CN111489211A - Billing processing method, billing processing device and billing processing medium - Google Patents
Billing processing method, billing processing device and billing processing medium Download PDFInfo
- Publication number
- CN111489211A CN111489211A CN202010241485.9A CN202010241485A CN111489211A CN 111489211 A CN111489211 A CN 111489211A CN 202010241485 A CN202010241485 A CN 202010241485A CN 111489211 A CN111489211 A CN 111489211A
- Authority
- CN
- China
- Prior art keywords
- tee
- invoicing
- billing
- digital signature
- electronic bill
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/04—Billing or invoicing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Development Economics (AREA)
- Software Systems (AREA)
- Finance (AREA)
- Economics (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Marketing (AREA)
- General Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention provides a billing processing method, a billing processing device and a billing processing medium, wherein the billing processing method comprises the following steps: when a request for starting invoicing by a user is detected, identity verification prompt information is output, the identity verification information input by the user according to the identity verification prompt information is obtained, if the identity verification information passes verification, an electronic bill is generated according to invoicing data submitted by the user, a private key of a TEE (telephone exchange equipment) of the invoicing equipment is called to carry out digital signature on the electronic bill to obtain the electronic bill with the digital signature, and the electronic bill with the digital signature is sent to a node of a block chain network, so that the node writes the electronic bill with the digital signature into a block chain.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a billing processing method, device and medium.
Background
At present, along with the development of block chains, electronic invoices become a choice of a plurality of enterprises, the enterprises can issue the electronic invoices according to self needs, a invoicing person sends an invoicing request to an electronic tax office through invoicing equipment, the electronic tax office obtains authorization after auditing, and the invoicing person can issue the invoices. The process is to check the billing data, and if the billing data is successfully checked, the bill can be issued, but the mode cannot ensure the safety and reliability of the billing.
Disclosure of Invention
The embodiment of the invention provides an invoicing processing method, an invoicing processing device and a medium, which can be used for rapidly carrying out identity verification on an enterprise with electronic bills and an invoicing device, thereby ensuring the safety and reliability of the invoicing process.
A first aspect of an embodiment of the present invention provides an invoicing processing method, which is applied to an invoicing device, where the invoicing device is configured with a trusted execution environment TEE, and the method includes:
when detecting that a user starts a billing request, outputting identity verification prompt information;
acquiring authentication information input by the user according to the authentication prompt information;
if the identity authentication information passes the authentication, generating an electronic bill according to the invoicing data submitted by the user;
and calling a private key of the TEE of the billing equipment to digitally sign the electronic bill to obtain the electronic bill with the digital signature, and sending the electronic bill with the digital signature to a node of a block chain network so that the node writes the electronic bill with the digital signature into a block chain.
A second aspect of the embodiments of the present invention provides a billing processing method, which is applied to a node of a blockchain network, and includes:
receiving an electronic bill with a digital signature sent by an invoicing device, wherein the invoicing device is configured with a trusted execution environment TEE, and the electronic bill with the digital signature is generated by the invoicing device according to invoicing data submitted by a user and obtained by calling a private key of the TEE of the invoicing device to carry out digital signature;
inquiring configuration information of a TEE of the billing device from a block chain, and verifying the digital signature by using the configuration information, wherein the configuration information comprises a public key of the TEE;
and if the verification is passed, writing the electronic bill with the digital signature into the block chain.
A third aspect of the embodiments of the present invention provides an invoicing processing apparatus, which is applied to an invoicing device, where the invoicing device is configured with a trusted execution environment TEE, and the invoicing processing apparatus includes:
the output module is used for outputting the identity verification prompt information when detecting that the user starts the billing request;
the acquisition module is used for acquiring the authentication information input by the user according to the authentication prompt information;
the generating module is used for generating an electronic bill according to the invoicing data submitted by the user if the identity authentication information passes the authentication;
and the processing module is used for calling a private key of the TEE of the billing equipment to digitally sign the electronic bill to obtain the electronic bill with the digital signature, and sending the electronic bill with the digital signature to a node of the block chain network so that the node writes the electronic bill with the digital signature into the block chain.
A fourth aspect of the present invention provides an invoicing processing apparatus, applied to a node of a block chain network, including:
the receiving module is used for receiving an electronic bill with a digital signature sent by an invoicing device, the invoicing device is configured with a trusted execution environment TEE, and the electronic bill with the digital signature is generated by the invoicing device according to invoicing data submitted by a user and obtained by calling a private key of the TEE of the invoicing device to carry out digital signature;
the processing module is used for inquiring configuration information of the TEE of the billing equipment from a block chain and verifying the digital signature by utilizing the configuration information, wherein the configuration information comprises a public key of the TEE;
and the writing module is used for writing the electronic bill with the digital signature into the block chain if the verification is passed.
A fifth aspect of the embodiments of the present invention provides a computer storage medium, in which program instructions are stored, and when the program instructions are executed, the computer storage medium is configured to implement the billing processing method of the first aspect of the embodiments or the billing processing method of the second aspect of the embodiments.
In the embodiment of the invention, when the billing equipment detects that a billing request is started by a user, the identity verification prompt information is output, then the identity verification information input by the user according to the identity prompt information is obtained, the billing equipment generates a bill according to the billing data submitted by the user after the identity verification information passes the verification, the private key of the TEE of the billing equipment is called to carry out digital signature, and the electronic bill with the digital signature is sent to the block chain node, so that the node writes the electronic bill with the digital signature into the block chain, and the identity verification can be rapidly carried out on enterprises with the electronic bill and the billing equipment, thereby ensuring the safety and reliability of the billing process.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an invoicing processing system according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of an invoicing processing method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of another billing processing method provided by the embodiment of the invention;
fig. 4 is a schematic structural diagram of an invoicing processing device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of another billing processing device provided by the embodiment of the invention;
FIG. 6 is a schematic diagram of an invoicing apparatus provided by an embodiment of the invention;
fig. 7 is a schematic diagram of a node device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
At present, an enterprise wants to make an electronic invoice and sends an invoicing request to an electronic tax office, the electronic tax office needs to check the data (such as amount, transaction parties and transaction types) of the electronic invoice for the enterprise, if the check is successful, the enterprise can make the electronic invoice, but the identities of the enterprise submitting the invoicing request and the invoicing equipment of the electronic tax office cannot be guaranteed. The embodiment of the invention provides a billing processing method, which respectively carries out identity authentication on billing enterprises and billing equipment by utilizing identity authentication information and a trusted execution environment TEE, thereby ensuring the safety and reliability of the whole billing process.
Fig. 1 is a schematic structural diagram of an invoicing processing system according to an embodiment of the present invention, where the invoicing processing system includes a block chain network 10, an invoicing device 102, and an electronic tax office 103, where:
the blockchain network 10 includes a plurality of nodes 101, each node 101 may receive input information during normal operation, and maintain shared data (i.e., blockchain) in the blockchain network based on the received input information, when any node in the blockchain network receives the input information, other nodes acquire the input information according to a consensus algorithm, and store the input information as data in the shared data, so that the data stored in all nodes in the blockchain network are consistent.
A normal Execution Environment (REE) and a Trusted Execution Environment (TEE) are configured in the billing device 102. REE is an execution environment provided and managed by an operating system (e.g., Android, Windows, etc.), external to the TEE, from the TEE's perspective, both REE and the processes running therein are considered untrusted. The TEE corresponds to the REE and is an executable environment with independent security, the TEE has security capability control and meets the requirements of some specific security requirements, resources in the TEE can be protected from common software attack, and many types of security threats can be resisted. The TEE is a secure area, which provides an execution space through an isolated execution environment, and the space has stronger security compared with the REE, is richer than the functions of a secure chip, and provides confidentiality and integrity protection of codes and data. The user may therefore have many Trusted Applications (TAs) in the TEE to secure the data in the executing Application. The billing device 102 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like, which is not limited in the present invention.
The billing device 102 and the electronic tax office 103 may access the blockchain network to communicate with nodes in the blockchain network. In fig. 1, a trusted execution environment TEE is configured in an invoicing device 102, the TEE in the invoicing device can send a registration request to an electronic tax office 103, and then the electronic tax office 103 authenticates the TEE of the invoicing device 102 according to configuration information of the TEE to determine configuration information of the TEE and a binding relationship between a user and the invoicing device. The invoicing device 102 can also send the electronic bill digitally signed by the private key of the invoicing device TEE to the node 101, and the node 101 can verify the digitally signed electronic bill by the public key of the TEE in the block chain, so that the authenticity of the invoicing device and the validity of the digitally signed electronic bill are ensured.
In a feasible embodiment, when a user makes an invoice by using the invoicing equipment 102, the user can input authentication information (such as face information, fingerprint information, gesture information and a character sequence) according to the authentication prompt information, the electronic bill can be generated according to the invoicing data after the authentication is successful, then the electronic bill is digitally signed by using a private key of a TEE (terminal equipment) of the invoicing equipment, and the electronic bill with the digital signature is sent to a node 101 of a block chain network, so that the node 101 writes the electronic bill with the digital signature into the block chain, the authentication of the user and the invoicing equipment identity is realized, the security of the invoicing is ensured, and meanwhile, the chaining of the electronic bill with the digital signature is ensured, and the data cannot be tampered.
In a feasible embodiment, the node 101 receives an electronic bill with a digital signature sent by an invoicing device, the invoicing device is configured with a trusted execution environment TEE, the electronic bill with the digital signature is generated by the invoicing device according to invoicing data submitted by a user, a private key of the TEE of the invoicing device is called for digital signature, the node 101 can inquire configuration information of the TEE of the invoicing device from a block chain, the digital signature is verified by using the configuration information, and if the verification is passed, the electronic bill with the digital signature is written into the block chain, so that the verification of the invoicing device is realized, and the authenticity of the electronic bill with the digital signature is ensured.
The implementation details of the technical scheme of the embodiment of the invention are explained in detail as follows:
please refer to fig. 2, which is a schematic flow diagram of a billing processing method according to an embodiment of the present invention, the billing processing method according to the embodiment of the present invention is applied to a billing device, the billing device may be a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like, and the billing processing method includes the following steps:
201. and when detecting that the user starts the billing request, outputting the identity verification prompt information.
The user may be a person who performs invoicing, i.e., an invoicer.
In a feasible embodiment, when the billing device detects that the user starts the billing request, the billing device outputs the authentication prompt information according to the billing request in a preset mode, wherein the preset mode can be a pop-up prompt interface, a voice prompt and the like. For example, when the billing device detects that a user starts a billing request, the billing device sets a pop-up prompt interface in advance, the billing device pops up an authentication prompt message of 'please input a fingerprint' and the like according to the billing request, or the billing device sets a voice prompt in advance, and the billing device outputs a voice prompt of 'please scan a face' according to the billing request.
In a possible embodiment, before outputting the identity verification prompt information when the billing device detects a request for starting billing of a user, after detecting that the user logs in the tax office server, the billing device sends a registration request of the billing device to the tax office server, where the registration request includes configuration information of a TEE of the billing device, and the registration request is used to instruct the tax office server to write configuration information of the TEE of the billing device and a binding relationship between the user and the billing device into a block chain after the TEE of the billing device is authenticated according to the configuration information of the TEE of the billing device. The configuration information of the TEE may include an identifier of the TEE, a private key of the TEE, a TEE authentication method, and the like. The billing equipment logs in a tax office server by using an account number or an authentication code of the tax office firstly, then sends a registration request to the tax office server, the tax office server remotely verifies the billing equipment by using configuration information of a TEE of the billing equipment according to the registration request, after the verification is passed, the billing equipment sends the configuration information of the TEE and a binding relationship between a user and the billing equipment to a block chain network, and nodes in the block chain network write the configuration information of the TEE of the billing equipment and the binding relationship between the user and the billing equipment into a block chain after common identification.
For example, when the billing equipment TEE wants to register a request to a tax office server, the billing equipment uses a tax office account to log in a tax office, and notifies the tax office server that a certain equipment is to be billed, the billing equipment has a computable environment, then configuration information of the TEE in the equipment (for example, a public key and a verification mode of the TEE are a public and private key consistency verification mode) is sent to the tax office server, the tax office server verifies the TEE according to the verification mode in the configuration information of the TEE, that is, the tax office server remotely verifies a private key of the TEE in the billing equipment according to the public key of the TEE, if the public and private keys are a pair, the registration of the TEE in the billing equipment is successful, that is, the configuration information of the TEE and the binding relationship between a user and the billing equipment are sent to a block chain for uplink.
For another example, after logging in a tax office, the configuration information (such as the identification and verification mode of the TEE) of the TEE in the billing equipment is sent to a tax office server, then the tax office server verifies the identification of the TEE in the configuration information of the TEE, if the verification is passed, the TEE in the billing equipment is successfully registered, that is, the configuration information of the TEE and the binding relationship between the user and the billing equipment are sent to the block chain for uplink.
It should be noted that, the public and private keys, the identifiers, the addresses, etc. of the TEE of the invoicing device are unique, so the configuration information of the TEE and the configuration information of the user and the invoicing device are bound, after the device is registered, other devices cannot forge the device or falsify the user for invoicing, once the device is lost, the invoicing person can go to the tax bureau to log off the original device, and during the period, other people obtain the secret key information (gestures, fingerprints and pin codes) of the device, and the device cannot be invoiced because the secret key information (gestures, fingerprints and pin codes) of the invoicing person does not exist.
202. And acquiring the authentication information input by the user according to the authentication prompt information.
In a possible embodiment, the authentication information may be face information, fingerprint information, gesture information, a character sequence, and the like, wherein the character sequence may be a PIN code in the mobile phone, a number set by the user, a letter, and the like. For example, the invoicing device can acquire the face information of the invoicing person by scanning the face of the invoicing person; the billing device can identify the input password by inputting the password (character sequence).
203. And if the identity authentication information passes the authentication, generating an electronic bill according to the invoicing data submitted by the user.
Where the billing data may include transaction type, amount, time, etc.
Specifically, the invoicing equipment passes the verification if the obtained identity verification information is consistent with the storage of the invoicing equipment, and then generates an electronic invoice according to the invoicing data submitted by the user.
In a feasible embodiment, after the identity authentication information is verified, the billing device outputs a billing application interface of the billing client, then obtains billing data submitted by a user through the billing application interface, and then generates an electronic bill according to the billing data in a TEE of the billing device. The invoicing client here can be understood as an application (invoicing client) in the TEE of the invoicing device which is trusted in the TEE, i.e. the invoicing client in the TEE of the invoicing device generates an electronic ticket from the invoicing data.
In another feasible embodiment, after the identity authentication information is verified, the billing equipment outputs a billing application interface of the billing client, and then acquires billing data submitted by a user through the billing application interface to generate the electronic bill according to the billing data. The invoicing client is not in the TEE of the invoicing device, namely, the invoicing client in the invoicing device generates the electronic ticket according to the invoicing data.
In a possible embodiment, the invoicing device may output the authentication prompt message when detecting that the user starts the invoicing request, and output the authentication prompt message when the invoicing device detects that the user starts the invoicing request after the authentication of the authentication prompt message passes a preset time period. For example, the billing device detects that the user starts a billing request, outputs the authentication prompt information, and after the authentication information passes the authentication, within three minutes, if the billing device detects that the user starts the billing request again, the billing device may generate an electronic ticket according to billing data submitted by the user. The preset time can be set according to the requirements of the user.
Alternatively, the invoicing device may output the authentication prompt each time it detects that the user initiates an invoicing request. For example, the billing device detects that a user starts a billing request, outputs authentication prompt information, and generates an electronic bill according to billing data submitted by the user after the authentication information passes. When the billing equipment detects the billing request of the user again, the billing equipment still outputs the identity verification prompt information, and after the identity verification information is verified, the billing equipment generates the electronic bill according to the billing data submitted by the user.
204. And calling a private key of the TEE of the billing equipment to digitally sign the electronic bill to obtain the electronic bill with the digital signature, and sending the electronic bill with the digital signature to a node of the block chain network so that the node writes the electronic bill with the digital signature into the block chain.
Specifically, the invoicing equipment generates a digital abstract by utilizing a Hash algorithm for an issued electronic invoice, then encrypts the digital abstract by utilizing a private key of a TEE of the invoicing equipment, finally forms an electronic bill with a digital signature, and then sends the electronic bill with the digital signature to a node of a block chain network, so that the node verifies the electronic bill with the digital signature, and writes the electronic bill with the digital signature into the block chain after the verification is successful. The signature is carried out on the electronic invoice, validity and authenticity of data are guaranteed, and the signature is conveniently sent to the block chain network node for verification.
In a feasible embodiment, the electronic bill is generated in the invoicing device instead of the TEE of the invoicing device, the electronic bill is digitally signed by calling a private key of the TEE of the invoicing device at the invoicing device, and the obtained digitally signed electronic bill can be the TEE of the invoicing device transferring the electronic bill into the invoicing device, so that the TEE digitally signs the electronic bill by using the private key of the TEE to obtain the digitally signed electronic bill, and then the invoicing device obtains the digitally signed electronic bill returned by the TEE.
In another possible embodiment, the electronic ticket is generated in the TEE of the invoicing device, and the invoicing device directly utilizes the private key of the TEE of the invoicing device to digitally sign the electronic ticket to obtain the digitally signed electronic ticket.
In the embodiment of the invention, when the billing equipment detects that a user starts a billing request, identity verification prompt information is output, then the billing equipment acquires identity verification information input by the user according to the identity verification prompt information, if the identity verification information passes verification, an electronic bill is generated according to billing data submitted by the user, then the billing equipment calls a private key of a TEE (telephone exchange equipment) of the billing equipment to digitally sign the electronic bill to obtain the electronic bill with the digital signature, and sends the electronic bill with the digital signature to a node of a block chain network, so that the node writes the electronic bill with the digital signature into the block chain, and the security and reliability of the billing process are ensured by verifying the identity verification information of the user and signing the electronic bill by using the private key of the TEE of the billing equipment.
Fig. 3 is a schematic flow chart of another billing processing method according to an embodiment of the present invention, where the billing processing method according to the embodiment of the present invention is applied to a node of a block chain network, and the billing processing method includes the following steps:
301. receiving an electronic bill with a digital signature sent by an invoicing device, wherein the invoicing device is configured with a trusted execution environment TEE, and the electronic bill with the digital signature is generated by the invoicing device according to invoicing data submitted by a user and obtained by calling a private key of the TEE of the invoicing device to carry out digital signature.
Specifically, the node receives an electronic bill with a digital signature sent by the billing device, wherein the electronic bill with the digital signature is obtained by signing an electronic bill generated by the billing device according to billing data submitted by a user through a private key of a TEE of the billing device.
In a feasible embodiment, before the node receives the electronic ticket with the digital signature sent by the invoicing device, the node receiving tax office server sends the configuration information of the TEE of the invoicing device and the binding relationship between the user and the invoicing device after the TEE of the invoicing device is authenticated, and writes the configuration information of the TEE of the invoicing device and the binding relationship between the user and the invoicing device into the block chain. When the node receives the configuration information of the TEE of the billing equipment and the binding relationship between the user and the billing equipment, which are sent by the tax office server, the node verifies the configuration information of the TEE of the billing equipment and the binding relationship between the user and the billing equipment, which are sent by the tax office server, and when all the nodes successfully verify the binding information in a consensus mode, the configuration information of the TEE of the billing equipment and the binding relationship between the user and the billing equipment are written into the block chain.
302. And inquiring the configuration information of the TEE of the billing device from the block chain, and verifying the digital signature by using the configuration information, wherein the configuration information comprises the public key of the TEE.
Specifically, the node queries a public key of the configuration information of the billing device from the block chain network according to the configuration information of the TEE of the billing device and the binding relationship between the user and the billing device, and then verifies the electronic bill with the digital signature according to the public key in the queried configuration information. The node inquires the configuration information of the TEE of the billing device and the binding relationship between the user and the billing device from the block chain network so as to inquire which public key of the billing device is bound, and the public key of the corresponding billing device is obtained to verify the digital signature.
In a possible embodiment, before querying the configuration information of the TEE of the billing device from the block chain, the node receives that the billing device sends a verification request, where the verification request is used to instruct the node to query the configuration information of the TEE of the target billing device from the block chain according to the configuration information of the TEE of the billing device and the binding relationship between the user and the billing device, and the configuration information includes a public key of the TEE. For example, when the invoicing device sends an electronic invoice with a digital signature, a verification request is sent at the same time, the node receives the electronic invoice with the digital signature and the verification request, the verification request is used for indicating the node to inquire the configuration information of the TEE of the target invoicing device from the block chain according to the configuration information of the TEE of a certain invoicing device and the binding relationship between the user and the invoicing device, then the node inquires the public key in the configuration information of the TEE corresponding to the invoicing device from the block chain network according to the configuration information of the TEE of the invoicing device and the binding relationship between the user and the invoicing device, and then the public key of the TEE is used for verifying the digital signature.
303. And if the verification is passed, writing the electronic bill with the digital signature into the block chain.
Specifically, the node acquires a public key of the TEE of the invoicing device, decrypts a private key in the digital signature by using the public key, if the public key is a pair of public and private keys, the verification is successful, and the validity of the signature, namely the authenticity of the invoicing device, is proved. Meanwhile, after the decrypted digital signature is used, the node needs the electronic invoice to verify the authenticity of the data. After the public key is used for successfully verifying, acquiring a digital abstract of the electronic invoice, then performing a hash algorithm on the electronic invoice to acquire another digital abstract, comparing whether the two digital abstracts are consistent or not, and if so, writing the electronic bill with the digital signature into a block chain.
In a feasible embodiment, the step of writing the electronic bill with the digital signature into the block chain may be that the node verifies the electronic bill with the digital signature, and after the verification is completed, the electronic bill with the digital signature is stored in a memory pool, and a hash tree for recording input information is updated; and then updating the updating time stamp to the time of receiving the electronic bill with the digital signature, trying different random numbers, calculating characteristic values for multiple times, calculating to obtain the random numbers meeting conditions, correspondingly storing the information, generating a block head and a block main body, and obtaining the electronic bill block containing the digital signature. And then, the node where the block chain is located respectively sends the newly generated electronic bill blocks with the digital signature to other nodes in the block chain network where the newly generated electronic bill blocks with the digital signature are located according to the node identifications of the other nodes in the block chain network, the other nodes carry out consensus verification on the electronic bill blocks with the digital signature, and if the verification is passed, the electronic bill blocks with the digital signature are added into the block chain stored in the block chain.
It should be noted that the present invention not only links the electronic ticket with the digital signature, but also links the electronic ticket with the digital signature through the public key decryption verification process in the TEE, so as to ensure the integrity of the whole invoicing process.
In the embodiment of the invention, a node receives an electronic bill with a digital signature sent by a billing device, the billing device is configured with a trusted execution environment TEE, the electronic bill with the digital signature is generated by the billing device according to billing data submitted by a user and obtained by calling a private key of the TEE of the billing device to perform digital signature, then the node inquires configuration information of the TEE of the billing device from a block chain and verifies the digital signature by using the configuration information, the configuration information comprises a public key of the TEE, if the verification is passed, the node writes the electronic bill with the digital signature into the block chain, and the TEE in the billing device is verified by using the configuration information of the TEE of the electronic bill with the digital signature, so that the authenticity of the electronic bill with the digital signature is ensured.
Fig. 4 is a schematic structural diagram of an invoicing processing apparatus according to an embodiment of the present invention. The billing processing apparatus described in this embodiment is applied to a billing device, where the billing device is configured with a trusted execution environment TEE, and includes:
the output module 401 is configured to output an authentication prompt message when detecting that a user starts a billing request;
an obtaining module 402, configured to obtain authentication information input by the user according to the authentication prompt information;
a generating module 403, configured to generate an electronic ticket according to the invoicing data submitted by the user if the authentication information passes the authentication;
the processing module 404 is configured to invoke a private key of the TEE of the billing device to digitally sign the electronic ticket, obtain an electronic ticket with a digital signature, and send the electronic ticket with the digital signature to a node of a block chain network, so that the node writes the electronic ticket with the digital signature into a block chain.
Optionally, the apparatus further comprises: a sending module 405, wherein:
the sending module 405 is configured to send a registration request of the billing device to a tax office server after detecting that the user logs in the tax office server, where the registration request includes configuration information of a TEE of the billing device, and the registration request is used to instruct the tax office server to write the configuration information of the TEE of the billing device and a binding relationship between the user and the billing device into a block chain after the TEE of the billing device is authenticated according to the configuration information of the TEE of the billing device.
Optionally, the processing module 404 is specifically configured to:
the electronic bill is transmitted into a TEE of the billing equipment, so that the TEE carries out digital signature on the electronic bill by using a private key of the TEE to obtain an electronic bill with a digital signature;
and acquiring the electronic bill with the digital signature returned by the TEE.
Optionally, the generating module 403 is specifically configured to:
outputting an invoicing application interface of the invoicing client;
acquiring billing data submitted by the user through the billing application interface;
and generating an electronic bill in the TEE of the billing equipment according to the billing data.
Optionally, the identity verification information comprises one or more of facial information, fingerprint information, gesture information, and a sequence of characters.
In the embodiment of the invention, when a request for making out a bill is detected to start by a user, an output module 401 outputs identity verification prompt information, an acquisition module 402 acquires the identity verification information input by the user according to the identity verification prompt information, if the identity verification information passes verification, a generation module 403 generates an electronic bill according to the making out bill data submitted by the user, a processing module 404 calls a private key of a TEE of a making out bill device to digitally sign the electronic bill to obtain the electronic bill with the digital signature, and sends the electronic bill with the digital signature to a node of a block chain network, so that the node writes the electronic bill with the digital signature into the block chain, and the security and reliability of the making out a bill process are ensured by verifying the identity of the user and encrypting by using the TEE private key.
It can be understood that the functions of each module of the billing processing apparatus of this embodiment can be specifically implemented according to the method in fig. 2 in the foregoing embodiment, and the specific implementation process thereof may refer to the related description of the method embodiment in fig. 2, which is not described herein again.
Fig. 5 is a schematic structural diagram of another billing processing apparatus according to an embodiment of the present invention. The billing processing apparatus described in this embodiment is applied to a node of a block chain network, and includes:
the receiving module 501 is configured to receive an electronic ticket with a digital signature sent by an invoicing device, where the invoicing device is configured with a trusted execution environment TEE, and the electronic ticket with the digital signature is generated by the invoicing device according to invoicing data submitted by a user and obtained by calling a private key of the TEE of the invoicing device to perform digital signature;
a processing module 502, configured to query configuration information of a TEE of the invoicing apparatus from a block chain, and verify the digital signature by using the configuration information, where the configuration information includes a public key of the TEE;
and a writing module 503, configured to write the electronic ticket with the digital signature into the block chain if the verification passes.
Optionally, the apparatus further comprises: a receiving module 504, wherein:
the receiving module 504 is configured to receive, after the TEE authentication of the invoicing apparatus is passed, the configuration information of the TEE of the invoicing apparatus and the binding relationship between the user and the invoicing apparatus, which are sent by the tax office server;
the writing module 503 is further configured to write the configuration information of the TEE of the billing device and the binding relationship between the user and the billing device into a block chain.
In the embodiment of the present invention, a receiving module 501 receives an electronic ticket with a digital signature sent by an invoicing device, the invoicing device is configured with a trusted execution environment TEE, the electronic ticket with the digital signature is generated by the invoicing device according to invoicing data submitted by a user, and a private key of the TEE of the invoicing device is called to perform digital signature to obtain the electronic ticket, then a processing module 502 queries configuration information of the TEE of the invoicing device from a block chain, and verifies the digital signature by using the configuration information, wherein the configuration information includes a public key of the TEE, and then if the configuration information passes verification, a writing module 503 writes the electronic ticket with the digital signature into the block chain to verify the invoicing device of the invoicing device, thereby ensuring the security of invoicing.
It can be understood that the functions of the modules of the billing processing apparatus of this embodiment can be specifically implemented according to the method in fig. 3 in the above embodiment, and the specific implementation process thereof may refer to the description related to the method embodiment in fig. 3, which is not described herein again.
Fig. 6 is a schematic structural diagram of an invoicing apparatus according to an embodiment of the present invention. The invoicing device described in this embodiment is configured with a trusted execution environment TEE, including: a processor 601, a network interface 602, and a memory 603. The processor 601, the network interface 602, and the memory 603 may be connected by a bus or other means, and the embodiment of the present invention is exemplified by being connected by a bus.
The network interface 602 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI, mobile communication interface, etc.), and is controlled by the processor 601 to transmit and receive data, the Memory 603(Memory) is a Memory device of the server and is used for storing programs and data, it is understood that the Memory 603 may be a high-speed RAM Memory, a non-volatile Memory (e.g., at least one disk Memory), and optionally at least one storage device located away from the processor 601, the Memory 603 provides a storage space storing an operating system and executable program codes of the server, which may include, but is not limited to, a Windows system (an operating system), an L inux system, and the like, and the present invention is not limited thereto.
In the embodiment of the present invention, the processor 601 executes the executable program code in the memory 603 to perform the following operations:
when detecting that a user starts a billing request, outputting identity verification prompt information;
acquiring authentication information input by the user according to the authentication prompt information;
if the identity authentication information passes the authentication, generating an electronic bill according to the invoicing data submitted by the user;
and calling a private key of the TEE of the billing equipment to digitally sign the electronic bill to obtain the electronic bill with the digital signature, and sending the electronic bill with the digital signature to a node of a block chain network so that the node writes the electronic bill with the digital signature into a block chain.
Optionally, the processor 601 is further configured to:
after detecting that the user logs in a tax office server, sending a registration request of the billing device to the tax office server, wherein the registration request comprises configuration information of a TEE of the billing device, and the registration request is used for indicating the tax office server to write the configuration information of the TEE of the billing device and a binding relationship between the user and the billing device into a block chain after the TEE of the billing device is authenticated according to the configuration information of the TEE of the billing device.
Optionally, the processor 601 calls a private key of the TEE of the billing device to digitally sign the electronic ticket, and a specific implementation manner of obtaining the electronic ticket with the digital signature is as follows:
the electronic bill is transmitted into a TEE of the billing equipment, so that the TEE carries out digital signature on the electronic bill by using a private key of the TEE to obtain an electronic bill with a digital signature;
and acquiring the electronic bill with the digital signature returned by the TEE.
Optionally, a specific implementation manner of the processor 601 generating the electronic ticket according to the invoicing data submitted by the user is as follows:
outputting an invoicing application interface of the invoicing client;
acquiring billing data submitted by the user through the billing application interface;
and generating an electronic bill in the TEE of the billing equipment according to the billing data.
Optionally, the identity verification information comprises one or more of facial information, fingerprint information, gesture information, and a sequence of characters.
In a specific implementation, the processor 601, the network interface 602, and the memory 603 described in this embodiment of the present invention may execute the implementation described in the flow of the billing processing method provided in fig. 2 in this embodiment of the present invention, and may also execute the implementation described in the billing processing apparatus provided in fig. 4 in this embodiment of the present invention, which is not described herein again.
In the embodiment of the invention, when detecting that a user starts a billing request, the processor 601 outputs the authentication prompt information, and then acquires the authentication information input by the user according to the authentication prompt information; if the authentication information passes the authentication, the processor 601 generates an electronic bill according to the invoicing data submitted by the user, calls a private key of a TEE of the invoicing equipment to digitally sign the electronic bill to obtain the electronic bill with the digital signature, and sends the electronic bill with the digital signature to a node of the block chain network, so that the node writes the electronic bill with the digital signature into the block chain, and the security and the reliability of the invoicing process are ensured by authenticating the user identity and encrypting the electronic bill with the TEE private key.
Fig. 7 is a schematic structural diagram of a node device according to an embodiment of the present invention. The node device described in this embodiment includes: a processor 701, a network interface 702, and a memory 703. The processor 701, the network interface 702, and the memory 703 may be connected by a bus or other means, and the embodiment of the present invention is exemplified by being connected by a bus.
The network interface 702 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI, mobile communication interface, etc.), and is controlled by the processor 701 to transmit and receive data, the Memory 703(Memory) is a Memory device of the node device and is used for storing programs and data, it is understood that the Memory 703 may be a high-speed RAM Memory, a non-volatile Memory (non-volatile Memory), such as at least one disk Memory, and optionally at least one storage device located away from the processor 701, the Memory 703 provides a storage space storing an operating system and executable program codes of the node device, which may include, but is not limited to, a Windows system (an operating system), L inux (an operating system) system, and the like, and the present invention is not limited thereto.
In the embodiment of the present invention, the processor 701 executes the executable program code in the memory 703 to perform the following operations:
receiving an electronic bill with a digital signature sent by an invoicing device, wherein the invoicing device is configured with a trusted execution environment TEE, and the electronic bill with the digital signature is generated by the invoicing device according to invoicing data submitted by a user and obtained by calling a private key of the TEE of the invoicing device to carry out digital signature;
inquiring configuration information of a TEE of the billing device from a block chain, and verifying the digital signature by using the configuration information, wherein the configuration information comprises a public key of the TEE;
and if the verification is passed, writing the electronic bill with the digital signature into the block chain.
Optionally, the processor 701 is further configured to:
after the TEE authentication of the invoicing equipment is passed, the receiving tax office server sends the configuration information of the TEE of the invoicing equipment and the binding relationship between the user and the invoicing equipment;
and writing the configuration information of the TEE of the billing equipment and the binding relationship between the user and the billing equipment into a block chain.
In a specific implementation, the processor 701, the network interface 702, and the memory 703 described in this embodiment of the present invention may execute the implementation described in the flow of the billing processing method provided in fig. 3 in this embodiment of the present invention, and may also execute the implementation described in the billing processing apparatus provided in fig. 5 in this embodiment of the present invention, which is not described herein again.
The embodiment of the invention also provides a computer-readable storage medium, which stores a computer program, wherein the computer program comprises program instructions, and the program instructions can execute the steps executed in the invoicing processing embodiment when being executed by a processor.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. An invoicing processing method is applied to an invoicing device, and the invoicing device is configured with a Trusted Execution Environment (TEE), and the method comprises the following steps:
when detecting that a user starts a billing request, outputting identity verification prompt information;
acquiring authentication information input by the user according to the authentication prompt information;
if the identity authentication information passes the authentication, generating an electronic bill according to the invoicing data submitted by the user;
and calling a private key of the TEE of the billing equipment to digitally sign the electronic bill to obtain the electronic bill with the digital signature, and sending the electronic bill with the digital signature to a node of a block chain network so that the node writes the electronic bill with the digital signature into a block chain.
2. The method of claim 1, wherein before outputting the authentication prompt message when the user's request for initiating billing is detected, the method further comprises:
after detecting that the user logs in a tax office server, sending a registration request of the billing device to the tax office server, wherein the registration request comprises configuration information of a TEE of the billing device, and the registration request is used for indicating the tax office server to write the configuration information of the TEE of the billing device and a binding relationship between the user and the billing device into a block chain after the TEE of the billing device is authenticated according to the configuration information of the TEE of the billing device.
3. The method of claim 1 or 2, wherein the invoking of the private key of the TEE of the invoicing apparatus digitally signs the electronic ticket, resulting in a digitally signed electronic ticket, comprises:
the electronic bill is transmitted into a TEE of the billing equipment, so that the TEE carries out digital signature on the electronic bill by using a private key of the TEE to obtain an electronic bill with a digital signature;
and acquiring the electronic bill with the digital signature returned by the TEE.
4. The method of claim 1, wherein generating an electronic ticket from billing data submitted by the user comprises:
outputting an invoicing application interface of the invoicing client;
acquiring billing data submitted by the user through the billing application interface;
and generating an electronic bill in the TEE of the billing equipment according to the billing data.
5. The method of claim 1, wherein the authentication information comprises one or more of facial information, fingerprint information, gesture information, and a sequence of characters.
6. An invoicing processing method, applied to a node of a blockchain network, comprising:
receiving an electronic bill with a digital signature sent by an invoicing device, wherein the invoicing device is configured with a trusted execution environment TEE, and the electronic bill with the digital signature is generated by the invoicing device according to invoicing data submitted by a user and obtained by calling a private key of the TEE of the invoicing device to carry out digital signature;
inquiring configuration information of a TEE of the billing device from a block chain, and verifying the digital signature by using the configuration information, wherein the configuration information comprises a public key of the TEE;
and if the verification is passed, writing the electronic bill with the digital signature into the block chain.
7. The method of claim 6, wherein the receiving the digitally signed electronic ticket sent by the issuing device is preceded by:
after the TEE authentication of the invoicing equipment is passed, the receiving tax office server sends the configuration information of the TEE of the invoicing equipment and the binding relationship between the user and the invoicing equipment;
and writing the configuration information of the TEE of the billing equipment and the binding relationship between the user and the billing equipment into a block chain.
8. An apparatus for processing invoices, which is applied to an invoicing device configured with a Trusted Execution Environment (TEE), the apparatus comprising:
the output module is used for outputting the identity verification prompt information when detecting that the user starts the billing request;
the acquisition module is used for acquiring the authentication information input by the user according to the authentication prompt information;
the generating module is used for generating an electronic bill according to the invoicing data submitted by the user if the identity authentication information passes the authentication;
and the processing module is used for calling a private key of the TEE of the billing equipment to digitally sign the electronic bill to obtain the electronic bill with the digital signature, and sending the electronic bill with the digital signature to a node of the block chain network so that the node writes the electronic bill with the digital signature into the block chain.
9. An invoicing processing apparatus, for use in a node of a blockchain network, the apparatus comprising:
the receiving module is used for receiving an electronic bill with a digital signature sent by an invoicing device, the invoicing device is configured with a trusted execution environment TEE, and the electronic bill with the digital signature is generated by the invoicing device according to invoicing data submitted by a user and obtained by calling a private key of the TEE of the invoicing device to carry out digital signature;
the processing module is used for inquiring configuration information of the TEE of the billing equipment from a block chain and verifying the digital signature by utilizing the configuration information, wherein the configuration information comprises a public key of the TEE;
and the writing module is used for writing the electronic bill with the digital signature into the block chain if the verification is passed.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to perform the method of any of claims 1-5 or 6-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010241485.9A CN111489211A (en) | 2020-03-31 | 2020-03-31 | Billing processing method, billing processing device and billing processing medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010241485.9A CN111489211A (en) | 2020-03-31 | 2020-03-31 | Billing processing method, billing processing device and billing processing medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111489211A true CN111489211A (en) | 2020-08-04 |
Family
ID=71812470
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010241485.9A Pending CN111489211A (en) | 2020-03-31 | 2020-03-31 | Billing processing method, billing processing device and billing processing medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111489211A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116777397A (en) * | 2023-08-02 | 2023-09-19 | 广州市振邦信息科技有限公司 | Electronic bill management method, device, terminal and storage medium based on block chain |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105429760A (en) * | 2015-12-01 | 2016-03-23 | 神州融安科技(北京)有限公司 | Method and system for identity verification of digital certificate based on TEE (Trusted Execution Environment) |
| US20190095879A1 (en) * | 2017-09-26 | 2019-03-28 | Cornell University | Blockchain payment channels with trusted execution environments |
| CN110383756A (en) * | 2016-07-29 | 2019-10-25 | 奇跃公司 | The secure exchange of ciphering signature record |
| CN110599137A (en) * | 2019-09-16 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Electronic bill data processing method and device and computer equipment |
| CN110601827A (en) * | 2019-09-12 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain-based identity recognition method, device and system and storage medium |
-
2020
- 2020-03-31 CN CN202010241485.9A patent/CN111489211A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105429760A (en) * | 2015-12-01 | 2016-03-23 | 神州融安科技(北京)有限公司 | Method and system for identity verification of digital certificate based on TEE (Trusted Execution Environment) |
| CN110383756A (en) * | 2016-07-29 | 2019-10-25 | 奇跃公司 | The secure exchange of ciphering signature record |
| US20190095879A1 (en) * | 2017-09-26 | 2019-03-28 | Cornell University | Blockchain payment channels with trusted execution environments |
| CN110601827A (en) * | 2019-09-12 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain-based identity recognition method, device and system and storage medium |
| CN110599137A (en) * | 2019-09-16 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Electronic bill data processing method and device and computer equipment |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116777397A (en) * | 2023-08-02 | 2023-09-19 | 广州市振邦信息科技有限公司 | Electronic bill management method, device, terminal and storage medium based on block chain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3319292B1 (en) | Methods, client and server for checking security based on biometric features | |
| CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
| CN108777684B (en) | Identity authentication method, system and computer readable storage medium | |
| JP5601729B2 (en) | How to log into a mobile radio network | |
| CN108833114A (en) | A kind of decentralization identity authorization system and method based on block chain | |
| TW201741922A (en) | Biological feature based safety certification method and device | |
| CN113572715B (en) | Data transmission method and system based on block chain | |
| CN109325342A (en) | Identity information management method, apparatus, computer equipment and storage medium | |
| WO2015188424A1 (en) | Key storage device and method for using same | |
| EP3206329B1 (en) | Security check method, device, terminal and server | |
| JP7309261B2 (en) | Authentication method for biometric payment device, authentication device for biometric payment device, computer device, and computer program | |
| CN108496323B (en) | Certificate importing method and terminal | |
| TWM595792U (en) | Authorization system for cross-platform authorizing access to resources | |
| CN110620763B (en) | Mobile identity authentication method and system based on mobile terminal APP | |
| CN111062059B (en) | Method and device for service processing | |
| CN110602051B (en) | Information processing method based on consensus protocol and related device | |
| CN111178896B (en) | Bus taking payment method, device and storage medium | |
| CN111489211A (en) | Billing processing method, billing processing device and billing processing medium | |
| CN2914498Y (en) | Information security device based on universal serial bus human-computer interaction type device | |
| CN111092734B (en) | Product activation authentication method based on ad hoc network communication | |
| CN117063174A (en) | Security module and method for inter-app trust through app-based identity | |
| CN113918932A (en) | Security authentication method and related components | |
| TWM580720U (en) | System for assisting a network service user in setting password for the first time | |
| CN113794685B (en) | Data transmission method and device based on credibility assessment | |
| CN113162772B (en) | PIN identity authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200804 |
|
| RJ01 | Rejection of invention patent application after publication |