CN111192048A - Trusted secure electronic certificate generation method - Google Patents
Trusted secure electronic certificate generation method Download PDFInfo
- Publication number
- CN111192048A CN111192048A CN201911370247.1A CN201911370247A CN111192048A CN 111192048 A CN111192048 A CN 111192048A CN 201911370247 A CN201911370247 A CN 201911370247A CN 111192048 A CN111192048 A CN 111192048A
- Authority
- CN
- China
- Prior art keywords
- credential
- signature
- metadata
- filling
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000012986 modification Methods 0.000 claims description 18
- 230000004048 modification Effects 0.000 claims description 18
- 238000004806 packaging method and process Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000012550 audit Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000013480 data collection Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for generating a credible safe electronic certificate, which comprises the following steps: step 1: generating a plurality of blank credential templates; step 2: selecting a blank credential template; and step 3: acquiring a plurality of metadata and generating a signature index file according to the information required by the selected blank credential template; and 4, step 4: for one piece of metadata, filling the metadata in a blank document template to generate a first intermediate document; filling the credential signature corresponding to the metadata in the first intermediate credential in a multi-level signature mode to generate a second intermediate credential, and taking the second intermediate credential as a blank credential template; and 5: and (4) repeatedly executing the step 4 aiming at each metadata, obtaining the final second intermediate credential and the index file, and generating a new electronic credential. The invention applies the electronic certificate generating method to the secure electronic certificate format file and uses the multilevel signature, thereby effectively improving the standardization of the electronic certificate and solving the credibility problem of the secure electronic certificate.
Description
Technical Field
The invention belongs to the field of financial invoice management, and particularly relates to a trusted secure electronic credential generation method.
Background
In daily life, traditional paper vouchers exist in our lives as written proofs with legal force. Such as paper invoice vouchers, asset transaction certification vouchers, transaction vouchers, and the like. In recent years, with the rapid development of economy, the internet is changing our daily lives. The traditional paper certificate is replaced by an electronic certificate which is convenient, fast, safe and has mature technology. Meanwhile, the electronic certificate will become a key factor for credibility and security of the electronic business. The electronic certificate is used as a product in the internet era, has higher requirements on credibility and usability in the using process, and firstly, should meet relevant regulations in 'electronic signature law' in China, for example, the electronic certificate has the same legal efficacy as a handwritten signature in original efficacy and written form, can effectively present carried content and can provide relevant regulations of calling and checking at any time; secondly, the requirement of application and development of the domestic cryptographic algorithm is met, and the domestic cryptographic algorithm is vigorously researched; finally, the problems of how to quickly and conveniently access the electronic certificate related application and how to perform various verifications on the electronic certificate and the like of the third-party business system need to be considered.
The existing electronic credential generation modes are: the electronic certificate issuing party generates information for describing the specific content of the electronic certificate; generating a new electronic certificate by the random information of the blank electronic certificate and the content information, and generating a valid electronic certificate according to the blank electronic certificate, the electronic certificate information of the issuing party and the signature of the issuing party of the electronic certificate. However, the generation mode does not adopt format files, cannot accurately restore the information content and the change record of the original electronic certificate, is not beneficial to tracing the safe electronic certificate, and has insufficient credibility.
Therefore, a trusted secure electronic document generation method is particularly needed, which can record the information content and change record of the original electronic document, and solve the credibility problem of the secure electronic document.
Disclosure of Invention
The invention aims to provide a credible electronic certificate generating method which can record the information content and the change record of the original electronic certificate and solve the credibility problem of the electronic certificate.
In order to achieve the above object, the present invention provides a method for generating a trusted secure electronic credential, comprising: step 1: defining a credential type, and generating a plurality of blank credential templates and corresponding credential description files thereof; step 2: selecting a blank document template according to business requirements; and step 3: acquiring a plurality of metadata and generating a signature index file according to the information required by the selected blank credential template; and 4, step 4: for one piece of metadata, filling the metadata in the blank document template to generate a first intermediate document; filling the credential signature corresponding to the metadata in the first intermediate credential in a multi-level signature manner to generate a second intermediate credential, filling the index information of the credential signature in a signature index file, and taking the second intermediate credential as a blank credential template; and 5: and (4) repeatedly executing the step 4 for each metadata, acquiring the second intermediate credential filled with a plurality of metadata and corresponding credential signatures and a signature index file filled with the index information of the corresponding credential signature, and packaging the second intermediate credential and the index file to generate a new electronic credential.
Preferably, in step 3, the metadata is obtained by extracting from an original credential or by manual entry.
Preferably, the original credential includes data stored as structured data and data stored as unstructured data; when the data stored by the structured data is extracted, outputting authentication information to the original credential; when the identity authentication information passes the authentication, decrypting the data stored by the structured data, and reading the data stored by the structured data; and when the data stored in the unstructured data is extracted, extracting a file of the data stored in the unstructured data in the original document.
Preferably, the step 4 further comprises: generating an index file of data and an index file of resources before filling the metadata in the blank credential template.
Preferably, the metadata includes data stored in structured data and data stored in unstructured data, and the filling the metadata in the blank credential template to generate the first intermediate credential specifically includes: when the metadata is data stored in structured data, filling the acquired metadata stored in the structured data in the blank document template in an encrypted form to generate a first intermediate document; filling modification information of the credential in the credential description file, and filling index information of data stored in structured data in an index file of the data; when the metadata is data stored in unstructured data, filling the data stored in unstructured data in the first intermediate credential, filling modification information of the credential in the credential description file, and filling index information of the data stored in unstructured data in an index file of the resource.
Preferably, the filling the credential signature corresponding to the metadata in the first intermediate credential in a multi-level signature manner to generate a second intermediate credential, and the filling the index information of the credential signature in the signature index file specifically includes: filling the credential signature in the first intermediate credential as an added credential signature of the current level; combining the added credential signature of the current level with the added credential signature of the previous level to generate an added credential signature of the next level, and filling the added credential signature of the next level in the first intermediate credential to generate a second intermediate credential; and adding the modification information of the credential in the credential description file, and filling the added credential signature of the current level and the index information corresponding to the added credential signature of the next level in the signature index file.
Preferably, the encapsulating the second intermediate credential and the index file to generate a new electronic credential includes: and integrating the second intermediate credential, the credential description file, the data index file, the resource index file and the signature index file into a file package to generate a new electronic credential.
Preferably, the metadata stored in the structured data is encrypted using an encryption algorithm based on the public key.
Preferably, the credential description file further includes a format attribute corresponding to the credential type, a service attribute, and a corresponding relationship between various attributes.
Preferably, the trusted secure electronic credential generation method further includes: and generating a state record file, and filling a document state change record into the state record file when filling data into the blank document template or the first intermediate document.
The invention has the beneficial effects that: the credible safe electronic certificate generating method of the invention forms a brand new credible safe electronic certificate generating method by applying the electronic certificate generating method to the safe electronic certificate format file, uses multi-level signature, effectively improves the standardization of the electronic certificate, records the information content and the change record of the electronic certificate through the certificate description file, solves the credibility problem of the safe electronic certificate, improves the credibility, and prevents falsification and repudiation. The safe electronic certificate generation mode provided by the invention can be applied to various electronic certificates, can be applied to key applications such as internet electronic transaction, financial audit, enterprise informatization and the like, and covers various types of electronic certificates such as electronic invoices, accounting certificates, electronic contracts, financial non-tax income, electronic archives and the like.
The method of the present invention has other features and advantages which will be apparent from or are set forth in detail in the accompanying drawings and the following detailed description, which are incorporated herein, and which together serve to explain certain principles of the invention.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing in more detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
Fig. 1 shows a flow diagram of a trusted secure electronic credential generation method according to one embodiment of the present invention.
Fig. 2 illustrates a multi-level signature structure diagram of a trusted secure electronic credential generation method according to one embodiment of the present invention.
Detailed Description
Preferred embodiments of the present invention will be described in more detail below. While the following describes preferred embodiments of the present invention, it should be understood that the present invention may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
The invention discloses a method for generating a trusted secure electronic certificate, which comprises the following steps: step 1: defining a credential type, and generating a plurality of blank credential templates and corresponding credential description files thereof; step 2: selecting a blank document template according to business requirements; and step 3: acquiring a plurality of metadata and generating a signature index file according to the information required by the selected blank credential template; and 4, step 4: for one piece of metadata, filling the metadata in a blank document template to generate a first intermediate document; filling the credential signature corresponding to the metadata in the first intermediate credential in a multi-level signature manner to generate a second intermediate credential, filling the index information of the credential signature in a signature index file, and taking the second intermediate credential as a blank credential template; and 5: and (4) repeatedly executing the step 4 for each metadata, acquiring a second intermediate credential filled with a plurality of metadata and corresponding credential signatures and a signature index file filled with index information of the corresponding credential signature, and packaging the second intermediate credential and the index file to generate a new electronic credential.
Specifically, the credential type needs to be configured first. The credential types are defined and described in a rule file. Other format attributes, as well as business attributes, are also defined and described in the rule file. And the correspondence between the various attributes is also described in the rule file. When a blank credential template is created according to the configured credential types, one credential type is selected in a generating tool, the blank credential template and a corresponding credential description file are generated, and the corresponding credential type is written in the credential description file. Meanwhile, the format attribute and the service attribute corresponding to the defined credential type, for example: the applied format and the inclusion relationship are also written into the credential description file. Other format attributes and service attributes, such as access identity, operation authority, validity period, etc., can be configured in the document package generation tool.
The client selects one credential type according to the business requirements, namely selects a corresponding blank credential template and a credential description file, and acquires a plurality of metadata according to the information required to be filled in the blank credential template; filling a data element in a blank document template to generate a first intermediate document; filling the credential signature corresponding to the metadata in the first intermediate credential in a multi-level signature manner to generate a second intermediate credential, filling the index information of the credential signature in a newly established signature index file, and taking the second intermediate credential as a blank credential template; and obtaining a second intermediate credential filled with a plurality of metadata and corresponding credential signatures and a signature index file filled with the index information of the corresponding credential signature, packaging the second intermediate credential and the index file, and generating a new electronic credential.
According to an exemplary implementation mode, the trusted secure electronic credential generation method forms a brand-new trusted secure electronic credential generation method by applying the electronic credential generation method to the secure electronic credential format file, and uses a multi-level signature to mark each resource file and the whole file, thereby preserving the data structure of the original electronic credential, effectively improving the standardization of the electronic credential, recording the information content and the change record of the electronic credential through the credential description file, solving the credibility problem of the secure electronic credential, improving the credibility, and preventing falsification and repudiation. The method for generating the credible safe electronic certificate can be applied to various electronic certificates, can be applied to key applications such as internet electronic transaction, financial audit, enterprise informatization and the like, and covers various types of electronic certificates such as electronic invoices, accounting certificates, electronic contracts, financial non-tax income, electronic archives and the like.
Preferably, in step 3, the metadata is obtained by extraction from the original credential or by manual entry.
Preferably, the original document comprises data stored in structured data and data stored in unstructured data; outputting authentication information to the original credential when extracting data stored as structured data; when the identity authentication information passes the authentication, decrypting the data stored in the structured data, and reading the data stored in the structured data; when extracting data stored as unstructured data, a file of data stored as unstructured data in the original credential is extracted.
Specifically, when accessing data stored in structured data in the original document, sending a verification operation role and an access identity to the original document, and after the verification operation role and the access identity pass verification, an operator with data access authority decrypts and reads the data by using a private key of the operator. For data stored as structured data in the original credential, the storage may be merged directly. For the original document stored in unstructured data, a mode of automatic file extraction and automatic storage is provided. The operator identity data collection is read from its identity CA.
Preferably, step 4 further comprises: an index file of data and an index file of resources are generated before filling in the metadata in the blank credential template.
Specifically, before the first metadata is filled, an index file of the data and an index file of the resource are also generated.
Preferably, the metadata includes data stored in structured data and data stored in unstructured data, and the filling the metadata into the blank document template to generate the first intermediate document specifically includes: when the metadata is data stored in the structured data, filling the acquired metadata stored in the structured data in a blank document template in an encrypted form to generate a first intermediate document; filling modification information of the credential in the credential description file, and filling index information of the data stored in the structured data in an index file of the data; when the metadata is data stored in unstructured data, the data stored in unstructured data is filled in the first intermediate credential, the modification information of the credential is filled in the credential description file, and the index information of the data stored in unstructured data is filled in the index file of the resource.
Specifically, when the metadata is data stored in structured data, the acquired metadata stored in structured data is filled in a blank credential template in an encrypted form to generate a first intermediate credential, modification information of the credential is filled in a credential description file, and then index information of the data stored in structured data is filled in an index file of the data; when the metadata is data stored by unstructured data, the data stored by the unstructured data is filled in the first intermediate credential, the modification information of the credential is filled in the credential description file, and then the index information of the data stored by the unstructured data is filled in the index file of the resource.
As a preferred scheme, filling a credential signature corresponding to metadata in a first intermediate credential in a multi-level signature manner, generating a second intermediate credential, and filling index information of the credential signature in a signature index file specifically includes: filling the certificate signature in the first intermediate certificate as an added certificate signature of the current level; combining the added credential signature of the current level with the added credential signature of the previous level to generate an added credential signature of the next level, and filling the added credential signature of the next level in the first intermediate credential to generate a second intermediate credential; and adding the modification information of the credential in the credential description file, and filling the added credential signature of the current level and the index information corresponding to the added credential signature of the next level in the signature index file.
Specifically, the credential signatures are stored hierarchically, with at most one credential signature stored per hierarchy. Each credential signature corresponds to a scope, and the signature is valid for data and resource files within the scope of the scope. Each credential signature has one or more signature attributes, which typically include creation, combination, and the like.
For example, after filling in the first metadata, filling in the corresponding first credential signature in the first intermediate credential as the added credential signature of level 1, adding the modification information of the credential in the credential description file, and filling in the index information corresponding to the added credential signature of level 1 in the signature index file; after filling in the second metadata, filling in a corresponding second credential signature in the first intermediate credential to serve as a tier 2 added credential signature, combining the tier 2 added credential signature with the tier 1 added credential signature to generate a tier 3 added credential signature, and filling in the first intermediate credential with the tier 3 added credential signature to generate a second intermediate credential; adding the modification information of the credential in the credential description file, and filling the index information corresponding to the added credential signature of level 2 and the added credential signature of level 3 in the signature index file; after filling in the third metadata, filling in a corresponding third credential signature in the first intermediate credential to serve as a tier 4 added credential signature, combining the tier 4 added credential signature with the tier 3 added credential signature to generate a tier 5 added credential signature, and filling in the first intermediate credential with the tier 5 added credential signature to generate a second intermediate credential; and adding the modification information of the credential in the credential description file, filling the added credential signature of the level 4 and the index information corresponding to the added credential signature of the level 5 in the signature index file, and so on until the credential signatures corresponding to all the metadata are filled.
As a preferred scheme, encapsulating the second intermediate credential and the index file, and generating a new electronic credential includes: and integrating the second intermediate credential, the credential description file, the data index file, the resource index file and the signature index file into a file package to generate a new electronic credential.
Specifically, during packaging, in order to not destroy the signature of the data file in the original document, the data file with the signature in the original document, the resource file and the index file of the data corresponding to the resource file are independently stored, and the second intermediate document and the document description file, the index file of the data, the index file of the resource, the signature index file, the data file with the signature in the original document and the resource file are integrated into a file package to generate a new electronic document.
Preferably, the metadata stored in the structured data is encrypted using an encryption algorithm based on the public key.
Specifically, the public key is used to apply an encryption algorithm to the metadata stored in the structured data, and the metadata stored in the structured data is stored in the credential in an encrypted form.
As a preferred scheme, the credential description file further includes a format attribute corresponding to the credential type, a service attribute, and a correspondence between various attributes.
As a preferred scheme, the trusted secure electronic credential generation method further includes: and generating a state record file, and filling the state record file with a document state change record when filling data in the blank document template or the first intermediate document.
Specifically, a status record file is generated for recording various types of operation information each time the electronic credential changes. When the blank document template or the first intermediate document is changed, a new state change record is added into the state record file through the operation tool, the attributes in the change record are marked through the current operation tool, and the marked attributes comprise a business state, an operation result, an operation behavior, an operation object, an operation identity and operation time. If the operation result is 'failure', the generation of a new credential is not influenced, but the file package state attribute is marked as 'operation failure', and the file with the file package state of 'operation failure' can be revised again until the file package state is 'normal'.
Examples
Fig. 1 shows a flow diagram of a trusted secure electronic credential generation method according to one embodiment of the present invention. Fig. 2 illustrates a multi-level signature structure diagram of a trusted secure electronic credential generation method according to one embodiment of the present invention.
With reference to fig. 1 and fig. 2, the method for generating a trusted secure electronic credential includes:
step 1: defining a credential type, and generating a plurality of blank credential templates and corresponding credential description files thereof;
step 2: selecting a blank document template according to business requirements;
and step 3: acquiring a plurality of metadata and generating a signature index file according to the information required by the selected blank credential template;
wherein, in step 3, metadata is obtained by extraction from the original credential or by manual entry.
Wherein, the original credential comprises data stored in structured data and data stored in unstructured data; outputting authentication information to the original credential when extracting data stored as structured data; when the identity authentication information passes the authentication, decrypting the data stored in the structured data, and reading the data stored in the structured data; when extracting data stored as unstructured data, a file of data stored as unstructured data in the original credential is extracted.
And 4, step 4: for one piece of metadata, filling the metadata in a blank document template to generate a first intermediate document; filling the credential signature corresponding to the metadata in the first intermediate credential in a multi-level signature manner to generate a second intermediate credential, filling the index information of the credential signature in a signature index file, and taking the second intermediate credential as a blank credential template;
wherein, step 4 still includes: an index file of data and an index file of resources are generated before filling in the metadata in the blank credential template.
Wherein the metadata includes data stored as structured data and data stored as unstructured data, and the generating of the first intermediate credential specifically includes: when the metadata is data stored in the structured data, filling the acquired metadata stored in the structured data in a blank document template in an encrypted form to generate a first intermediate document; filling modification information of the credential in the credential description file, and filling index information of the data stored in the structured data in an index file of the data; when the metadata is data stored in unstructured data, the data stored in unstructured data is filled in the first intermediate credential, the modification information of the credential is filled in the credential description file, and the index information of the data stored in unstructured data is filled in the index file of the resource.
Wherein the metadata stored as structured data is encrypted using an encryption algorithm based on the public key.
Wherein, filling the document signature corresponding to the metadata in the first intermediate document in a multi-level signature mode to generate a second intermediate document, and filling the index information of the document signature in the signature index file specifically includes: filling the certificate signature in the first intermediate certificate as an added certificate signature of the current level; combining the added credential signature of the current level with the added credential signature of the previous level to generate an added credential signature of the next level, and filling the added credential signature of the next level in the first intermediate credential to generate a second intermediate credential; and adding the modification information of the credential in the credential description file, and filling the added credential signature of the current level and the index information corresponding to the added credential signature of the next level in the signature index file.
And 5: and (4) repeatedly executing the step 4 for each metadata, acquiring a second intermediate credential filled with a plurality of metadata and corresponding credential signatures and a signature index file filled with index information of the corresponding credential signature, and packaging the second intermediate credential and the index file to generate a new electronic credential.
Wherein, encapsulating the second intermediate credential and the index file to generate a new electronic credential comprises: and integrating the second intermediate credential, the credential description file, the data index file, the resource index file and the signature index file into a file package to generate a new electronic credential.
The document description file also includes format attribute corresponding to the document type, service attribute and corresponding relation between various attributes.
The method for generating the trusted secure electronic certificate further comprises the following steps: and generating a state record file, and filling the state record file with a document state change record when filling data in the blank document template or the first intermediate document.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments.
Claims (10)
1. A trusted secure electronic credential generation method, comprising:
step 1: defining a credential type, and generating a plurality of blank credential templates and corresponding credential description files thereof;
step 2: selecting a blank document template according to business requirements;
and step 3: acquiring a plurality of metadata and generating a signature index file according to the information required by the selected blank credential template;
and 4, step 4: for one piece of metadata, filling the metadata in the blank document template to generate a first intermediate document; filling the credential signature corresponding to the metadata in the first intermediate credential in a multi-level signature manner to generate a second intermediate credential, filling the index information of the credential signature in a signature index file, and taking the second intermediate credential as a blank credential template;
and 5: and (4) repeatedly executing the step 4 for each metadata, acquiring the second intermediate credential filled with a plurality of metadata and corresponding credential signatures and a signature index file filled with the index information of the corresponding credential signature, and packaging the second intermediate credential and the index file to generate a new electronic credential.
2. The method of generating trusted secure electronic credentials according to claim 1, wherein in said step 3, said metadata is obtained by extraction from an original credential or by manual entry.
3. The trusted secure electronic credential generation method of claim 2, wherein said original credential includes data stored in structured data and data stored in unstructured data;
when the data stored by the structured data is extracted, outputting authentication information to the original credential; when the identity authentication information passes the authentication, decrypting the data stored by the structured data, and reading the data stored by the structured data;
and when the data stored in the unstructured data is extracted, extracting a file of the data stored in the unstructured data in the original document.
4. The method for generating trusted secure electronic credentials according to claim 1, wherein said step 4 further comprises:
generating an index file of data and an index file of resources before filling the metadata in the blank credential template.
5. The method of generating trusted secure electronic credentials as claimed in claim 4, wherein said metadata comprises data stored in structured data and data stored in unstructured data, said populating said metadata in said blank credential template, generating a first intermediate credential specifically comprises:
when the metadata is data stored in structured data, filling the acquired metadata stored in the structured data in the blank document template in an encrypted form to generate a first intermediate document; filling modification information of the credential in the credential description file, and filling index information of data stored in structured data in an index file of the data;
when the metadata is data stored in unstructured data, filling the data stored in unstructured data in the first intermediate credential, filling modification information of the credential in the credential description file, and filling index information of the data stored in unstructured data in an index file of the resource.
6. The method for generating an electronic credential according to claim 1, wherein the filling out the credential signature corresponding to the metadata in the first intermediate credential in a multilevel signature manner to generate a second intermediate credential, and the filling out the index information of the credential signature in the signature index file specifically comprises:
filling the credential signature in the first intermediate credential as an added credential signature of the current level; combining the added credential signature of the current level with the added credential signature of the previous level to generate an added credential signature of the next level, and filling the added credential signature of the next level in the first intermediate credential to generate a second intermediate credential;
and adding the modification information of the credential in the credential description file, and filling the added credential signature of the current level and the index information corresponding to the added credential signature of the next level in the signature index file.
7. The method of claim 5, wherein encapsulating the second intermediate credential with an index file to generate a new electronic credential comprises:
and integrating the second intermediate credential, the credential description file, the data index file, the resource index file and the signature index file into a file package to generate a new electronic credential.
8. The trusted secure electronic credential generation method of claim 5, wherein the metadata stored as structured data is encrypted using an encryption algorithm based on a public key.
9. The trusted secure electronic credential generation method of claim 1,
the credential description file also comprises a format attribute corresponding to the credential type, a service attribute and a corresponding relation among various attributes.
10. The trusted secure electronic credential generation method of claim 1, further comprising:
and generating a state record file, and filling a document state change record into the state record file when filling data into the blank document template or the first intermediate document.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911370247.1A CN111192048B (en) | 2019-12-26 | 2019-12-26 | Trusted security electronic certificate generation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911370247.1A CN111192048B (en) | 2019-12-26 | 2019-12-26 | Trusted security electronic certificate generation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111192048A true CN111192048A (en) | 2020-05-22 |
| CN111192048B CN111192048B (en) | 2023-11-03 |
Family
ID=70707566
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911370247.1A Active CN111192048B (en) | 2019-12-26 | 2019-12-26 | Trusted security electronic certificate generation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111192048B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140052641A1 (en) * | 2012-08-20 | 2014-02-20 | Tsinghua University | Electronic Invoice Issuing System For Electronic Commerce Website |
| CN104392184A (en) * | 2014-11-13 | 2015-03-04 | 北京海泰方圆科技有限公司 | Multi-stage electronic file record generating and checking method |
| US20150142592A1 (en) * | 2013-11-20 | 2015-05-21 | Mastercard International Incorporated | System and method for point-of-sale electronic receipt generation and management |
| CN104715402A (en) * | 2013-12-17 | 2015-06-17 | 航天信息股份有限公司 | Electronic invoice generation method based on digital signatures |
| CN104715401A (en) * | 2013-12-17 | 2015-06-17 | 航天信息股份有限公司 | Electronic invoice issuing system and method |
| CN105096172A (en) * | 2015-06-12 | 2015-11-25 | 北京京东尚科信息技术有限公司 | Electronic invoice generating and processing method and system based on e-commerce platform |
| US20160294845A1 (en) * | 2015-03-31 | 2016-10-06 | Paradigm, Inc. | Systems and methods for generating and validating certified electronic credentials |
| CN106685665A (en) * | 2017-01-24 | 2017-05-17 | 广州天宁信息技术有限公司 | Valid electronic credential generation and public verification method, device and system |
| CN108921627A (en) * | 2018-06-07 | 2018-11-30 | 国信电子票据平台信息服务有限公司 | A kind of method and system generating electronic invoice OFD layout files |
-
2019
- 2019-12-26 CN CN201911370247.1A patent/CN111192048B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140052641A1 (en) * | 2012-08-20 | 2014-02-20 | Tsinghua University | Electronic Invoice Issuing System For Electronic Commerce Website |
| US20150142592A1 (en) * | 2013-11-20 | 2015-05-21 | Mastercard International Incorporated | System and method for point-of-sale electronic receipt generation and management |
| CN104715402A (en) * | 2013-12-17 | 2015-06-17 | 航天信息股份有限公司 | Electronic invoice generation method based on digital signatures |
| CN104715401A (en) * | 2013-12-17 | 2015-06-17 | 航天信息股份有限公司 | Electronic invoice issuing system and method |
| CN104392184A (en) * | 2014-11-13 | 2015-03-04 | 北京海泰方圆科技有限公司 | Multi-stage electronic file record generating and checking method |
| US20160294845A1 (en) * | 2015-03-31 | 2016-10-06 | Paradigm, Inc. | Systems and methods for generating and validating certified electronic credentials |
| CN105096172A (en) * | 2015-06-12 | 2015-11-25 | 北京京东尚科信息技术有限公司 | Electronic invoice generating and processing method and system based on e-commerce platform |
| CN106685665A (en) * | 2017-01-24 | 2017-05-17 | 广州天宁信息技术有限公司 | Valid electronic credential generation and public verification method, device and system |
| CN108921627A (en) * | 2018-06-07 | 2018-11-30 | 国信电子票据平台信息服务有限公司 | A kind of method and system generating electronic invoice OFD layout files |
Non-Patent Citations (2)
| Title |
|---|
| SAURABH PANJWANI 等: "Practical receipt authentication for branchless banking" * |
| 柴跃廷 等: "电子发票管理与公共服务体系设计与实现" * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111192048B (en) | 2023-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11784824B1 (en) | Secure ledger assurance tokenization | |
| US10715334B2 (en) | Methods and apparatus for validating a digital signature | |
| US11902601B2 (en) | System and techniques for digital data lineage verification | |
| CN111932426B (en) | Identity management method, device and equipment based on trusted hardware | |
| JP7426031B2 (en) | Key security management system and method, medium, and computer program | |
| CN1936780B (en) | Information processing apparatus, verification processing apparatus, and control methods thereof | |
| CN109522328B (en) | Data processing method and device, medium and terminal thereof | |
| CN108363929B (en) | System and method for generating information elimination report of storage device and preventing tampering | |
| CN103259659B (en) | The identification authentication system that a kind of digital signature and person's handwriting, fingerprint combine | |
| CN111814196B (en) | Data processing method, device and equipment | |
| CN109493048B (en) | Financial accounting method, device, equipment and storage medium based on block chain | |
| CN104484628B (en) | It is a kind of that there is the multi-application smart card of encrypting and decrypting | |
| CN111460420A (en) | Method, device and medium for using electronic seal based on block chain | |
| CN101639903A (en) | Method, device and system for stamping of electronic seal | |
| CN106779888B (en) | Visual written form electronic ticket certificate and generation method thereof | |
| US11301823B2 (en) | System and method for electronic deposit and authentication of original electronic information objects | |
| KR101247564B1 (en) | Method of protecting data from malicious modification in data base system | |
| CN111192048B (en) | Trusted security electronic certificate generation method | |
| CN116090000A (en) | File security management method, system, device, medium and program product | |
| CN111818094B (en) | Identity registration method, device and equipment | |
| KR20050078402A (en) | A system for verifying forged electronic documents of electronic document and a method using thereof | |
| CN116137567A (en) | Block chain-based school certificate issuing verification method, system and device | |
| KR100934741B1 (en) | A method and apparatus for storing electronic documents, a method and apparatus for distributing electronic documents, and a recording medium having recorded thereon a program for performing the method. | |
| WO2022068693A1 (en) | Preprocessing method, processing method, decrypting and reading methods, device, and medium | |
| CN117744156A (en) | Enterprise data resource management method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |