CN113051539A - Method and device for calling digital certificate - Google Patents

Method and device for calling digital certificate Download PDF

Info

Publication number
CN113051539A
CN113051539A CN201911366459.2A CN201911366459A CN113051539A CN 113051539 A CN113051539 A CN 113051539A CN 201911366459 A CN201911366459 A CN 201911366459A CN 113051539 A CN113051539 A CN 113051539A
Authority
CN
China
Prior art keywords
tax
request
information
server
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911366459.2A
Other languages
Chinese (zh)
Inventor
石琛
马雁
张平
李继
刘畅
周磊
赵鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201911366459.2A priority Critical patent/CN113051539A/en
Publication of CN113051539A publication Critical patent/CN113051539A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Abstract

The invention provides a method and a device for calling a digital certificate, which are used for solving the problem that the cost for maintaining server equipment is higher due to the adoption of a 'soft certificate' mode in the prior art. The method is applied to a server and comprises the following steps: receiving a first request, wherein the first request is used for requesting tax information from a service platform providing tax service; the first request carries the tax number of the user corresponding to the tax information; determining target tax control equipment according to the tax number carried in the first request; the target tax control equipment stores a digital certificate of a user; sending a second request to the terminal equipment, wherein the terminal equipment is coupled with the target tax control equipment, and the second request is used for requesting to acquire verification information for verifying the identity of the user; receiving verification information sent by the terminal equipment, and requesting tax information from the service platform according to the verification information; wherein the authentication information is generated based on a digital certificate of the user.

Description

Method and device for calling digital certificate
Technical Field
The invention relates to the field of taxation, in particular to a method and a device for calling a digital certificate.
Background
The entry data in the related platform based on the tax bureau end provides entry invoice service for enterprises, and in order to ensure the security of the entry data, the related platform of the tax bureau end needs to be authenticated first.
At present, digital certificates used for identity authentication are usually stored in a dedicated server device, such as a signature and signature server, that is, a "soft certificate" mode is adopted, the dedicated server device centrally manages the digital certificates, and a corresponding digital certificate needs to be downloaded from the server device during authentication.
Disclosure of Invention
The invention provides a method and a device for calling a digital certificate, which are used for solving the problem that the cost for maintaining server equipment is higher due to the adoption of a 'soft certificate' mode in the prior art.
In a first aspect, an embodiment of the present invention provides a method for invoking a digital certificate, which is applied to a server, and includes:
receiving a first request, wherein the first request is used for requesting tax information from a service platform providing tax service; the first request carries the tax number of the user corresponding to the tax information;
determining target tax control equipment according to the tax number carried in the first request; the target tax control equipment stores the digital certificate of the user;
sending a second request to a terminal device, wherein the terminal device is coupled with the target tax control device, and the second request is used for requesting to acquire verification information for verifying the user identity;
receiving verification information sent by the terminal equipment, and requesting the tax information from the service platform according to the verification information; wherein the authentication information is generated based on a digital certificate of the user.
In an optional implementation, the method further includes:
when the terminal equipment is determined to be coupled with the target tax control equipment, establishing Transmission Control Protocol (TCP) long connection with the terminal equipment;
the sending of the second request to the terminal device includes:
and sending a second request to the terminal equipment through the TCP long connection.
In an optional implementation manner, the server stores device information of at least one tax control device, where the device information includes a tax number of a user corresponding to the tax control device and a device status flag, and the device status flag is an insertion flag or a removal flag;
determining target tax control equipment according to the tax number carried in the first request, wherein the target tax control equipment comprises:
and when the equipment state mark in the equipment information corresponding to the tax carried in the first request is determined to be the insertion mark, determining the tax control equipment indicated by the tax carried in the first request as target tax control equipment.
In an alternative implementation, the server is a proxy server;
the requesting the tax information from the service platform according to the verification information comprises:
sending the verification information to the service platform, and receiving a token sent by the service platform when the user identity is verified to pass according to the verification information;
and sending the token and the first request to a cloud server so as to request the tax information from the service platform through the cloud server.
In a second aspect, an embodiment of the present invention provides a method for invoking a digital certificate, which is applied to a terminal device, and the method includes:
receiving a second request sent by a server in the process that a user requests tax information from a service platform providing tax service; the second request is used for requesting to acquire authentication information for authenticating the user identity;
and sending the verification information to the server, wherein the verification information is generated based on the digital certificate of the user, and the digital certificate of the user is stored in a tax control device coupled with the terminal device.
In an optional implementation, the method further includes: when the terminal equipment is coupled with the target tax control equipment, establishing a Transmission Control Protocol (TCP) long connection with the server;
the sending the verification information to the server includes:
and sending the verification information to the server through the TCP long connection.
In an optional implementation, the method further includes:
saving the equipment information of the tax control equipment coupled with the terminal equipment to the server; the device information comprises a device state mark, and the device state mark is an insertion mark;
and when the fact that the coupling between the tax control equipment and the terminal equipment is disconnected is monitored, the server is informed of updating the equipment information of the tax control equipment, and the equipment state mark in the updated equipment information is a removal mark.
In a third aspect, an embodiment of the present invention provides an apparatus for invoking a digital certificate, which is disposed in a server, and includes:
the system comprises a receiving module, a receiving module and a sending module, wherein the receiving module is used for receiving a first request, and the first request is used for requesting tax information from a service platform providing tax service; the first request carries the tax number of the user corresponding to the tax information;
the determining module is used for determining the target tax control equipment according to the tax number carried in the first request; the target tax control equipment stores the digital certificate of the user;
the request module is used for sending a second request to the terminal equipment, the terminal equipment is coupled with the target tax control equipment, and the second request is used for requesting to acquire verification information for verifying the user identity;
the receiving module is further configured to receive the verification information sent by the terminal device;
the request module is further used for requesting the tax information from the service platform according to the verification information; wherein the authentication information is generated based on a digital certificate of the user.
In an alternative implementation, the apparatus further comprises a connection module;
the determining module is further configured to determine that the terminal device is coupled with the target tax control device;
the connection module is used for establishing a Transmission Control Protocol (TCP) long connection with the terminal equipment when the terminal equipment is coupled with the target tax control equipment;
the request module is specifically configured to send a second request to the terminal device through the TCP long connection.
In an optional implementation manner, the server stores device information of at least one tax control device, where the device information includes a tax number of a user corresponding to the tax control device and a device status flag, and the device status flag is an insertion flag or a removal flag;
the determining module is specifically configured to determine, when the device status flag in the device information corresponding to the tax carried in the first request is an insertion flag, the tax control device indicated by the tax carried in the first request as the target tax control device.
In an alternative implementation, the server is a proxy server;
the request module is specifically configured to:
sending the verification information to the service platform, and receiving a token sent by the service platform when the user identity is verified to pass according to the verification information;
and sending the token and the first request to a cloud server so as to request the tax information from the service platform through the cloud server.
In a fourth aspect, an embodiment of the present invention provides an apparatus for invoking a digital certificate, where the apparatus is disposed in a terminal device, and the apparatus includes:
the receiving module is used for receiving a second request sent by the server in the process that the user requests tax information from a service platform providing tax service; the second request is used for requesting to acquire authentication information for authenticating the user identity;
and the sending module is used for sending the verification information to the server, the verification information is generated based on the digital certificate of the user, and the digital certificate of the user is stored in the tax control equipment coupled with the terminal equipment.
In an alternative implementation, the apparatus further comprises a connection module;
the connection module is used for establishing a long Transmission Control Protocol (TCP) connection with the server when the terminal equipment is coupled with the target tax control equipment;
the sending module is specifically configured to send the verification information to the server through the TCP long connection.
In an alternative implementation, the apparatus further comprises a monitoring module;
the sending module is further configured to store device information of the tax control device coupled to the terminal device to the server; the device information comprises a device state mark, and the device state mark is an insertion mark;
the monitoring module is also used for monitoring the disconnection of the coupling between the tax control equipment and the terminal equipment;
the sending module is further configured to notify the server to update the device information of the tax control device when the coupling between the tax control device and the terminal device is disconnected, and a device state flag in the updated device information is a removal flag.
In a fifth aspect, an embodiment of the present invention provides an electronic device, including:
a memory and a processor;
a memory for storing program instructions;
a processor, configured to call the program instructions stored in the memory, and execute the method according to any implementation manner of the first aspect or the method according to any implementation manner of the second aspect according to an obtained program.
In a sixth aspect, the present invention provides a computer-readable storage medium, which stores computer instructions that, when executed on a computer, cause the computer to perform any implementation manner of the first aspect or any implementation manner of the second aspect.
In the embodiment of the invention, according to the tax number of the user carried in the first request, the tax control equipment storing the digital certificate of the user and the terminal equipment to which the tax control equipment is currently coupled are determined, and the verification information generated based on the digital certificate is sent to the terminal equipment to be used for identity verification on the service platform. When the user to be subjected to identity authentication is determined, the terminal equipment where the tax control equipment is located is requested to acquire the authentication information generated based on the digital certificate, so that the method is suitable for the condition that the number of enterprise users is large, the digital certificates corresponding to all enterprise users do not need to be stored and managed by special server equipment, and the maintenance workload and the hardware cost for maintaining the server equipment can be reduced.
Drawings
Fig. 1 is a schematic structural diagram of a digital certificate invoking system according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a method for invoking a digital certificate according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating another method for invoking a digital certificate according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an interaction flow according to an embodiment of the present invention;
fig. 5 is a block diagram illustrating a structure of a digital certificate invoking device according to an embodiment of the present invention;
fig. 6 is a block diagram of another digital certificate invoking device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The plurality of the present invention means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. In addition, it should be understood that although the terms first, second, etc. may be used to describe various data in embodiments of the present invention, these data should not be limited by these terms. These terms are only used to distinguish the data from each other.
An entry invoice cloud Service access platform (or entry channel cloud) serves as a public entry SaaS (Software-as-a-Service) access Service, is connected with a Service platform (hereinafter referred to as a Service platform) of a tax office side for providing tax Service, provides entry invoice Service for enterprises based on entry data in a relevant platform of the tax office side, for example, provides cloud interface Service of 'entry data downloading, checking, authentication and checking' for large enterprises, provides cloud interface Service of 'entry data downloading, checking' for medium and small enterprises, and the like. In order to ensure the security of the entry data, the identity authentication is required to be carried out when the relevant platform of the tax bureau end is operated.
At present, a digital Certificate (CA) of an enterprise user is filled in a dedicated server device, such as a signature verification server, and the dedicated server device centrally manages the digital Certificate, that is, a soft Certificate is adopted, and when an entry channel cloud docking service platform interacts, a corresponding digital Certificate is downloaded from the server device to generate verification information for the service platform to perform identity verification. The method needs to maintain the server equipment, has large maintenance workload, is not suitable for use in the magnitude of millions of users, and has high hardware cost.
Based on this, embodiments of the present invention provide a method and an apparatus for invoking a digital certificate, so as to solve a problem in the prior art that a "soft certificate" manner is adopted, which results in a high cost for maintaining a server device. The method, the device and the system are based on the same inventive concept, and because the principles of solving the problems of the method, the device and the system are similar, the implementation of the method, the device and the system can be mutually referred, and repeated parts are not repeated.
For ease of understanding, the embodiment of the present invention first describes a digital certificate invoking system.
Referring to fig. 1, an embodiment of the present invention provides a system 100 for invoking a digital certificate, including a server 101 and one or more terminal devices, where fig. 1 illustrates a terminal device 102.
The server 101 is configured to request the terminal device 102 coupled with the fiscal device 103 to obtain authentication information generated based on the digital certificate in the fiscal device 103, so as to complete the aforementioned process of performing identity authentication when the service platform 104 operates.
The verification information comprises an encrypted character string which changes according to a preset period and corresponds to the digital certificate, certain timeliness is achieved, the obtained verification information can be used for verifying the identity of the user only in the valid period, and the risk of responding to business caused by the fact that the verification information is valid all the time is avoided. During specific implementation, the verification information can be generated and updated by the tax control equipment at regular time based on the digital certificate in the tax control equipment, and can be read and called by the terminal equipment coupled with the tax control equipment.
And the terminal device 102 is configured to, in response to a request of the server 101, obtain, by a tax control device coupled to the terminal device, verification information generated based on the digital certificate, and send the verification information to the server 101.
The terminal device 102 and the fiscal device may be coupled through a bluetooth, a wireless interface, or an external device interface, for example, when the fiscal device is a USB device, the terminal device may be inserted based on the USB interface on the terminal device to implement coupling between the terminal device and the target fiscal device, and specifically, the fiscal device may be a digital certificate for storing an identity of a user corresponding to the user, such as a gold tax disk, a gold tax disk-M, a fiscal disk, a haitai KEY, a wending innovation usbkey, and a handshake usbkey.
In the embodiment of the present invention, the server 101 determines the authentication information requested to be obtained from the terminal device 102 coupled with the fiscal device 103, so as to perform identity authentication on the service platform 104. Digital certificates corresponding to all enterprise users do not need to be stored and managed by special server equipment, maintenance workload and hardware cost for maintaining the server equipment can be reduced, and the method is suitable for the condition that the number of the enterprise users is large. In addition, in order to facilitate understanding of the interaction between the aforementioned devices, a tax control device 103 and a service platform 104 are also illustrated in fig. 1.
In an optional implementation manner, the server may be a cloud server that indicates the entry path cloud, and completes authentication on the service platform based on the acquired authentication information to obtain a token (token) fed back by the service platform, so as to interface with the service platform to provide an entry invoice service for the user; in another alternative, the server may be a proxy server of the aforementioned entry path cloud, and may be referred to as a path proxy. The channel agent completes identity verification on the service platform based on the obtained verification information to obtain a token (token) fed back by the service platform, and sends the token to the entry channel cloud to complete the butt joint between the entry channel cloud and the service platform. And then in subsequent service interaction, the channel agent is used as an intermediate interface for interaction between the entry channel cloud and the user, that is, for example, the channel agent receives a service request initiated by the user, sends the service request to the entry channel cloud, and the entry channel cloud performs corresponding service interaction with the service platform based on the service request, then returns an execution result to the channel agent, and returns the execution result to the user through the channel agent.
In an optional implementation manner, the server and the one or more terminal devices communicate with each other based on a long connection of a Transmission Control Protocol (TCP). In this embodiment, specifically, when the terminal device determines that the tax control device is coupled to the terminal device, the server initiates a TCP long connection request to the server, and the server receives the TCP long connection request, thereby establishing a secure and stable communication connection mechanism, that is, a TCP long connection between the server and the terminal device. Based on the keep-alive function of the TCP long connection, the connection cannot be actively closed after being established, and the interaction between the two parties in the protection timing can continuously use the connection; in specific implementation, the server may also send a probe segment to the terminal device within a preset time period, for example, under the condition that there is no data interaction between the terminal device and the server for two hours, so as to detect the state of the terminal device to determine whether the TCP long connection is closed.
In an alternative embodiment, an executable program exe (hereinafter, simply referred to as a management program) for managing the fiscal device may be installed on the terminal device, and the management program is responsible for monitoring a request sent by the server to acquire authentication information generated based on a digital certificate in the fiscal device, and saving device information of the fiscal device to the server and notifying the server to update the device information of the fiscal device it holds. The embodiment of the invention installs the management program, does not adopt a mode of calling a dll plug-in by the browser to acquire the verification information, and can avoid the occurrence of error acquisition operation caused by the incompatibility of the dll plug-in by the browser.
In specific implementation, before data such as device information is transmitted between the management program and the server, identity authentication is performed by using a client certificate and a channel proxy server certificate, and the specific implementation can be realized by calling a digital certificate interface. And after the identity authentication is finished, a safety channel between the management program and the server is established, and the management program transmits data such as equipment information to the server through the safety channel in an xml mode.
Specifically, taking the example that the tax control device is coupled with the terminal device by inserting the USB interface of the terminal device, the management program can automatically detect whether the tax control device is inserted into the terminal device during operation. When the tax control equipment is detected to be inserted, the equipment information of the tax control equipment is obtained, and the equipment information (equipment number, tax number, whether a network is connected or not and the equipment insertion state) and related network information (mode setting, protocol type, whether a remote access password is set, whether a tax control equipment password is set, a channel agency IP (Internet protocol), a channel agency port, a remote equipment IP and a remote equipment port) are displayed on a management program interface. Sending equipment information (equipment number, tax number, protocol type, equipment insertion mark and network password) of the tax control equipment inserted into the terminal equipment to a server for storage through a secure channel; when it is detected that the tax control equipment on the terminal equipment is removed, sending the equipment number, the tax number and the equipment removal mark of the tax control equipment to the server through the secure channel, so that the server updates the equipment information of the tax control equipment stored by the server, namely, the state mark in the equipment information is changed into a removal mark; when it is detected that the tax control equipment is inserted into the terminal equipment but the network connection state is disconnected, retrying to connect the network, sending equipment information (equipment number, tax number, protocol type, equipment insertion mark and network password) of the tax control equipment to the server when the connection is successful, and outputting error information for prompting network connection failure if the connection is failed repeatedly.
During specific implementation, the version number of the management program can be configured in the server, and the version number can be uploaded to the server regularly during the operation of the management program, so that the server can perform version verification and update the management program in time. When the server determines that the version number of the current configuration is smaller than or equal to the version number uploaded by the management program, no operation is performed; and when the version number of the current configuration is determined to be larger than the version number uploaded by the management program, returning the download address of the upgraded management program to the management program so that the installation download address of the management program obtains an installation upgrade package, and starting the upgrade program to upgrade the version of the management program when the download is successful.
Further, referring to fig. 2, an embodiment of the present invention provides a method for invoking a digital certificate, which is applied to the aforementioned server 101, and includes:
step S201, receiving a first request, wherein the first request is used for requesting tax information to a service platform providing tax service; the first request carries the tax number of the user corresponding to the tax information.
The tax number is a taxpayer identification number and is used for indicating an enterprise taxpayer, namely the user. In particular implementations, the first request may be a request triggered by a user through a browser application associated with the server.
Step S202, determining target tax control equipment according to the tax number carried in the first request; the target tax control device stores the digital certificate of the user.
Step S203, a second request is sent to the terminal device, the terminal device is coupled with the target tax control device, and the second request is used for requesting to obtain verification information for verifying the identity of the user.
Step S204, receiving verification information sent by the terminal equipment, and requesting tax information from the service platform according to the verification information; wherein the authentication information is generated based on a digital certificate of the user.
In the embodiment of the invention, according to the tax number of the user carried in the first request, the tax control equipment storing the digital certificate of the user and the terminal equipment to which the tax control equipment is currently coupled are determined, and the verification information generated based on the digital certificate is sent to the terminal equipment to be used for identity verification on the service platform. When the user to be subjected to identity authentication is determined, the terminal equipment where the tax control equipment is located is requested to acquire the authentication information generated based on the digital certificate, so that the method is suitable for the condition that the number of enterprise users is large, the digital certificates corresponding to all enterprise users do not need to be stored and managed by special server equipment, and the maintenance workload and the hardware cost for maintaining the server equipment can be reduced.
In an alternative embodiment, the method further comprises: when the terminal equipment is determined to be coupled with the target tax control equipment, establishing long TCP connection with the terminal equipment; based on this, sending the second request to the terminal device may be implemented with reference to the following: and sending a second request to the terminal equipment through the long connection of the TCP.
In an optional implementation manner, the server stores device information of at least one tax control device, the device information includes a tax number of a user corresponding to the tax control device and a device status flag, and the device status flag is an insertion flag or a removal flag;
according to the tax number carried in the first request, the target tax control equipment is determined, which comprises:
and when the equipment state mark in the equipment information corresponding to the tax carried in the first request is determined to be the insertion mark, determining the tax control equipment indicated by the tax carried in the first request as the target tax control equipment.
In an alternative embodiment, the server is a proxy server, and the server is associated with a cloud server interacting with the service platform.
The aforementioned request of the tax information to the service platform according to the verification information may be implemented by referring to the following manner:
(1) sending the verification information to a service platform, and receiving a token sent by the service platform when the service platform verifies that the user identity passes according to the verification information;
(2) sending the token and the first request to the cloud server to request the tax information from the service platform through the cloud server.
During specific implementation, the proxy server and the terminal equipment can be uniformly arranged in an enterprise intranet, the proxy server is communicated with the terminal equipment, and then the proxy server interacts with the service platform to complete authentication and obtain a token and then sends the token to the cloud server, so that abnormal risks possibly existing after the terminal equipment directly interacts with the cloud server across multiple networks can be avoided.
Further, referring to fig. 3, an embodiment of the present invention further provides another digital certificate invoking method, which is applied to the terminal device 102, and the method includes:
step S301, in the process that a user requests tax information from a service platform providing tax service, receiving a second request sent by a server; the second request is for requesting to acquire authentication information for authenticating the user identity.
Step S302, sending verification information to a server, wherein the verification information is generated based on a digital certificate of a user, and the digital certificate of the user is stored in a tax control device coupled with the terminal device.
In specific implementation, corresponding encryption algorithms can be configured on both sides of the terminal equipment and the server to ensure the safety of data transmission; after the terminal equipment acquires the verification information, the verification information can be encrypted and sent to the server based on the configured encryption algorithm; and the server decrypts the received encrypted verification information to further acquire the verification information. In particular implementations, the aforementioned encryption algorithm may be a symmetric encryption algorithm, such as the SM4 algorithm.
In the embodiment of the invention, when the terminal equipment receives a second request for acquiring the verification information for verifying the identity of the user, which is sent by the server, in the process that the user requests the tax information from the service platform for providing the tax service, the terminal equipment sends the verification information generated based on the digital certificate in the tax control equipment coupled with the terminal equipment to the server. By coupling the tax control equipment in which the digital certificate of the user is stored to the terminal equipment, the server only needs to initiate a request to the corresponding terminal equipment to call when needing verification information generated based on the digital certificate, and does not need to specially set the server equipment to store and manage the digital certificates corresponding to all enterprise users, so that the maintenance workload and the hardware cost for maintaining the server equipment can be reduced, and the tax control equipment is suitable for the condition that the number of enterprise users is large.
In an optional embodiment, the method further comprises: when the terminal equipment is coupled with the target tax control equipment, long TCP connection with a server is established; based on this, in an optional implementation, the verifying the information to the server includes: sending verification information to a server through TCP long connection; in another alternative embodiment, verifying information to a server includes: encrypting the verification information; and sending the encrypted verification information to the server through the long connection of the TCP.
In an optional embodiment, the method further comprises:
(1) storing the equipment information of the tax control equipment coupled with the terminal equipment to a server; the device information comprises a device state mark, and the device state mark is an insertion mark;
(2) when the fact that the coupling between the tax control equipment and the terminal equipment is disconnected is monitored, the server is informed of updating the equipment information of the tax control equipment, and the equipment state mark in the updated equipment information is a removal mark.
For convenience of understanding, referring to fig. 4, an interaction flow diagram is further provided in the embodiment of the present invention, and specifically illustrates an interaction process among the terminal device, the proxy server, the cloud server, and the service platform in the foregoing method embodiment. The concrete steps are as follows:
step S401, the terminal device uploads the device information of the tax control device coupled with the terminal device to a proxy server for storage, wherein the device information includes the tax number of the user of the tax control device.
Step S402, the proxy server receives a first request triggered by the user through the associated browser application, wherein the first request carries the tax number of the user.
And step S403, the proxy server determines the target tax control equipment according to the equipment information corresponding to the tax number.
Step S404, the proxy server sends a second request to the terminal device coupled with the target tax control device to request the terminal device to send verification information for verifying the user identity. In this embodiment, the terminal device and the target tax control device in step S101 are illustrated as being coupled by way of example, but not limited to those illustrated in fig. 4.
In step S405, the terminal device sends the verification information generated based on the digital certificate in the tax control device coupled to the terminal device to the proxy server.
Step S406, the proxy server performs a user identity verification process on the service platform based on the acquired verification information, and realizes login on the service platform after the verification is passed.
In step S407, after the user identity authentication passes, the service platform sends a token (token) to the proxy server.
In step S408, the proxy server sends the received first request and the token to the cloud server.
Step S409, the cloud server performs business interaction with the service platform based on the first request and the token.
Step S410, the cloud service sends a processing result corresponding to the first request obtained by interacting with the service platform to the proxy server, so that the proxy server returns the processing result to the user through the associated browser application.
Based on the same inventive concept as the aforementioned digital certificate invoking method embodiment, referring to fig. 5, an embodiment of the present invention provides an apparatus 500 for invoking a digital certificate, where the apparatus 500 is disposed in a server, and includes:
a receiving module 501, configured to receive a first request, where the first request is used to request tax information from a service platform providing tax services; the first request carries the tax number of the user corresponding to the tax information;
a determining module 502, configured to determine a target tax control device according to the tax number carried in the first request; the target tax control equipment stores a digital certificate of a user;
a request module 503, configured to send a second request to a terminal device, where the terminal device is coupled to the target tax control device, and the second request is used to request to obtain verification information for verifying the user identity;
the receiving module 501 is further configured to receive verification information sent by the terminal device;
the request module 503 is further configured to request tax information from the service platform according to the verification information; wherein the authentication information is generated based on a digital certificate of the user.
In the embodiment of the invention, when the terminal equipment receives a second request for acquiring the verification information for verifying the identity of the user, which is sent by the server, in the process that the user requests the tax information from the service platform for providing the tax service, the terminal equipment sends the verification information generated based on the digital certificate in the tax control equipment coupled with the terminal equipment to the server. By coupling the tax control equipment in which the digital certificate of the user is stored to the terminal equipment, the server only needs to initiate a request to the corresponding terminal equipment to call when needing verification information generated based on the digital certificate, and does not need to specially set the server equipment to store and manage the digital certificates corresponding to all enterprise users, so that the maintenance workload and the hardware cost for maintaining the server equipment can be reduced, and the tax control equipment is suitable for the condition that the number of enterprise users is large.
In an alternative embodiment, the apparatus 500 further comprises a connection module 504;
the determining module 502 is further configured to determine that the terminal device is coupled with the target tax control device;
a connection module 504, configured to establish a long TCP connection with a terminal device when the terminal device is coupled with a target tax control device;
the request module 503 is specifically configured to send the second request to the terminal device through the TCP long connection.
In an optional implementation manner, the server stores device information of at least one tax control device, the device information includes a tax number of a user corresponding to the tax control device and a device status flag, and the device status flag is an insertion flag or a removal flag;
the determining module 502 is specifically configured to determine that the tax control device indicated by the tax number carried in the first request is the target tax control device when the device state flag in the device information corresponding to the tax number carried in the first request is the insertion flag.
In an alternative embodiment, the server is a proxy server;
the request module 503 is specifically configured to:
sending the verification information to a service platform, and receiving a token sent by the service platform when the service platform verifies that the user identity passes according to the verification information;
and sending the token and the first request to a cloud server so as to request the tax information from the service platform through the cloud server.
Based on the same inventive concept as the aforementioned another digital certificate invoking method, referring to fig. 6, an embodiment of the present invention provides another digital certificate invoking apparatus 600, where the apparatus 600 is disposed in a terminal device, and includes:
a receiving module 601, configured to receive a second request sent by a server in a process that a user requests tax information from a service platform providing tax services; the second request is used for requesting to acquire authentication information for authenticating the identity of the user;
a sending module 602, configured to send, to the server, verification information that is generated based on a digital certificate of the user, where the digital certificate of the user is stored in a tax control device coupled to the terminal device.
In the embodiment of the invention, the corresponding user is determined according to the tax information indicated by the first request, the tax control equipment of the user and the terminal equipment to which the tax control equipment is currently coupled are determined, and an acquisition request is sent to the terminal equipment to acquire the digital certificate in the tax control equipment for identity authentication on a service platform. When the user to be subjected to identity authentication is determined, the terminal equipment where the tax control equipment is located is requested to acquire the digital certificate, so that the method is suitable for the condition that the number of enterprise users is large, the digital certificates corresponding to all enterprise users do not need to be stored and managed by special server equipment, and the maintenance workload and the hardware cost for maintaining the server equipment can be reduced.
In an alternative embodiment, the apparatus 600 further comprises a connection module 603;
the connection module 603 is configured to establish a long TCP connection with the server when the terminal device is coupled with the target fiscal device;
the sending module 602 is specifically configured to send the verification information to the server through a long TCP connection.
In an alternative embodiment, the apparatus 600 further comprises a monitoring module 604;
the sending module 602 is further configured to store the device information of the tax control device coupled to the terminal device to the server; the device information comprises a device state mark, and the device state mark is an insertion mark;
the monitoring module 604 is configured to monitor disconnection of a coupling between the fiscal device and the terminal device;
the sending module 602 is further configured to notify the server to update the device information of the tax control device when the coupling between the tax control device and the terminal device is disconnected, where a device state flag in the updated device information is a removal flag.
Corresponding to the above method, an embodiment of the present invention further provides an electronic device, as shown in fig. 7, including:
a communication interface 701, a memory 702, and a processor 703;
wherein, the processor 703 communicates with other devices through the communication interface 701; a memory 702 for storing program instructions; the processor 703 is configured to call the program instructions stored in the memory 702, and execute the method executed by the server or the method executed by the terminal device in the foregoing embodiments according to the obtained program.
In this embodiment, the specific connection medium among the communication interface 701, the memory 702, and the processor 703 is not limited, for example, a bus, and the bus may be divided into an address bus, a data bus, a control bus, and the like.
In the embodiments of the present application, the processor may be a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component, and may implement or execute the methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor.
In the embodiment of the present application, the memory may be a nonvolatile memory, such as a Hard Disk Drive (HDD) or a solid-state drive (SSD), and may also be a volatile memory, for example, a random-access memory (RAM). The memory can also be, but is not limited to, any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory in the embodiments of the present application may also be circuitry or any other device capable of performing a storage function for storing program instructions and/or data.
Further, an embodiment of the present invention also provides a computer-readable storage medium, which stores computer instructions, and when the computer instructions are executed on a computer, the computer is caused to execute the above method.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (16)

1. A method for calling a digital certificate is applied to a server and comprises the following steps:
receiving a first request, wherein the first request is used for requesting tax information from a service platform providing tax service; the first request carries the tax number of the user corresponding to the tax information;
determining target tax control equipment according to the tax number carried in the first request; the target tax control equipment stores the digital certificate of the user;
sending a second request to a terminal device, wherein the terminal device is coupled with the target tax control device, and the second request is used for requesting to acquire verification information for verifying the user identity;
receiving verification information sent by the terminal equipment, and requesting the tax information from the service platform according to the verification information; wherein the authentication information is generated based on a digital certificate of the user.
2. The method of claim 1, wherein the method further comprises:
when the terminal equipment is determined to be coupled with the target tax control equipment, establishing Transmission Control Protocol (TCP) long connection with the terminal equipment;
the sending of the second request to the terminal device includes:
and sending a second request to the terminal equipment through the TCP long connection.
3. The method of claim 2, wherein the server stores device information of at least one tax control device, the device information includes a tax number of a user corresponding to the tax control device, a device status flag, and the device status flag is an insertion flag or a removal flag;
determining target tax control equipment according to the tax number carried in the first request, wherein the target tax control equipment comprises:
and when the equipment state mark in the equipment information corresponding to the tax carried in the first request is determined to be the insertion mark, determining the tax control equipment indicated by the tax carried in the first request as target tax control equipment.
4. The method of any of claims 1-3, wherein the server is a proxy server;
the requesting the tax information from the service platform according to the verification information comprises:
sending the verification information to the service platform, and receiving a token sent by the service platform when the user identity is verified to pass according to the verification information;
and sending the token and the first request to a cloud server so as to request the tax information from the service platform through the cloud server.
5. A method for calling a digital certificate is applied to a terminal device, and comprises the following steps:
receiving a second request sent by a server in the process that a user requests tax information from a service platform providing tax service; the second request is used for requesting to acquire authentication information for authenticating the user identity;
and sending the verification information to the server, wherein the verification information is generated based on the digital certificate of the user, and the digital certificate of the user is stored in a tax control device coupled with the terminal device.
6. The method of claim 5, wherein the method further comprises: when the terminal equipment is coupled with the target tax control equipment, establishing a Transmission Control Protocol (TCP) long connection with the server;
the sending the verification information to the server includes:
and sending the verification information to the server through the TCP long connection.
7. The method of claim 5, wherein the method further comprises:
saving the equipment information of the tax control equipment coupled with the terminal equipment to the server; the device information comprises a device state mark, and the device state mark is an insertion mark;
and when the fact that the coupling between the tax control equipment and the terminal equipment is disconnected is monitored, the server is informed of updating the equipment information of the tax control equipment, and the equipment state mark in the updated equipment information is a removal mark.
8. An apparatus for invoking a digital certificate, provided in a server, comprising:
the system comprises a receiving module, a receiving module and a sending module, wherein the receiving module is used for receiving a first request, and the first request is used for requesting tax information from a service platform providing tax service; the first request carries the tax number of the user corresponding to the tax information;
the determining module is used for determining the target tax control equipment according to the tax number carried in the first request; the target tax control equipment stores the digital certificate of the user;
the request module is used for sending a second request to the terminal equipment, the terminal equipment is coupled with the target tax control equipment, and the second request is used for requesting to acquire verification information for verifying the user identity;
the receiving module is further configured to receive the verification information sent by the terminal device;
the request module is further used for requesting the tax information from the service platform according to the verification information; wherein the authentication information is generated based on a digital certificate of the user.
9. The apparatus of claim 8, wherein the apparatus further comprises a connection module;
the determining module is further configured to determine that the terminal device is coupled with the target tax control device;
the connection module is used for establishing a Transmission Control Protocol (TCP) long connection with the terminal equipment when the terminal equipment is coupled with the target tax control equipment;
the request module is specifically configured to send a second request to the terminal device through the TCP long connection.
10. The apparatus of claim 9, wherein the server stores therein device information of at least one tax control device, the device information includes a tax number of a user corresponding to the tax control device, a device status flag, and the device status flag is an insertion flag or a removal flag;
the determining module is specifically configured to determine, when the device status flag in the device information corresponding to the tax carried in the first request is an insertion flag, the tax control device indicated by the tax carried in the first request as the target tax control device.
11. The apparatus of any of claims 8-10, wherein the server is a proxy server;
the request module is specifically configured to:
sending the verification information to the service platform, and receiving a token sent by the service platform when the user identity is verified to pass according to the verification information;
and sending the token and the first request to a cloud server so as to request the tax information from the service platform through the cloud server.
12. An apparatus for invoking a digital certificate, configured to be installed in a terminal device, the apparatus comprising:
the receiving module is used for receiving a second request sent by the server in the process that the user requests tax information from a service platform providing tax service; the second request is used for requesting to acquire authentication information for authenticating the user identity;
and the sending module is used for sending the verification information to the server, the verification information is generated based on the digital certificate of the user, and the digital certificate of the user is stored in the tax control equipment coupled with the terminal equipment.
13. The apparatus of claim 12, wherein the apparatus further comprises a connection module;
the connection module is used for establishing a long Transmission Control Protocol (TCP) connection with the server when the terminal equipment is coupled with the target tax control equipment;
the sending module is specifically configured to send the verification information to the server through the TCP long connection.
14. The apparatus of claim 12, further comprising a monitoring module;
the sending module is further configured to store device information of the tax control device coupled to the terminal device to the server; the device information comprises a device state mark, and the device state mark is an insertion mark;
the monitoring module is also used for monitoring the disconnection of the coupling between the tax control equipment and the terminal equipment;
the sending module is further configured to notify the server to update the device information of the tax control device when the coupling between the tax control device and the terminal device is disconnected, and a device state flag in the updated device information is a removal flag.
15. An electronic device, comprising:
a memory and a processor;
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing the method of any one of claims 1 to 4 or the method of any one of claims 5 to 7 according to the obtained program.
16. A computer readable storage medium having stored thereon computer instructions which, when run on a computer, cause the computer to perform the method of any of claims 1-4 or the method of any of claims 5-7.
CN201911366459.2A 2019-12-26 2019-12-26 Method and device for calling digital certificate Pending CN113051539A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911366459.2A CN113051539A (en) 2019-12-26 2019-12-26 Method and device for calling digital certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911366459.2A CN113051539A (en) 2019-12-26 2019-12-26 Method and device for calling digital certificate

Publications (1)

Publication Number Publication Date
CN113051539A true CN113051539A (en) 2021-06-29

Family

ID=76505366

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911366459.2A Pending CN113051539A (en) 2019-12-26 2019-12-26 Method and device for calling digital certificate

Country Status (1)

Country Link
CN (1) CN113051539A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113259493A (en) * 2021-07-07 2021-08-13 深圳高灯计算机科技有限公司 Ukey information acquisition method, device, equipment and storage medium based on Ukey cabinet
CN113781194A (en) * 2021-09-06 2021-12-10 青岛微智慧信息有限公司 Access supervision method and system suitable for flexible employment
CN115037539A (en) * 2022-06-07 2022-09-09 深圳微众信用科技股份有限公司 Invoice inquiry method, device, equipment and storage medium based on tax control equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102479412A (en) * 2010-11-26 2012-05-30 航天信息股份有限公司 Processing method and system of network invoicing data as well as tax control device and handling server
CN106201525A (en) * 2016-07-15 2016-12-07 浪潮软件集团有限公司 Tax control equipment embedded software design method
CN106504044A (en) * 2016-11-09 2017-03-15 百望金赋科技有限公司 A kind of billing method and system
CN108198064A (en) * 2018-01-25 2018-06-22 深圳微众税银信息服务有限公司 A kind of tax silver interactive service method for supporting and system
CN108243220A (en) * 2016-12-26 2018-07-03 航天信息股份有限公司 A kind of invoice issuing method and system of the support polymorphic type invoice terminal based on tax control server
CN109784030A (en) * 2018-11-30 2019-05-21 畅捷通信息技术股份有限公司 A kind of method and system of CA certificate management

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102479412A (en) * 2010-11-26 2012-05-30 航天信息股份有限公司 Processing method and system of network invoicing data as well as tax control device and handling server
CN106201525A (en) * 2016-07-15 2016-12-07 浪潮软件集团有限公司 Tax control equipment embedded software design method
CN106504044A (en) * 2016-11-09 2017-03-15 百望金赋科技有限公司 A kind of billing method and system
CN108243220A (en) * 2016-12-26 2018-07-03 航天信息股份有限公司 A kind of invoice issuing method and system of the support polymorphic type invoice terminal based on tax control server
CN108198064A (en) * 2018-01-25 2018-06-22 深圳微众税银信息服务有限公司 A kind of tax silver interactive service method for supporting and system
CN109784030A (en) * 2018-11-30 2019-05-21 畅捷通信息技术股份有限公司 A kind of method and system of CA certificate management

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王飞龙;尹青;郭玉东;庄宽;: "基于USB Key的身份认证系统设计与实现", 信息工程大学学报, no. 01 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113259493A (en) * 2021-07-07 2021-08-13 深圳高灯计算机科技有限公司 Ukey information acquisition method, device, equipment and storage medium based on Ukey cabinet
CN113259493B (en) * 2021-07-07 2021-10-15 深圳高灯计算机科技有限公司 Ukey information acquisition method, device, equipment and storage medium based on Ukey cabinet
CN113781194A (en) * 2021-09-06 2021-12-10 青岛微智慧信息有限公司 Access supervision method and system suitable for flexible employment
CN115037539A (en) * 2022-06-07 2022-09-09 深圳微众信用科技股份有限公司 Invoice inquiry method, device, equipment and storage medium based on tax control equipment

Similar Documents

Publication Publication Date Title
US20180302385A1 (en) Secure software updates
CN113051539A (en) Method and device for calling digital certificate
WO2011153751A1 (en) Software upgrading method and apparatus
CN108092775B (en) Calibration method and device, and electronic device
CN110365684B (en) Access control method and device for application cluster and electronic equipment
CN110069909B (en) Method and device for login of third-party system without secret
CN102984046B (en) A kind of processing method of instant messaging business and the corresponding network equipment
CN108289074B (en) User account login method and device
CN105516135A (en) Method and device used for account login
CN111405016B (en) User information acquisition method and related equipment
US11792020B2 (en) Systems and methods for secure certificate management
CN111143788B (en) License processing method, electronic device, and storage medium
CN112653685A (en) Method for assisting entry channel cloud interaction by client and electronic equipment
CN113228555B (en) Method, system and apparatus for unified security configuration management
US11016746B2 (en) Method and apparatus for remotely updating satellite devices
EP3171543B1 (en) Local information acquisition method, apparatus and system
CN111666590A (en) Distributed file secure transmission method, device and system
CN111182527A (en) OTA firmware upgrading method, device, terminal equipment and storage medium thereof
KR102288444B1 (en) Firmware updating method, apparatus and program of authentication module
US11509487B2 (en) System for rollout of certificates to client and server independent of public key infrastructure
CN105404795B (en) Software installation authority control method and device based on cloud computing
WO2016065919A1 (en) Method for transmitting configuration information, mobile terminal and device management server as well as storage medium
CN114257471B (en) Authentication method, network device and storage medium
US20230283593A1 (en) Systems and methods for providing access to applications and services running on a private network
EP4301022A1 (en) A method for downloading a profile from a sm-dp+ to a a secure element and corresponding sm-dp+

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination