CN116015668A

CN116015668A - Calling method and device of electronic license, card-end equipment and storage medium

Info

Publication number: CN116015668A
Application number: CN202211547526.2A
Authority: CN
Inventors: 李树山; 邹学锋; 陈胜凯; 李文辉; 谭仪飞; 吕卡夫; 徐旭晴; 詹安权
Original assignee: Digital Guangdong Network Construction Co Ltd
Current assignee: Digital Guangdong Network Construction Co Ltd
Priority date: 2022-12-05
Filing date: 2022-12-05
Publication date: 2023-04-25

Abstract

The embodiment of the application provides a calling method, a device, a certificate-using device and a storage medium of an electronic certificate, wherein a certificate-using system initiates a service handling request, and according to the service handling request, a digital signature platform is called to sign the signed authorization protocol when detecting that a certificate-holding user confirms the signature of the authorization protocol, so as to obtain an authorization filing file; the authorization platform is called to generate an authorization token according to the authorization archive file, and the authorization token is used by the license server equipment when the license server equipment needs to call the electronic license of the licensed user from the license server equipment, so that the condition that the license server equipment (the license system) illegally calls the electronic license of the licensed user is avoided, the information safety of the user is improved, and the privacy and the right of the user are ensured.

Description

Calling method and device of electronic license, card-end equipment and storage medium

Technical Field

The embodiment of the application relates to the technical field of data processing, in particular to a method and a device for calling an electronic license, a card-using end device and a storage medium.

Background

With the advent of the big data age, related units in different regions and fields also begin to process daily transactions through a government service handling system (abbreviated as government service system), and the government service system often needs to use an electronic license of a user when handling services for the user.

In order to facilitate users and improve the working efficiency of the government affair system, in the prior art, the electronic license of the users is kept through the electronic license management platform, when the government affair system needs to use the electronic license of the users, the electronic license management platform is directly called according to the identity information of the users, and the users do not need to submit the electronic license each time.

However, since in the prior art, invoking the electronic license of the user by the government system is often performed without the user's knowledge, there is a risk that the electronic license of the user is privately invoked.

Disclosure of Invention

The embodiment of the application provides a calling method and device of an electronic license, a card-using end device and a storage medium, which ensure the awareness of a user and avoid the risk that the electronic license is called privately.

In a first aspect, an embodiment of the present application provides a method for calling an electronic license, which is applied to a device at a certificate end, including:

Acquiring a service handling request initiated by a certificate taking system, wherein the service handling request comprises first user information of a certificate-holding user and first event information of target service items requested to be handled by the certificate-holding user;

according to the service handling request, an authorization platform is called to generate an authorization protocol and the authorization protocol is displayed, wherein the authorization protocol comprises the first user information, the first event information, first license information of electronic licenses required to be used for handling the first event and license use parameters;

when detecting that the licensed user performs signature confirmation operation on the authorized protocol, invoking a digital signature platform to sign the signed authorized protocol to obtain an authorized filing file;

and calling the authorization platform to generate an authorization token according to the authorization archive file, wherein the authorization token is used when the license server-side equipment is required to call the electronic license of the license-holding user from the license server-side equipment, and the license server-side equipment is used when checking the license validity of the license-using end equipment.

In a second aspect, an embodiment of the present application provides a calling device of an electronic license, which is integrated in a device at a certificate end, and includes:

The acquisition module is used for acquiring a service handling request initiated by the evidence taking system, wherein the service handling request comprises first user information of the evidence-holding user and first event information of target service items requested to be handled by the evidence-holding user;

the processing module is used for calling an authorization platform to generate an authorization protocol according to the service handling request and displaying the authorization protocol, wherein the authorization protocol comprises the first user information, the first event information, first license information of electronic licenses required to be used for handling the first event and license use parameters; when detecting that the licensed user performs signature confirmation operation on the authorized protocol, invoking a digital signature platform to sign the signed authorized protocol to obtain an authorized filing file; and calling the authorization platform to generate an authorization token according to the authorization archive file, wherein the authorization token is used when the license server-side equipment is required to call the electronic license of the license-holding user from the license server-side equipment, and the license server-side equipment is used when checking the license validity of the license-using end equipment.

In a third aspect, an embodiment of the present application provides a certificate end device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the method for calling an electronic certificate according to the first aspect when executing the program.

In a fourth aspect, embodiments of the present application provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method for invoking an electronic license as described in the first aspect above.

According to the method, the device, the certificate end equipment and the storage medium for calling the electronic certificate, a service handling request initiated by a certificate taking system is obtained, and the service handling request comprises first user information of a certificate-holding user and first event information of target service items requested to be handled by the certificate-holding user; according to the business handling request, an authorization platform is called to generate an authorization protocol and the authorization protocol is displayed, wherein the authorization protocol comprises first user information, first event information, first license information of electronic licenses needed to be used for handling the first event and license use parameters; when detecting that the licensed user performs signature confirmation operation on the authorized protocol, invoking a digital signature platform to sign the signed authorized protocol to obtain an authorized filing file; the authorization platform is called to generate an authorization token according to the authorization archive file, the authorization token is used by the license server equipment when the license server equipment needs to call the electronic license of the licensed user from the license server equipment, the license server equipment is used when the license validity of the license server equipment is checked, and the electronic license of the licensed user can be called by the license server equipment only when the license server equipment passes the authorization token check, so that the condition that the electronic license of the licensed user is used by the user equipment of the licensed user is ensured, the condition that the electronic license of the licensed user is illegally called by the license server equipment (the license system) is avoided, the information security of the user is improved, and the privacy of the user is ensured.

It should be understood that the description of this section is not intended to identify key or critical features of the embodiments of the application or to delineate the scope of the application. Other features of the present application will become apparent from the description that follows.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a schematic diagram of an electronic license invoking system in the prior art;

fig. 2 is a flowchart of a method for calling an electronic license according to an embodiment of the present application;

fig. 3 is a schematic structural diagram of an electronic license calling system according to a first embodiment of the present application;

fig. 4 is a flowchart illustrating a process of calling an authorization platform to generate an authorization protocol according to an embodiment of the present application;

fig. 5 is a schematic flow chart of generating an authorized archive file by calling the digital signature platform according to the first embodiment of the present application;

Fig. 6 is a schematic flow chart of generating an authorization token by calling an authorization platform according to the first embodiment of the present application;

fig. 7 is a flowchart of a method for calling an electronic license according to a second embodiment of the present application;

fig. 8 is a schematic flow chart of invoking an authorization platform checksum to parse an authorization token according to a second embodiment of the present application;

fig. 9 is a flowchart of a method for calling an electronic license according to the third embodiment of the present application;

fig. 10 is a schematic structural diagram of a calling device of an electronic license according to a fourth embodiment of the present application;

fig. 11 is a schematic structural diagram of a card-end device according to a fifth embodiment of the present application.

Detailed Description

In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.

It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

First, terms referred to in the present application are explained as follows:

electronic license: electronic certificates submitted by masses at the time of working through a government system.

And (5) a certification user: the user holding the electronic license, i.e., the owner of the electronic license.

For example, fig. 1 is a schematic structural diagram of an electronic license calling system in the prior art, as shown in fig. 1, where the electronic license calling system in the prior art includes a license end device and a license service end device, the license end device is an electronic device installed with various license systems (i.e. government systems), the license service end device is an electronic device installed with an electronic license service system, and the license service end device stores and manages electronic licenses of users through the electronic license service system (abbreviated as license service system).

In the prior art, when the certification system needs to use the electronic certificate of the user, the electronic certificate of the user can be directly called from the certificate service end equipment according to the identity information of the user, however, when the certification system in the prior art calls the electronic certificate of the certification carrier, the certification carrier does not know which electronic certificates are called and used by the certification system and does not know the duration range of the calling and the use of the electronic certificates by the certification system, even the calling and the use of the electronic certificates by the certification system, so the electronic certificates of the certification carrier in the prior art can be used by the certification system for other purposes, such as the electronic certificates submitted by masses are originally only used for handling public loan services, but due to the situation, the electronic certificates of the masses can be illegally used as other unknown matters such as bank mortgage loans by the certification system. Therefore, how to ensure the right of the licensor to use the electronic license and guarantee the privacy and information security of the user becomes a technical problem to be solved in the prior art.

Based on the technical problems existing in the prior art, the embodiment of the application provides a calling mode of an electronic license, and an authorization card mechanism is adopted to realize that a card system is authorized by a card holder entity when calling the electronic license of the card holder, so that the card holder can accurately grasp the details of a use list of the electronic license when the card holder is called, such as the use range, the use efficiency limit and the like, the knowledge of the card holder is ensured, the condition that the card holder is privately called under the condition that the card system is not informed and authorized by the card holder is avoided, and the privacy and information safety of a user are ensured.

Example 1

Fig. 2 is a schematic flow chart of a method for calling an electronic license according to an embodiment of the present application, where the method of the embodiment may be performed by a device for calling an electronic license according to an embodiment of the present application, and the device may be implemented by software and/or hardware and may be integrated in a card-end device such as a mobile terminal, a personal computer, an interactive tablet, and the like. As shown in fig. 2, the method for calling the electronic license of the embodiment includes:

s201, acquiring a service handling request initiated by a certification system.

In this embodiment, when the licensed user (i.e. the licensed person) needs to transact a certain service, the licensed user may initiate a service transacting request by using the certification system in a direct or indirect manner.

In this embodiment, the certification system may provide a personal end APP and a government end APP, where the personal end APP is used for providing the certification user with personal information, so that the certification user can use the certification user to transact business on the internet; the government affair end APP is used for being provided for government affair departments and used by staff of the government affair departments when transacting business for the licensed users. The personal terminal APP corresponds to a user, such as a smart phone, a computer and the like, and the government terminal APP corresponds to office equipment of a government department, such as a smart flat-panel electric machine, a computer and the like.

In one possible implementation manner, the licensed user initiates a service handling request through a personal terminal APP installed on the user device, for example, the personal terminal APP logs in to a self-service handling guide of a corresponding service provided by the personal terminal APP, and enters a corresponding self-service handling page of the user by clicking a corresponding service module, and initiates the service handling request by clicking a corresponding function button. In this scenario, the card-end device is a user device, and the service transaction request is a service transaction request directly initiated by the licensed user.

In another possible implementation manner, when the licensed user has a requirement for handling a certain service, the licensed user sends a handling request to a staff member of the government department through online (such as making a call) or offline (such as going to a hall), and the staff member of the government department initiates the service handling request through a government terminal APP installed on a handling device of the government department, for example, the staff member of the government department logs in the government terminal APP and clicks a corresponding service module to enter a corresponding handling page, and clicks a corresponding function button to initiate the service handling request. In this scenario, the certificate end device is a transaction device, and the service transaction request is a service transaction request indirectly initiated by the certificate-holding user through a staff member of the government department.

In any of the above embodiments, when the user side device detects that a certain function module in the personal side APP or the government side APP is triggered, a service transaction request initiated by the certification system is acquired, where the service transaction request includes user information (i.e., first user information) of the certifying user and information (i.e., first event information) of a target service item requested to be transacted by the certifying user, where the first event information may be determined according to the certifying user itself or a service module selected by a staff, and the first user information may be login information of the personal side APP or information of the certifying user input by the certifying user (or the staff) in a service page.

S202, calling an authorization platform to generate an authorization protocol according to the business handling request, and displaying the authorization protocol.

An exemplary embodiment of the present application is shown in fig. 3, where the electronic license calling system in this embodiment includes a certificate end device and a license service end device, and an authorization platform and a digital signature platform are further introduced, where the certificate end device and the license service end device can call the authorization platform and the digital signature platform as required, and the digital signature platform and the authorization platform can also call each other before.

In order to ensure the use condition of the electronic license of the licensed user, in this embodiment, when the licensed end device obtains a service handling request of the licensed user, an authorization platform is called to generate an authorization protocol based on information in the service handling request, and the authorization protocol is displayed. The authorization agreement includes information of the licensed user (such as user identity information of the licensed user), information of service items requested to be transacted by the user (such as item names or numbers of the service items), information of electronic licenses needed to be used for transacting the items (such as names or numbers of electronic license identifications) and use parameters (such as use time and use times) of the electronic licenses, so that the licensed user can read the authorization agreement, such as finger palm, and the aim of guaranteeing the right of the user is achieved.

For convenience of distinction, in this embodiment, the user information, the item information, and the license information included in the authorization protocol are respectively called first user information, first event information, and first license information.

The first license information and the license use parameter may be determined according to the first event information. It will be appreciated that since each business transaction has a fixed flow of transactions and transaction requirements, the parameters of use, such as which electronic licenses to use and the number of times or time that the electronic licenses are used, are also fixed when a particular business transaction is handled, such as a business license.

In one possible implementation manner, the service transaction parameters table may be used to count service transactions that can be handled by the certification system, electronic certificates that need to be used for handling each service transaction, and the license use parameters, and accordingly, in this step, after the service handling request is obtained, the first license information and the license use parameters of the electronic certificates that need to be used by the certification system may be determined by searching the service transaction parameters table according to the first event information in the service handling request.

In this embodiment, the authorization platform has a function of generating an authorization protocol, and fig. 4 is a schematic flow chart of invoking the authorization platform to generate the authorization protocol according to the first embodiment of the present application, in this embodiment, the authorization protocol is generated by using data interaction between the credential device and the authorization platform, as shown in fig. 4, the generation of the authorization protocol includes the following steps:

s2021, sending an authorization request to an authorization platform.

In the step, the certificate end equipment sends an authorization request to the authorization platform so as to request the authorization platform to generate an authorization protocol for the certificate-holding user.

The authorization request carries the first event information, the first user information, the first license information and the license use parameter, so that the authorization request is used when the authorization platform generates an authorization protocol.

S2022, generating an authorization protocol according to the first event information, the first user information, the first license information and the license use parameters according to a preset format;

in this step, after receiving the authorization request, the authorization platform analyzes the authorization request to obtain first event information, first user information, first license information, and license usage parameters, and then generates an authorization protocol according to a preset format by using the analyzed first event information, first user information, first license information, and license usage parameters.

In one possible implementation manner, the authorization platform stores an authorization protocol template of the useful license system, and accordingly, in this step, the authorization protocol template is edited according to the analyzed first event information, the first user information, the first license information and the license use parameter, for example, corresponding information is filled into a space in the authorization protocol template to obtain the authorization protocol.

S2023, sending an authorization protocol to the certificate end equipment.

In this step, the authorization platform sends the authorized protocol obtained in S2022 to the certificate-side device, so that the certificate-side device can be used to display the authorized protocol.

It can be understood that if the service handling request is triggered by the licensed user on the user device, that is, the authorization request is sent by the user device to the authorization platform, the authorization platform feeds back the authorization protocol to the user device, so that the user device displays the authorization protocol, and the licensed user can directly read the authorization protocol on the user device. If the service handling request is triggered by the licensed user through the staff of the service department, that is, the authorization request is sent to the authorization platform by the office equipment, the authorization platform feeds back the authorization protocol to the office equipment, so that the office equipment displays the authorization protocol, the licensed user can read the authorization protocol on the office equipment, for example, the office staff of the service department turns the display screen of the office equipment to the licensed user, and the licensed user can read the authorization protocol conveniently.

Optionally, in order to facilitate loading and displaying the authorization protocol by the certification side device, the loading and displaying speed of the authorization protocol by the certification side device is increased, the authorization protocol sent to the certification side device by the authorization platform is a hypertext markup language (hyper text markup language, html) text of the authorization protocol, that is, the authorization platform converts the authorization protocol into the html text first, and then sends the html text to the certification side device.

S203, when the signature confirmation operation of the licensed user on the authorized protocol is detected, the digital signature platform is called to sign the authorized protocol, and an authorized archive file is obtained.

In this embodiment, after the user has seriously read the authorization protocol displayed in S202, the user performs signature verification in the signature verification area in the display interface of the user device (user device or office device), for example, signs in the signature verification area and clicks the "verification" button, which indicates that the user has already known the relevant matters in the authorization protocol, such as knowing what electronic certificates will be used, what matters will be handled by the electronic certificates, and what time frame will be used.

In order to prevent the contents of the authorized protocol from being tampered or forged and to prevent the possible repudiation of the licensed user in the future, in this embodiment, when the signature confirmation operation of the licensed user on the authorized protocol is detected, the digital signature platform is invoked to digitally sign the authorized protocol signed by the licensed user, so as to obtain the authorized archive file.

In this embodiment, the digital signature platform has a function of digitally signing an authorization agreement, and fig. 5 is an exemplary flow chart for calling the digital signature platform to generate an authorization archive file according to the first embodiment of the present application, where in this embodiment, the authorization archive file is obtained through data interaction between the certificate end device and the digital signature platform, as shown in fig. 5, and in this embodiment, the authorization archive file may be generated by the following steps:

S2031, sending the signed authorization agreement to the digital signature platform.

In the step, when the certification end device detects that the licensed user completes the signing and confirming operation of the authorization protocol, the signed authorization protocol is sent to the data signing platform.

S2032, signing the signed authorization agreement by adopting a preset signing algorithm to obtain an authorization archive file.

In the step, after receiving an authorization protocol book signed by a certification-holding user sent by a certification end, a digital signature platform carries out digital signature on the signed authorization protocol by adopting a signature algorithm preset in the platform to obtain an authorization filing file.

In this embodiment, the signature algorithm adopted by the digital signature platform may be any existing digital signature algorithm, such as a hash algorithm, an asymmetric encryption algorithm, and the like.

S2033, sending the authorized archive file to the certificate end equipment.

In the step, the digital signature platform sends the authorized archive file to the certificate end equipment.

S204, calling an authorization platform to generate an authorization token according to the authorization archive file.

In the step, after receiving the authorization archive file, the authorization archive file is sent to the authorization platform, so that the authorization platform generates an authorization token according to the authorization archive file, wherein the authorization token is used when the license server-side equipment is required to retrieve the electronic license of the licensed user from the license server-side equipment, and the license server-side equipment is used when verifying the use legitimacy of the license server-side equipment.

In this embodiment, the authorization platform further has a function of generating an authorization token, and fig. 6 is an exemplary flow chart for calling the authorization platform to generate the authorization token according to the first embodiment of the present application, where in this embodiment, the authorization token is generated by data interaction among the credential device, the authorization platform, and the digital signature platform, as shown in fig. 6, the authorization token may be generated by the following steps:

s2041, the authorization archive file is sent to an authorization platform.

In this step, the certificate end device sends the authorization archive file obtained by calling the digital signature platform in S203 to the authorization platform, so as to request the authorization platform to generate an authorization token.

S2042, the authorized archive file is sent to the digital signature platform.

In this step, after receiving the authorized archive file, the authorization platform sends the authorized archive file to the digital signature platform, and the digital signature platform verifies the authorized archive file to confirm whether the authorized archive file is tampered or forged.

S2043, verifying the authorized archive file to obtain a verification result.

In the step, the digital signature platform verifies the authorized archive file based on a preset digital signature algorithm to obtain a verification result.

For example, if the preset data signing algorithm is a digest algorithm, the authorization archive file includes signed authorization protocol and digest information of the signed authorization protocol generated by the digital signature platform according to the digest algorithm. Correspondingly, in the step, the digital signature platform uses the same digest algorithm to calculate digest information of the signed authorization protocol in the received usage right archive file, compares whether the calculated digest information is consistent with the digest information in the received usage right archive file, if so, the verification result is passed, and if not, the verification result is failed.

And S2044, if the verification result is passed, transmitting the first event information, the first user information, the first license information and the license use parameters in the authorization archive file to the authorization platform.

In this step, if the verification result in S2043 is passed, the digital signature platform sends the first event information, the first user information, the first license information and the license use parameter, which are parsed or extracted from the authorization archive file (i.e. the signed authorization agreement), to the authorization platform.

S2045, generating an authorization token according to the first event information, the first user information, the first license information and the license use parameters.

In the step, the authorization platform generates an authorization token according to a preset algorithm and the received first event information, the first user information, the first license information and the license use parameters.

In one possible implementation manner, the authorization platform generates a Json Web Token (JWT) in json format according to the first event information, the first user information, the first license information and the license use parameter, and encrypts the JWT by adopting a preset encryption algorithm to improve the security of the JWT, where the encrypted JWT is the authorization token.

S2046, the authorization token is sent to the proving end device.

In this step, the authorization platform sends the authorization token obtained in S2045 to the certificate-holding device, so that the user-holding device stores the authorization token, when the certificate-holding device needs to call the electronic certificate of the certificate-holding user to the certificate-holding service device, the authorization token is carried in the request for obtaining the electronic certificate to prove that the certificate-holding device calls the electronic certificate of the certificate-holding user on the premise that the certificate-holding user confirms authorization (i.e. under the condition that the certificate-holding user knows), thereby avoiding the situation that the electronic certificate of the certificate-holding user is illegally called by the certificate-holding device (the certificate-holding system), improving the information security of the user and guaranteeing the privacy of the user.

The first event information, the first user information, the first license information and the license use parameters are different only if any one of the parameters is different, the generated authorization tokens are different, when different license holding users request to transact the same business matters, the generated authorization tokens are different, the same license holding user requests to transact different business matters, and the generated authorization tokens are also different.

It should be noted that, if a plurality of electronic licenses of a user with a license need to be used in handling a certain transaction, the first license information includes information of the plurality of electronic licenses, such as names of all electronic licenses needed to be used, and meanwhile, the license use parameters include use parameters of all electronic licenses, and accordingly, the authorization token generated in this case can be used when the license system invokes all related electronic licenses.

In this embodiment, a service transaction request initiated by the evidence obtaining system is obtained, where the service transaction request includes first user information of an evidence-holding user and first event information of a target service item requested to be transacted by the evidence-holding user; according to the business handling request, an authorization platform is called to generate an authorization protocol and the authorization protocol is displayed, wherein the authorization protocol comprises first user information, first event information, first license information of electronic licenses needed to be used for handling the first event and license use parameters; when detecting that the licensed user performs signature confirmation operation on the authorized protocol, invoking a digital signature platform to sign the signed authorized protocol to obtain an authorized filing file; and calling an authorization platform to generate an authorization token according to the authorization archive file, wherein the authorization token is used for the certificate-using end equipment to verify the use legitimacy of the certificate-using end equipment when the certificate-using end equipment needs to call the electronic certificate of the certificate-holding user from the certificate-using end equipment. On the one hand, in the application embodiment, a signature confirmation process of the license-holding user on the authorization protocol is introduced in the process of calling the electronic license of the user, and the user terminal equipment of the license-holding user is ensured to use the awareness of the situation of the electronic license by guiding the user to read the authorization protocol; on the other hand, the verification process of the license service end equipment on the authorization token is introduced in the embodiment of the application, and the electronic license of the licensed user can be called by the license service end equipment only when the license service end equipment passes the verification of the authorization token, so that the situation that the electronic license of the licensed user is illegally called by the license service end equipment (a license system) is avoided, the information security of the user is improved, and the privacy of the user is guaranteed.

Example two

Fig. 7 is a schematic flow chart of a method for calling an electronic license according to the second embodiment of the present application, as shown in fig. 7, after the use terminal device obtains the authorization token through the method in the first embodiment, in this embodiment, when the use terminal device handles the target service item for the licensed user, the use terminal device may acquire the electronic license from the license service terminal device through the following steps:

s701, sending an acquisition request of a target electronic license of a licensed user to a license server-side device.

In the step, when the card-using end device handles target business matters for the card-holding user, the card-using end device sends an acquisition request of the target electronic card of the card-holding user to the card service end device.

It can be understood that the time for the card-end device to start the service and the time for the user to request for the service may be continuous or discontinuous, that is, the step may be performed immediately after S204, or may be performed after a period of time according to need, if there are more to-be-serviced matters in the service system, after S204 is performed, a period of time needs to be waited for before S701 is performed.

The target electronic license may be all electronic licenses that are needed to be used when the user handles the target business, or may be one or more electronic licenses, which is determined by the business process of the target business. If the target business transaction needs to be handled and the electronic license needs to be called from the license server-side device for multiple times, the electronic license needs to be called each time, an acquisition request needs to be sent to the license server-side device, that is, each time the electronic license needs to be called, the steps in S701-S706 need to be executed.

In this step, the acquisition request sent by the license server device to the license server device needs to carry the license system information, the authorization token, the second user information of the license-holding user, the second license information of the target electronic license and the second item information of the target service item, so that the license server device can conveniently use the license server device when checking the license validity of the license server device.

The license system information refers to license system information for calling and retrieving the electronic license at the present time, such as the name of a personal end APP or a government end APP of a certain service system installed in the license end equipment.

The authorization token, which is matched with the second user information and the second item information, may be determined by the credential end device according to the second user information and the second item information.

In one possible implementation, the authorization token is located in a header of the acquisition request, and the certification system information, the second user information, the second license information, and the second transaction information are located in a body of the acquisition request.

S702, invoking an authorization platform to perform checksum analysis on the authorization token to obtain first event information, first user information, first license information and license use parameters.

In the step, after receiving an authorization token, the license server side equipment firstly calls the authorization platform to carry out checksum analysis on the authorization token to obtain first event information, first user information, first license information and license use parameters which are hidden in the authorization token.

In this embodiment, the authorization platform further has a function of performing checksum analysis on the authorization token, and fig. 8 is a schematic flow chart of invoking the authorization platform to perform checksum analysis on the authorization token according to the second embodiment of the present application, as shown in fig. 8, where in this embodiment, the checksum analysis on the authorization token may be performed through the following steps:

s7021, sending an authorization token to the authorization platform.

In the step, the license server-side equipment sends the authorization token in the acquisition request to the authorization platform.

S7022, checking the authorization token to obtain a checking result.

In the step, the authorization platform checks the received authorization token to obtain a check result.

In one possible implementation, the authorization platform stores a record of all the completed authorization tokens, and in this step, the authorization platform obtains a verification result by determining whether there is a record of the received authorization token in the token record. Specifically, if the token record has the record of the received authorization token, the verification result is passed, otherwise, the verification result is not passed.

S7023, if the verification result is passed, resolving the authorization token to obtain the first event information, the first user information, the first license information and the license use parameter.

In this step, if the verification result in S7022 is passing, the authorization platform parses the authorization token to obtain first event information, first user information, first license information and license usage parameters that are implicit in the authorization token.

In one possible implementation, the authorization platform decrypts the authorization token according to a preset decryption algorithm to obtain the JWT, and then parses the JWT to obtain the first event information, the first user information, the first license information, and the license usage parameter.

If the verification result in S7022 is not passed, the authorization platform will send a verification failure response to the license server device, where the license server device does not allow the electronic license to be invoked by the license server device.

S7024, the first event information, the first user information, the first license information, and the license usage parameter are sent to the license service end device.

In this step, the authorization platform sends the first event information, the first user information, the first license information, and the license usage parameter obtained by parsing in S7023 to the license server device.

S703, verifying the validity of the use certificate terminal equipment according to the use certificate system information, the first item information, the first user information, the first certificate information, the certificate use parameter, the second user information, the second certificate information and the second item information.

In this step, the validity of the certificate-side device can be checked from the following aspects:

(1) Verification of use-certificate rights

In this step, the certificate authority of the certificate-side device can be verified according to the certificate system information.

In this embodiment, each license system needs to be recorded in the electronic license service system in advance, and only the recorded license system has the authority to retrieve the electronic license from the license device.

In this embodiment, the certificate-end device stores a list of the certificate systems recorded in the electronic certificate service system, where the list includes information of all the recorded certificate systems, such as the certificate system information, and accordingly, when verifying the certificate authority of the certificate-end device, the certificate authority of the certificate-end device can be determined to verify by traversing the list according to the certificate system information in the acquisition request.

Specifically, if the license system corresponding to the license system information exists in the list, determining that the license side equipment specifically invokes the authority of the electronic license, namely, checking the license authority of the license side equipment is passed; if the license system corresponding to the license system information does not exist in the list, the license side device is determined to not specifically call the rights of the electronic license, namely the verification result of the license rights of the license side device is not passed.

(2) Character legality

In the step, whether the evidence-end equipment has character legality is confirmed by comparing whether the first user information obtained by analysis from the authorization token is consistent with the second user information in the acquisition request. Specifically, if the first user information is consistent with the second user information, determining that the evidence-end device has the character legality, otherwise, determining that the evidence-end device does not have the character legality.

(3) Certificate legitimacy

In the step, on the basis of comparing the first license information obtained by analysis from the authorization token with the second license information in the acquisition request, whether the first license information contains the second license information is judged, and whether the certificate-end equipment has certificate legitimacy is confirmed. Specifically, if the first license information contains the second license information, the certification end equipment is determined to have certification validity, otherwise, the certification end equipment is determined to not have certification validity.

It may be understood that if the requested target electronic license is obtained as all electronic licenses for handling the target service item, the second license information is the same as the first license information, and if the requested target electronic license is obtained as part of the electronic license for handling the target service item, the second license information is only part of the first license information, so in this step, whether the certification end device has certificate legitimacy is confirmed by judging whether the first license information contains the second license information.

(4) Item legitimacy

In this step, whether the terminal device has the validity of the transaction is confirmed by comparing whether the first transaction information analyzed from the authorization token is identical to the second transaction information in the acquisition request. Specifically, if the first event information is consistent with the second event information, determining that the proving end device has the event validity, otherwise, determining that the proving end device does not have the event validity.

(5) Status validity

In the step, firstly, the receiving time of the acquisition request and/or the used times of the authorization token are determined, and whether the acquisition request has state legality is confirmed according to whether the request is required by the license use parameter or not according to the receiving time of the acquisition request and/or the used times of the authorization token.

In one possible implementation manner, if the license usage parameter includes a usage time range, that is, the license usage parameter limits the usage time of the target electronic license, and accordingly, whether the license-side device has status legitimacy may be determined by determining whether the receiving time of the obtaining request is within the usage time range defined by the license usage parameter. Specifically, if the receiving time is within the use time range, determining that the proving end device has state validity, otherwise, determining that the proving end device does not have state validity.

In another possible implementation manner, if the license usage parameter includes the maximum usage number, that is, the license usage parameter limits the usage number of the target electronic license, and accordingly, whether the license-side device has status legitimacy can be confirmed by judging whether the used number of the authorization token is within the maximum usage number defined by the license usage parameter. Specifically, if the number of times the authorization token has been used is less than or equal to the maximum number of times of use, determining that the proving end device has state validity, otherwise, determining that the proving end device does not have state validity.

In this step, if the verification in the above five aspects confirms that the use-side device has the use-side rights and has the person legality, the certificate legality, the matter legality and the status legality, it is determined that the use-side device has the use-side validity as a result of verification, S704 is executed, otherwise, only the verification result in any one aspect is no, it is determined that the use-side device has the use-side validity as a result of verification is not passed, that the use-side device has no use-side validity as a result of verification, and verification failure feedback is sent to the use-side device.

S704, generating a filling piece of the target electronic license.

In this step, when the verification result of the license validity of the license server device on the license server device is passed, the license server device obtains the target electronic license from the database, generates a filling piece of the target electronic license, for example, generates a copy of the target electronic license, and adds a watermark on the copy, for example, "forbid external transmission", and the like.

S705, filling the target electronic license sent to the end-use device.

In this step, the filling piece generated in S704 is sent to the proving end device for use by the proving end device.

S706, displaying the filling piece or archiving the filling piece.

In the step, the certificate end equipment displays the filling piece of the target electronic certificate or files the filling piece of the target electronic certificate according to the actual use scene.

In this embodiment, when the use terminal device handles the target service item for the licensed user, an acquisition request of the target electronic license of the licensed user is sent to the license service terminal device, where the acquisition request includes the use system information, the authorization token, the second user information of the licensed user, the second license information of the target electronic license, and the second item information of the target service item; receiving a filling piece of the target electronic license sent by the license service end equipment when the license validity verification result of the license service end equipment is passed; the filling piece is displayed or archived, so that the calling legitimacy of the electronic license by the card end equipment is ensured, the information safety of the user is improved, and the privacy and the right of the user are ensured.

Example III

Fig. 9 is a schematic flow chart of a method for calling an electronic license according to the third embodiment of the present application, as shown in fig. 9, in this embodiment, the calling of the electronic license includes the following specific steps:

step 1: when the certificate system calls the electronic certificate of the certificate holder, the certificate end equipment firstly initiates an authorization request to the authorization platform, for example, an authorization request interface of the authorization platform is called to send the authorization request so as to initiate an authorization flow.

The authorization request comprises information such as a license system identifier (AppID), a business item identifier (event), a user identifier (person), a license identifier (license), a license use parameter (time efficiency) and the like.

Step 2: after receiving the authorization request sent by the certification end device, the authorization platform generates an authorization protocol, and responds to the html text returned to the authorization protocol to the certification end device.

The authorization transaction ID is used for uniquely determining an authorization service, and can be randomly generated by an authorization platform or generated by the authorization platform through a corresponding algorithm according to information in an authorization request.

Step 3: after receiving the html text of the authorization document returned by the authorization platform, the certification system generates a certification authorization confirmation page, and displays the authorization document on a mobile terminal or a PC terminal or a certification terminal device such as an interactive tablet through the certification authorization confirmation page.

Step 4: after the licensor carefully reads the authorization protocol displayed in the step 3, the corresponding license end equipment displays the signature area signature authorization in the license authorization confirmation page, and clicks a submit button to submit the authorization protocol of signature confirmation. In this real person authorization process, the licensor knows what the license itself authorizes to the license system call is used to transact and in what time frame the authorization is valid.

Step 5: the certificate side equipment calls a digital signature platform to digitally sign the signed authorization agreement, obtains an authorization archive file, and sends the authorization archive file to the authorization platform.

Step 6: and the authorization platform generates an authorization certificate and records an authorization record after receiving the authorization archive file submitted by the certification system, and meanwhile, calls the digital signature platform to verify the authorization archive file, generates an authorization token according to information in the authorization protocol after the verification is passed, and returns a response to the certification system.

The authorization record and the authorization certificate are used for proving that the authorization operation is the authorization behavior signed by the licensor, so that the repudiation behavior of the user can be solved. On an authorization platform where authorization records may be maintained, authorization credentials may be maintained on the blockchain.

The authorization token is an authorization identifier for the certification system to use to invoke the prover electronic license.

Step 7: after the license system receives the authorization token issued by the authorization platform, the authorization token can be locally cached for later use when the license server-side equipment is called.

Step 8: the license system initiates a license request (namely an electronic license acquisition request) to a license service end device (an electronic license service platform), carries the authorization token cached in the step 7 in a request head of the license request, calls a license interface of the license service end device, and acquires the electronic license authorized by the license holder.

The certification request may be an http request.

Step 9: the license server side equipment receives the license request of the license system, acquires the authorization token transmitted in the step 8 from the request head of the license request, and acquires the license request parameters such as the license identifier, the user identifier and the like from the request body.

Step 10: the license server side equipment calls an authorization token checking interface of the authorization platform, transmits the authorization token acquired in the step 8 to the authorization platform, and initiates an authorization token checking request for checking the validity of the authorization token. And the authorization platform receives an authorization token checking request of the license server device, checks the authorization token, analyzes the authorization token after the authorization token passes the check, and feeds back the data analyzed from the authorization token to the license server device.

Step 11: the license server side equipment verifies the use legitimacy of the license side equipment through comparing the information of the analyzed identity mark information of the license holder, the authorization timeliness, the use license authorization event and the like.

And the license server-side equipment respectively processes according to the verification result of the use certificate validity of the use certificate-side equipment. If the verification of the certificate validity is not passed, the certificate server side equipment directly returns corresponding information of the failed verification to the certificate system. And if the verification of the certificate validity is passed, the certificate server device inquires the electronic certificate data of the certificate holder from the electronic certificate database according to the certificate request parameters acquired in the step 9, and returns the filling piece of the electronic certificate of the certificate holder to the certificate using system. And simultaneously recording a one-time use certificate record, which is used for proving that the current use certificate call is returned to a certificate data list of the use certificate system, and can be used for checking the use certificate call of the use certificate system and solving the repudiation of the use certificate system.

Step 12: after the certificate system receives the filling piece of the electronic certificate of the certificate holder returned by the certificate service end equipment, relevant matters in the range of the certificate which is authorized by the certificate holder are transacted.

Example IV

Fig. 10 is a schematic structural diagram of a calling device of an electronic license according to a fourth embodiment of the present application, where the device may be implemented by software and/or hardware and may be integrated in a card-end device. As shown in fig. 10, the calling device 100 of the electronic license in this embodiment includes:

An acquisition module 110 and a processing module 120.

An obtaining module 110, configured to obtain a service transaction request initiated by a certificate taking system, where the service transaction request includes first user information of a licensed user and first event information of a target service item requested to be transacted by the licensed user;

the processing module 120 is configured to invoke an authorization platform to generate an authorization protocol according to the service handling request, and display the authorization protocol, where the authorization protocol includes the first user information, the first event information, and first license information and license usage parameters of an electronic license that needs to be used for handling the first event; when detecting that the licensed user performs signature confirmation operation on the authorized protocol, invoking a digital signature platform to sign the signed authorized protocol to obtain an authorized filing file; and calling the authorization platform to generate an authorization token according to the authorization archive file, wherein the authorization token is used when the license server-side equipment is required to call the electronic license of the license-holding user from the license server-side equipment, and the license server-side equipment is used when checking the license validity of the license-using end equipment.

Optionally, the processing module 120 is specifically configured to:

determining first license information and license use parameters of the electronic license which are needed to be used for the licensed user to transact the first event information;

sending an authorization request to the authorization platform, wherein the authorization request comprises the first event information, the first user information, the first license information and the license use parameter, and the authorization request is used for requesting the authorization platform to generate the authorization protocol according to a preset format and the first event information, the first user information, the first license information and the license use parameter;

and receiving the authorization protocol sent by the authorization platform.

Optionally, the processing module 120 is specifically configured to:

sending the signed authorization protocol to the digital signature platform so that the digital signature platform signs the signed authorization protocol by adopting a preset signature algorithm to obtain the authorization archive file;

and receiving the authorized archive file sent by the digital signature platform.

Optionally, the processing module 120 is specifically configured to:

the authorization archive file is sent to the authorization platform, so that the authorization platform calls the digital signature platform to verify the authorization archive file, and after verification is passed, the authorization token is generated according to the first event information, the first user information, the first license information and the license use parameters in the authorization archive file;

And receiving the authorization token sent by the authorization platform.

Optionally, the processing module 120 is further configured to:

when the use terminal device handles target business matters for the support user, sending an acquisition request of a target electronic license of the support user to the license service terminal device, wherein the acquisition request comprises use system information, the authorization token, second user information of the support user, second license information of the target electronic license and second matter information of the target business matters;

receiving a filling piece of the target electronic license sent by the license server-side equipment when the license validity verification result of the license server-side equipment is passed;

the filling is displayed or archived.

Optionally, the license service end device checks the validity of the license end device by the following method:

invoking the authorization platform to perform checksum analysis on the authorization token to obtain the first event information, the first user information, the first license information and the license use parameters;

and verifying the validity of the use certificate of the certificate-using terminal equipment according to the certificate-using system information, the first event information, the first user information, the first certificate information, the certificate-using parameter, the second user information, the second certificate information and the second event information.

Optionally, the license usage parameter includes a usage time range and/or a maximum usage frequency, and the license service end device is specifically configured to:

according to the identification of the using end device, whether the using end device has using rights or not is confirmed;

by comparing the first user information with the second user information, whether the using-side equipment has character legality or not is confirmed;

by comparing the first license information with the second license information, whether the certificate-using end equipment has certificate legitimacy or not is confirmed;

by comparing the first event information with the second event information, whether the using-side equipment has event legitimacy or not is confirmed;

determining the receiving time of the acquisition request and/or the used times of the authorization token, and determining whether the certificate-using terminal equipment has state legality according to whether the receiving time and/or the used times meet the requirements of the certificate use parameters;

if the using end device has the using right and has character legality, certificate legality, item legality and state legality, the using legality checking result of the using end device is determined to be passing.

The calling device of the electronic license provided by the embodiment can execute the calling method of the electronic license provided by the method embodiment, and has the corresponding functional modules and beneficial effects of executing the method. The implementation principle and technical effect of the present embodiment are similar to those of the above method embodiment, and are not described here again.

Example five

Fig. 11 is a schematic structural diagram of a card-end device according to a fifth embodiment of the present application, as shown in fig. 11, where the card-end device 20 includes a memory 21, a processor 22, and a computer program stored in the memory and capable of running on the processor; the number of processors 22 in the proving end device 20 may be one or more, and one processor 22 is taken as an example in fig. 11; the processor 22, the memory 21 in the proving side device 20 may be connected by a bus or other means, for example in fig. 11.

The memory 21 is a computer readable storage medium, and may be used to store a software program, a computer executable program, and modules, such as program instructions/modules corresponding to the acquisition module 110 and the processing module 120 in the embodiment of the present application. The processor 22 executes various functional applications and data processing of the certificate side device by running software programs, instructions and modules stored in the memory 21, that is, implements the above-described calling method of the electronic certificate.

The memory 21 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, at least one application program required for functions; the storage data area may store data created according to the use of the terminal, etc. In addition, memory 21 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid-state storage device. In some examples, memory 21 may further include memory remotely located with respect to processor 22, which may be connected to the end-use device through a grid. Examples of such grids include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

Example six

A sixth embodiment of the present application also provides a computer-readable storage medium having stored thereon a computer program for executing a calling method of an electronic license when executed by a computer processor, the method comprising:

Of course, the computer program of the computer readable storage medium provided by the embodiment of the application is not limited to the method operations described above, and may also perform related operations in the calling method of the electronic license provided by any embodiment of the application.

From the above description of embodiments, it will be clear to a person skilled in the art that the present application may be implemented by means of software and necessary general purpose hardware, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as a floppy disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a FLASH memory (FLASH), a hard disk, or an optical disk of a computer, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a grid device, etc.) to perform the method described in the embodiments of the present application.

It should be noted that, in the embodiment of the calling device of the electronic license, each unit and module included are only divided according to the functional logic, but not limited to the above division, so long as the corresponding function can be realized; in addition, the specific names of the functional units are also only for distinguishing from each other, and are not used to limit the protection scope of the present application.

Note that the above is only a preferred embodiment of the present application and the technical principle applied. Those skilled in the art will appreciate that the present application is not limited to the particular embodiments described herein, but is capable of numerous obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the present application. Therefore, while the present application has been described in connection with the above embodiments, the present application is not limited to the above embodiments, but may include many other equivalent embodiments without departing from the spirit of the present application, the scope of which is defined by the scope of the appended claims.

Claims

1. The calling method of the electronic license is characterized by being applied to the application terminal equipment and comprising the following steps:

2. The method of claim 1, wherein invoking an authorization platform to generate an authorization agreement based on the business transaction request comprises:

and receiving the authorization protocol sent by the authorization platform.

3. The method of claim 1, wherein the invoking the digital signature platform to sign the authorization agreement comprises:

4. The method of claim 1, wherein the invoking the authorization platform to generate an authorization token from the authorization archive file comprises:

And receiving the authorization token sent by the authorization platform.

5. The method of any of claims 1-4, wherein the invoking the authorization platform to generate an authorization token from the authorization archive file further comprises:

the filling is displayed or archived.

6. The method of claim 5, wherein the license server-side device verifies the validity of the license of the using-side device by:

7. The method of claim 6, wherein the license usage parameters include a usage time range and/or a maximum number of uses, and wherein verifying the validity of the license-side device based on the license system information, the first event information, the first user information, the first license information, the license usage parameters, the second user information, the second license information, and the second item information includes:

8. The calling device of the electronic license is characterized by being integrated in a card-using end device and comprising:

the system comprises an acquisition module, a verification module and a verification module, wherein the acquisition module is used for acquiring a service handling request initiated by a verification system, and the service handling request comprises first user information of a verification user and first event information of target service items requested to be handled by the verification user;

9. A use-side device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements a method of invoking an electronic license as claimed in any one of claims 1 to 7 when the program is executed by the processor.

10. A computer-readable storage medium, on which a computer program is stored, which program, when executed by a processor, implements a method of invoking an electronic license as claimed in any of claims 1-7.