind of tax signature device, method and system |
| CN113610620A (en) * | 2021-08-26 | 2021-11-05 | 青岛微智慧信息有限公司 | Batch tax handling method based on finance and tax cloud platform |
| CN113781194A (en) * | 2021-09-06 | 2021-12-10 | 青岛微智慧信息有限公司 | Access supervision method and system suitable for flexible employment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102244575A (en) * | 2010-05-10 | 2011-11-16 | 航天信息股份有限公司 | Secure transmission system and method for online tax filling data of value-added tax |
| CN102479412A (en) * | 2010-11-26 | 2012-05-30 | 航天信息股份有限公司 | Processing method and system of network invoicing data as well as tax control device and handling server |
| US8887245B1 (en) * | 2011-12-28 | 2014-11-11 | Google Inc. | Browser-based prevention of unsecure online transmission of sensitive information |
| CN104574176A (en) * | 2015-01-14 | 2015-04-29 | 浪潮软件集团有限公司 | USBKEY-based secure online tax declaration method |
-
2018
- 2018-11-02 CN CN201811297828.2A patent/CN109561075B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102244575A (en) * | 2010-05-10 | 2011-11-16 | 航天信息股份有限公司 | Secure transmission system and method for online tax filling data of value-added tax |
| CN102479412A (en) * | 2010-11-26 | 2012-05-30 | 航天信息股份有限公司 | Processing method and system of network invoicing data as well as tax control device and handling server |
| US8887245B1 (en) * | 2011-12-28 | 2014-11-11 | Google Inc. | Browser-based prevention of unsecure online transmission of sensitive information |
| CN104574176A (en) * | 2015-01-14 | 2015-04-29 | 浪潮软件集团有限公司 | USBKEY-based secure online tax declaration method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109561075A (en) | 2019-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108390851B (en) | Safe remote control system and method for industrial equipment | |
| US20190020639A1 (en) | Reoccurring Keying System | |
| CA2812847C (en) | Mobile handset identification and communication authentication | |
| CN106789841B (en) | Service processing method, terminal, server and system | |
| WO2017129089A1 (en) | Wireless network connecting method and apparatus, and storage medium | |
| CN109561075B (en) | Enterprise tax handling safety channel system | |
| CN101527634B (en) | System and method for binding account information with certificates | |
| RU2676896C2 (en) | Method and system related to authentication of users for accessing data networks | |
| CN103916363B (en) | The communication security management method and system of encryption equipment | |
| CN106453431B (en) | The method authenticated between internet system is realized based on PKI | |
| CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
| CN102685749A (en) | Wireless safety authentication method orienting to mobile terminal | |
| CN111065081A (en) | Bluetooth-based information interaction method and device | |
| CN110519304A (en) | HTTPS mutual authentication method based on TEE | |
| CN107135081A (en) | A kind of double certificate CA systems and its implementation | |
| CN111756530A (en) | Quantum service mobile engine system, network architecture and related equipment | |
| CN106713338A (en) | Long connection tunnel establishment method based on server hardware information | |
| WO2016000473A1 (en) | Business access method, system and device | |
| CN107451647B (en) | Built-in safety mechanism's special SIM card of barracks | |
| CN202918498U (en) | SIM card adapter, mobile terminal and digital signature authentication system | |
| CN111539032B (en) | Electronic signature application system resistant to quantum computing disruption and implementation method thereof | |
| CN111132136B (en) | Mobile application information security system application system | |
| CN106877996A (en) | User in PKI domains accesses the authentication key agreement method of the resource in IBC domains | |
| US9137264B2 (en) | Method for optimizing the transfer of a stream of secure data via an autonomic network | |
| CN109361680A (en) | End-to-end data encryption system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210623 Address after: 266000 2nd floor, No.79 Xuzhou Road, Shinan District, Qingdao City, Shandong Province Applicant after: QINGDAO WEIZHIHUI INFORMATION Co.,Ltd. Address before: 266000 2 / F, curiosity workshop, 79 Xuzhou Road, Shinan District, Qingdao City, Shandong Province Applicant before: Wang Yaping |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |