WO2023193585A1 - Authentication apparatus and method for original of and copy of electronic certificate license - Google Patents

Authentication apparatus and method for original of and copy of electronic certificate license Download PDF

Info

Publication number
WO2023193585A1
WO2023193585A1 PCT/CN2023/081779 CN2023081779W WO2023193585A1 WO 2023193585 A1 WO2023193585 A1 WO 2023193585A1 CN 2023081779 W CN2023081779 W CN 2023081779W WO 2023193585 A1 WO2023193585 A1 WO 2023193585A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic
information
user
module
license
Prior art date
Application number
PCT/CN2023/081779
Other languages
French (fr)
Chinese (zh)
Inventor
胡金钱
郭爱
蔡心怡
Original Assignee
胡金钱
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 胡金钱 filed Critical 胡金钱
Publication of WO2023193585A1 publication Critical patent/WO2023193585A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates

Definitions

  • the invention relates to the field of information security technology, and specifically relates to an electronic certificate license authentication device and an electronic certificate license authentication method.
  • embodiments of the present invention provide a device for authenticating original and duplicate electronic certificates and licenses and a method for authenticating original and duplicate electronic certificates and licenses.
  • the embodiment of the present application discloses: a device for authenticating the original and copy of an electronic certificate, including: a first acquisition module, used to obtain a plurality of first identity information, a plurality of first enterprise information and a corresponding plurality of the first user. a first CA certificate; a second retrieval module, used to obtain a plurality of first certificate information of the first user; an information authentication module, used to obtain a plurality of first identity information, a plurality of third certificates based on the plurality of first CA certificates; An enterprise information is physically or digitally authenticated to generate a plurality of first authenticated identity information and a plurality of first authenticated enterprise information; an electronic private seal/signature generation module is used to generate a plurality of first authenticated identity information.
  • the first electronic private seal/signature of the first user an electronic official seal generation module configured to generate the first electronic official seal of the first user based on a plurality of first authenticated identity information and a plurality of first authenticated enterprise information; and an electronic official seal.
  • the module for generating original and duplicate certificates and licenses displays the registration place where the enterprise is located and all downloadable documents of the registration place after the first electronic private seal/signature, the first electronic official seal and multiple first certificate information pass the real-name authentication of a specific mini-program.
  • the electronic certificate license record is for the first user to select, and after the first user selects the enterprise name, the state market supervision and administration department allows the first user to apply for downloading the first electronic certificate license through the specific applet. Original photo.
  • the first retrieval module is also used to obtain a plurality of second identity information, a plurality of second enterprise information and a plurality of corresponding second CA certificates of the second user;
  • the second retrieval module is also used to obtain A plurality of second certificate information of the second user;
  • the information authentication module is also used to perform physical or digital authentication on a plurality of second identity information and a plurality of second enterprise information based on a plurality of second CA certificates to generate a plurality of second Certified identity information and a plurality of second certified corporate information;
  • the electronic private seal/signature generation module is also used to generate a second electronic private seal/signature of the second user based on the plurality of second certified identity information;
  • electronic official seal generation The module is also used to generate a second electronic official seal of the second user based on a plurality of second authenticated identity information and a plurality of second authenticated enterprise information; and the electronic certificate license original and copy generating module is used in the second electronic private seal/signature, After the second electronic official seal and plural second
  • the electronic certificate license original and copy generating module is also used to generate a copy of the first electronic certificate license and a copy of the second electronic certificate license based on the original of the first electronic certificate license and the second electronic certificate license; in the first After the user is authorized, the first user is allowed to call a copy of the first electronic certificate license through the first electronic private seal/signature and the first electronic official seal; after the second user is authorized, the second user is allowed to call the copy through the second electronic private seal /Signature and second electronic official seal to call a copy of the second electronic certificate license.
  • the original of the first/second electronic certificate license uses a single key and single CA certificate, which is suitable for digital government applications; the copy of the first/second electronic certificate license uses a multi-key, multi-CA certificate, which is suitable for digital government applications. Economic applications.
  • the device for authenticating original and duplicate electronic certificates also includes a multi-module, which includes: a central control module, a communication module, an identity authentication module, a key module and a storage module connected to the central control module.
  • the communication module is used to realize communication between the first/second user and the external server;
  • the identity authentication module is used to authenticate the biometric identification data input by the first/second user, and after the authentication is passed, authenticate the first/second user
  • the user authorizes;
  • the key module is used to store a plurality of keys, and use the corresponding keys among the plurality of keys to authenticate a plurality of first/second authenticated identity information and a plurality of first/second authenticated information.
  • the enterprise information is encrypted to generate a plurality of encrypted first/second authenticated identity information and a plurality of encrypted first/second authenticated enterprise information;
  • a storage module is used to store the registered biometrics of the first/second user Feature identification data, a plurality of encrypted first/second authenticated identity information, a plurality of encrypted first/second authenticated enterprise information, the first/second electronic private seal/signature and the first/second electronic official seal ;
  • the central control module is used to receive input and control the operations of other modules, and after the first/second user is authorized, allows the first/second user to pass the first/second electronic private seal/signature and the first/
  • the second electronic official seal is used to call the copy of the first/second electronic certificate license.
  • the plurality of first/second enterprise information includes the first/second user authorized by the banking system and/or the government system. phone number, bound bank account number, electronic business license, tax control information, official seal number, legal person ID number, social credit code and/or electronic license number.
  • the plurality of first/second identity information includes the first/second user's ID card information, personal seal information, personal signature information, fingerprints, social security information, phone number, email address, biometric information, blood type, and gene sequencing. Results, personal privacy characteristic information, credit information and/or personal photo information, etc.
  • the plurality of first/second ID information includes household registration booklet, real estate certificate, ID card, social security, driver's license, passport, professional qualification certificate, etc.
  • the embodiment of this application discloses a method for authenticating the original and copy of an electronic certificate license, which includes the following steps:
  • an electronic certificate and license authenticating device including a first capture module, a second capture module, an information authentication module, an electronic private seal/signature generation module, an electronic official seal generation module, and an electronic certificate and license original and copy generation module; utilizing the first The retrieval module is used to obtain a plurality of first identity information, a plurality of first enterprise information and a corresponding plurality of first CA certificates of the first user; and the second retrieval module is used to obtain a plurality of first certificates of the first user.
  • Information use the information authentication module to perform physical or digital authentication on a plurality of first identity information and a plurality of first enterprise information based on a plurality of first CA certificates to generate a plurality of first authenticated identity information and a plurality of first authenticated information.
  • Verify enterprise information use the electronic private seal/signature generation module to generate the first electronic private seal/signature of the first user based on a plurality of first authenticated identity information; use an electronic official seal generation module to generate a first electronic seal/signature based on a plurality of first authenticated identities information and multiple first certified enterprise information to generate the first electronic official seal of the first user; and use the electronic certificate and license original and copy generation module to generate the first electronic private seal/signature, the first electronic official seal and multiple first certificate information.
  • the registration place where the enterprise is located and all the downloadable electronic certificate license records of the registration place are displayed for the first user to select, and after the first user selects the enterprise name, the national market supervision and administration department allows the second A user applies to download the original copy of the First Electronic Certificate license through a specific mini program.
  • the method also includes the following steps: using the first acquisition module to obtain a plurality of second identity information, a plurality of second enterprise information and a plurality of corresponding second CA certificates of the second user; using the second The retrieval module is used to obtain the plurality of second certificate information of the second user; the information authentication module is used to perform physical or digital authentication on the plurality of second identity information and the plurality of second enterprise information based on the plurality of second CA certificates to generate A plurality of second authenticated identity information and a plurality of second authenticated enterprise information; using an electronic private seal/signature generation module to generate a second electronic private seal/signature of the second user based on the plurality of second authenticated identity information; Using the electronic official seal generation module to generate the second electronic official seal of the second user based on the plurality of second authenticated identity information and the plurality of second authenticated enterprise information; and using the electronic certificate license original and copy generation module to generate the second electronic private seal /After the signature, second electronic official seal and multiple second certificate information pass the real-name authentication of the
  • the method also includes the following steps: using an electronic certificate license original and copy generating module to generate a copy of the first electronic certificate license and a second electronic certificate license based on the original of the first electronic certificate license and the original of the second electronic certificate license.
  • the first user is allowed to call a copy of the first electronic certificate license through the first electronic private seal/signature and the first electronic official seal; after the second user is authorized, the second user is allowed to The copy of the second electronic certificate license is called through the second electronic private seal/signature and the second electronic official seal.
  • the method also includes the following steps:
  • modules including a central control module, and a communication module, identity authentication module, key module and storage module connected to the central control module;
  • a key module to store a plurality of keys, and encrypt a plurality of first/second authenticated identity information and a plurality of first/second authenticated enterprise information based on corresponding keys among the plurality of keys. , to generate a plurality of encrypted first/second authenticated identity information and a plurality of encrypted first/second authenticated enterprise information;
  • the storage module is used to store the registered biometric identification data of the first/second user, a plurality of encrypted first/second authenticated identity information, a plurality of encrypted first/second authenticated enterprise information, the first/second Two electronic private seals/signatures and first/second electronic official seals; and
  • the device/method for authenticating the original and copy of the electronic certificate license of the present invention after the single key and single CA certificate pass the real-name authentication of the specific applet, the national market supervision and administration department allows Enterprise entities apply to download the original copy of the electronic certificate license through a specific mini program, and use multi-key and multi-CA certificates to authenticate and generate copies of the electronic certificate license.
  • the original and copy of the electronic certificate license in addition to In addition to being applicable to regional digital government applications (original), it can also be applied to digital economic applications (copies) in various digital economic application environments. There is mutual trust and mutual recognition, making it more convenient and reliable in practical applications.
  • the device for authenticating original and duplicate electronic certificates and licenses of the present invention stores certificates and keys in the chip instead of on a public platform, and has strong privacy and high security. All information is stored in the form of electronic keys and can be retrieved and used according to actual needs, greatly improving the security of certificates and keys.
  • the chip is installed in a readable medium with chip storage applications.
  • the readable medium includes but is not limited to servers, routers, laptops, mobile phone terminals, smart electronic seals, U-key, 5Gsim card, 4Gsim card.
  • the method/device for authenticating the original and copy of the electronic certificate license distinguishes the original and duplicate copies of the electronic certificate license.
  • the original is managed by the state in a unified database, and the copy is created according to national regulations.
  • the recognized chip media backup application library of market entities that can be deployed privately, it is left to the users to keep and apply it. It is not only reasonable, legal and compliant, but can also reduce systemic risks and ensure the security of customer data and information.
  • the chip is installed in a readable medium with chip storage applications.
  • the readable medium includes but is not limited to servers, routers, laptops, mobile terminals, smart electronic seals, U-key, 5Gsim cards, and 4Gsim cards.
  • the method/device for authenticating the original and copy of the electronic certificate license of the present invention issues the key and CA certificate of the copy of the electronic certificate license to market entities, which can be used together with the electronic seal, and is more suitable for application in various digital economy applications Digital economic applications in the environment trust and recognize each other, making them more convenient and reliable in practical applications.
  • Figure 1 is a framework diagram of an electronic certificate and license authenticating device in the first embodiment of the present invention.
  • Figure 2 is a frame diagram of an electronic certificate authenticating device in the second embodiment of the present invention.
  • FIG. 3 is a block diagram of the multiple modules in FIGS. 1 and 2 .
  • Figure 4 is a schematic diagram of a practical application of the device for authenticating original and duplicate electronic certificate licenses of the present invention.
  • Figure 5 is a flow chart of a method for authenticating the original and duplicate of an electronic certificate license in the first embodiment of the present invention.
  • Figure 6 is a flow chart of a method for authenticating the original and duplicate of an electronic certificate license in the second embodiment of the present invention.
  • 10A, 10B electronic certificate original and copy authentication device
  • 110 first capture module
  • 120 second capture module
  • 130 Information authentication module
  • 140 Electronic private seal/signature generation module
  • 150 Electronic official seal generation module
  • 160 Electronic certificate and license original and copy generation module
  • 300 Multi-module
  • 310 Central control module
  • 320 Central control module
  • Communication module 330 , identity authentication module; 340, key module; 350, storage module; IDA1-IDAn, first identity information; IDB1-IDBn, second identity information; aIDA1-aIDAn, first authenticated identity information; aIDB1-aIDBn, third Two authenticated identity information; eaIDA1-eaIDAn, encrypted first authenticated identity information; eaIDB1-eaIDBn, encrypted second authenticated identity information; CA_A1-CA_Ap, first CA certificate; CA_B1-CA_Bp, second CA certificate; DIA1-DIAm, first certificate information; DIB1-DIBm, second certificate information; CIA1-CIAm, first company information; CIB1-CIBm, second company information; aCIA1-aCIAm, first certified company information; aCIB1-aCIBm , the second certified company information; eaCIA1-eaCIAm, the encrypted first certified company information; eaCIB1-eaCIBm,
  • FIG. 1 is a frame diagram of an electronic certificate authenticating device 10A in the first embodiment of the present invention.
  • the electronic certificate authenticator 10A includes a first acquisition module 110, a second acquisition module 120, an information authentication module 130, an electronic private seal/signature generation module 140, an electronic official seal generation module 150, and an electronic seal generation module 150. Certificate license original and copy generation module 160 and multi-module 300.
  • the first acquisition module 110 is used to obtain the plurality of first identity information IDA1-IDAn, the plurality of first enterprise information CIA1-CIAm and the corresponding plurality of first CA certificates CA_A1- of the first user. CA_Ap.
  • the second acquisition module 120 is used to acquire a plurality of first ID information DIA1-DIAm of the first user.
  • the information authentication module 130 is coupled to the first acquisition module 110 and is used to physically or digitally process the plurality of first identity information IDA1-IDAn and the plurality of first enterprise information CIA1-CIAm according to the plurality of first CA certificates CA_A1-CA_Ap. Authentication to generate a plurality of first authenticated identity information aIDA1-aIDAn and a plurality of first authenticated enterprise information aCIA1-aCIAm.
  • the electronic private seal/signature generation module 140 is coupled to the information authentication module 130 and is used to generate the first electronic private seal/signature EPS1 of the first user based on the plurality of first authenticated identity information aIDA1-aIDAn.
  • the electronic official seal generation module 150 is coupled to the information authentication module 130 and is used to generate the first electronic official seal ECS1 of the first user based on the plurality of first authenticated identity information aIDA1-aIDAn and the plurality of first authenticated enterprise information aCIA1-aCIAm.
  • the electronic certificate license original and copy generating module 160 is coupled to the electronic private seal/signature generating module 140, the electronic official seal generating module 150 and the second acquisition module 120.
  • the first electronic private seal/signature EPS1 the first electronic official seal ECS1 and the plural Geth
  • the certificate information DIA1-DIAm passes the real-name authentication of a specific applet (such as WeChat applet, Alipay applet, Baidu applet, etc.), it displays the registration place where the enterprise is located and all the downloadable electronic certificate license records of the registration place.
  • a specific applet such as WeChat applet, Alipay applet, Baidu applet, etc.
  • the State Market Supervision and Administration Department allows the first user to apply for downloading the original ECL_A of the first electronic certificate license through a specific mini program.
  • FIG 2 is a frame diagram of an electronic certificate original and copy authentication device 10B in the second embodiment of the present invention.
  • the electronic certificate license authenticating device 10B in Figure 2 is similar to the electronic certificate license authenticating device 10A in Figure 1 .
  • the first retrieval module 110 is also used to obtain a plurality of second data of the second user.
  • Identity information IDB1-IDBn a plurality of second enterprise information CIB1-CIBm, and a plurality of corresponding second CA certificates CA_B1-CA_Bp.
  • the second acquisition module 120 is also used to obtain a plurality of second ID information DIB1-DIBm of the second user.
  • the information authentication module 130 is also configured to perform physical or digital authentication on the plurality of second identity information IDB1-IDBn and the plurality of second enterprise information CIB1-CIBm according to the plurality of second CA certificates CA_B1-CA_Bp to generate a plurality of second certificates.
  • the electronic private seal/signature generation module 140 is also configured to generate a second electronic private seal/signature EPS2 of the second user based on the plurality of second authenticated identity information aIDB1-aIDBn.
  • the electronic official seal generation module 150 is also used to generate a second electronic official seal ECS2 of the second user based on the plurality of second authenticated identity information aIDB1-aIDBn and the plurality of second authenticated enterprise information aCIB1-aCIBm.
  • the electronic certificate license generation module 160 displays the registration place where the enterprise is located and the All downloadable electronic certificate license records in the registration place are available for the second user to select.
  • the second user selects the company name, the State Administration for Market Regulation allows the second user to apply for downloading the original copy of the second electronic certificate license through a specific mini program. ECL_B.
  • the plurality of first/second identity information IDA1-IDAn/IDB1-IDBn mentioned above include the first/second user’s ID card information, personal seal information, personal signature information, fingerprints, social security information, phone number, email address, Biometric information, blood type, gene sequencing results, personal privacy feature information, credit information and/or personal photo information, but this is only an example and is not a limitation of the present invention.
  • the plurality of first/second certificate information DIA1-DIAm/DIB1-DIBm include household registration book, real estate certificate, ID card, social security, driver's license, passport, and professional qualification certificate, but the invention is not limited to this, and other Similar certificate information also falls within the scope of the present invention.
  • first/second company information CIA1-CIAm/CIB1-CIBm includes the phone number of the first/second user authorized by the banking system and/or the government system, bound bank account number, electronic business license, tax control Information, official seal number, legal person ID number, social credit code and/or electronic license number, but the present invention is not limited to this, other similar enterprise information Information also belongs to the scope covered by the present invention.
  • first/second electronic private seal/electronic signature EPS1/EPS2 here belongs to a broad concept, any personal electronic name seal in various electronic/digital formats that can identify an individual's identity and has legal effect. Electronic signatures, digital signatures, fingerprints and other electronic signature models are all covered.
  • first/second electronic official seal ECS1/ECS2 here belongs to a broad concept, any official seal, legal person seal, special invoice seal, financial seal, contract in various electronic/digital formats that can represent the enterprise and have legal effect. Electronic signature templates such as stamps are included.
  • the electronic certificate license original and copy generating module 160 is also used to generate copies of the first electronic certificate license ECL_A1 and the second electronic certificate license based on the original ECL_A of the first electronic certificate license and the original ECL_B of the second electronic certificate license.
  • a copy of the first electronic certificate license ECL_B1 in this way, after the first user is authorized, the first user is allowed to call the copy of the first electronic certificate license ECL_A1 through the first electronic private seal/signature EPS1 and the first electronic official seal ECS1; and in After the second user is authorized, the second user is allowed to call the copy ECL_B1 of the second electronic certificate license through the second electronic private seal/signature EPS2 and the second electronic official seal ECS2.
  • the "original ECL_A/ECL_B of the first/second electronic certificate license” here means that after the CA certificate and key pass the real-name authentication of a specific applet, the national market supervision and management department allows the enterprise entity to pass a specific Mini program to apply for downloaded originals and store them in the certificate and license central library.
  • Enterprise entities cannot privately own the originals of electronic certificates and licenses. They must connect to the certificate and license central library through the front-end server to download and use the original electronic certificates and licenses;
  • the "Copy of the First/Second Electronic Certificate License ECL_A1/ECL_B" can be generated by the enterprise or a third party providing a medium that can issue the electronic certificate license.
  • the subject's electronic certificate license and electronic seal applications have been privatized, which not only protects the security of the enterprise's data information, but also greatly reduces the various pressures caused by the application of the national electronic certificate license central database.
  • the device 10A/10B for authenticating original and duplicate electronic certificate licenses also includes a multi-module 300.
  • the multi-module 300 includes a central control module 310, a communication module 320, an identity authentication module 330, a key module 340 and a storage module 350 connected to the central control module 310.
  • the communication module 320 is used to implement communication between the first/second user and the external server;
  • the identity authentication module 330 is used to authenticate the biometric identification data input by the first/second user, and after the authentication is passed, authenticate the first/second user.
  • the second user authorizes; the key module 340 is used to store a plurality of keys KEY1-KEYp, and to verify a plurality of first/second authenticated identity information aIDA1 according to the corresponding keys in the plurality of keys KEY1-KEYp.
  • -aIDAn/aIDB1-aIDBn and a plurality of first/second authenticated enterprise information aCIA1-aCIAm/aCIB1-aCIBm are encrypted to generate a plurality of encrypted first/second authenticated identity information eaIDA1-eaIDAn/eaIDB1-eaIDBn and a plurality of encrypted first/second authenticated enterprise information eaCIA1-eaCIAm/eaCIB1-eaCIBm;
  • the storage module 350 is used to store the registered biometric data of the first/second user, a plurality of encrypted first/second Authenticated identity information eaIDA1-eaIDAn/eaIDB1-eaIDBn, plural Encrypted first/second certified enterprise information aCIA1-aCIAm/aCIB1-aCIBm, first/second electronic private seal/signature EPS1/EPS2 and first/second electronic official seal ECS1/ECS2.
  • the central control module 310 is used to receive input and control the operations of other modules 320-350, and after the first/second user obtains authorization, allows the first/second user to pass the first/second electronic private seal/signature EPS1/ EPS2 and the first/second electronic official seal ECS1/ECS2 to call the copy ECL_A1/ECL_B1 of the first/second electronic certificate license.
  • the communication module 320 may include: at least one of a 3G communication module, a 4G communication module, a 5G communication module, a WIFI module, an NBIoT module, a Bluetooth module, an NFC module and an infrared module; the communication module 320 supports IPV4 and IPV6 protocols.
  • biometric data may include fingerprint information data, iris information data and/or facial feature recognition data, or any biometric data that can identify the user. In actual applications, one or a combination of more of them can be used for security identification.
  • the electronic certificate original and copy authentication device 10A/10B of the present invention can be a trusted authentication server system or a third-party authentication platform system.
  • This device includes authentication of various certificate keys such as electronic private seals/signatures and electronic official seals. , storage, management, and application, which corresponds to any department or platform system of social economic transactions, including individuals, families, small and medium-sized enterprises/individual industrial and commercial households, enterprises, communities, and governments.
  • FIG. 4 is a schematic diagram of a practical application of the electronic certificate original and copy authentication device 10A/10B of the present invention.
  • the electronic certificate license authenticating device 10A/10B will respectively obtain a plurality of identity information, a plurality of enterprise information, a plurality of certificate information and related information of enterprise user A, enterprise user B and enterprise user C.
  • the originals ECL_A, ECL_B, and ECL_C of the electronic certificate licenses of enterprise user A, enterprise user B, and enterprise user C are generated respectively.
  • the electronic certificate license original and copy authentication device 10A/10B will first generate an electronic certificate license based on the originals ECL_A, ECL_B, and ECL_C of the electronic certificate licenses of enterprise user A, enterprise user B, and enterprise user C. Copies ECL_A1, ECL_B1, ECL_C1. It is worth noting that after the single-key and single-CA certificate passes the real-name authentication of a specific applet, the state market supervision and administration department allows business entities to apply for downloading the originals of the electronic certificate license ECL_A, ECL_B, and ECL_C through the specific applet.
  • the application scenario is digital government applications in the regional government environment, which cannot be applied to digital economy applications; and the keys and CA certificates of the electronic certificate license copies ECL_A1, ECL_B1, ECL_C1 are issued to market entities, and they can be used together with the electronic seal. It is more suitable for digital economic applications in various digital economic application environments.
  • the electronic certificate and license authenticating device 10A/10B of the present invention can be implemented by an intelligent security chip of an integrated physical and electrical intelligent electronic seal.
  • the intelligent security chip of the integrated physical and electrical intelligent electronic seal stores various certificates and keys. , such as: ID card information, personal seal information, personal signature information, fingerprints, social security information, household register, driver's license, passport, professional qualification certificate, phone number, email address, biometric information, blood type, gene sequencing results, personal privacy characteristics Information data, credit information and/or personal photo information, etc.
  • the smart security chip also stores various corporate information, such as: phone number of the first/second user authorized by the banking system and/or government system, bound bank account number, electronic business license, tax control information, official seal number, legal person certificate number, social credit code and/or electronic license number.
  • the device for authenticating original and duplicate electronic certificates and licenses 10A/10B of the present invention can be widely used in multi-certificate intensive scenarios for individuals and enterprises, one-time authentication, all-network processing, one number for multiple uses, multiple certificates in one, centralized licenses, and electronic invoice authentication use contracts.
  • Service scenarios such as key chain accounting integration from signing to invoicing, electronic signatures, and personal credit extension. Realize the concentration, transfer, authentication, and authorization of corporate and personal electronic certificates and other information.
  • users can use common prosperity and convenient services to make everyone an e-commerce business and every household an enterprise, and realize the comprehensive digitization of their social, political, cultural, and economic activities efficiently and reliably.
  • the electronic certificate license here is a broad concept, covering all electronic business licenses, electronic licenses, electronic invoices, electronic bill invoicing copies/stub copies/accounting statements, etc. with originals/copies and multiple vouchers, even real estate Certificates, household registers, ID cards, and other electronic certificates and licenses that were originally paper must be converted into electronic ones, and the originals and copies must be separated. In this way, twin applications that can reflect the original copy are better in terms of legality and security.
  • Figure 5 is a flow chart of a method for authenticating the original and copy of an electronic certificate license in the first embodiment of the present invention.
  • the method for authenticating the original and copy of the electronic license in Figure 5 includes the following steps:
  • Step S410 Provide an electronic certificate and license original and copy authentication device, including a first acquisition module, a second acquisition module, an information authentication module, an electronic private seal/signature generation module, an electronic official seal generation module, and an electronic certificate and license original and copy generation module.
  • Step S420 Use the first retrieval module to obtain a plurality of first/second identity information, a plurality of first/second enterprise information, and a plurality of corresponding first/second CA certificates of the first/second user .
  • Step S430 Use the second acquisition module to obtain a plurality of first/second ID information of the first/second user.
  • Step S440 Use the information authentication module to perform physical or digital authentication on the plurality of first/second identity information and the plurality of first/second enterprise information based on the plurality of first/second CA certificates to generate a plurality of first /Second authenticated identity information and multiple first/second authenticated enterprise information.
  • Step S450 Use the electronic private seal/signature generation module to generate the first/second electronic private seal/signature of the first/second user based on the plurality of first/second authenticated identity information.
  • Step S460 Use the electronic official seal generation module to generate the seal based on a plurality of first/second authenticated identity information and a plurality of third The first/second authenticated enterprise information is used to generate the first/second electronic official seal of the first/second user.
  • Step S470 Use the electronic certificate license original and copy generation module to display the first/second electronic private seal/signature, the first/second electronic official seal and the plurality of first/second certificate information through the real-name authentication of the specific applet.
  • the registration place where the enterprise is located and all the downloadable electronic certificate and license records of the registration place are available for the first/second user to select, and after the first/second user selects the enterprise name, the state market supervision and administration department allows the first/second user to Users can apply to download the original copy of the first/second electronic certificate license through a specific mini program.
  • step S420 is executed by the first capture module 110
  • step S430 is executed by the second capture module 120
  • step S440 is executed by the information authentication module 130
  • step S450 is generated by the electronic private seal/signature.
  • the module 140 executes the step S460 by the electronic official seal generating module 150 and the step S470 by the electronic certificate and license original and copy generating module 160 .
  • FIG. 6 is a flow chart of a method for authenticating the original and copy of an electronic certificate in the second embodiment of the present invention.
  • the method for authenticating the original and copy of the electronic license in Figure 6 includes the following steps:
  • Step S510 Use the electronic certificate license original and copy generating module to generate a copy of the first electronic certificate license and a copy of the second electronic certificate license based on the original of the first electronic certificate license and the original of the second electronic certificate license.
  • Step S520 After the first user obtains authorization, the first user is allowed to call a copy of the first electronic certificate license through the first electronic private seal/signature and the first electronic official seal.
  • Step S530 After the second user obtains authorization, the second user is allowed to call a copy of the second electronic certificate license through the second electronic private seal/signature and the second electronic official seal.
  • step S510 is executed by the electronic certificate license original and copy generating module 160.
  • the device for authenticating original and duplicate electronic certificates and licenses of the present invention stores certificates and keys in the chip of an integrated intelligent electronic seal, instead of storing them on a public platform. It has strong privacy and high security. All information is stored in the form of electronic keys and can be retrieved and used according to actual needs, greatly improving the security of certificates and keys.
  • the method/device for authenticating the original and copy of the electronic certificate license provided by the present invention distinguishes the original and the duplicate of the electronic certificate license.
  • the original is managed by the state in a unified database, and the copy is created according to national regulations and handed over. It is kept and applied by users themselves, which is not only reasonable, legal and compliant, but can also reduce systemic risks and ensure the security of customer data and information.
  • the method/device for authenticating the original and copy of the electronic certificate license of the present invention uses multi-key and multi-CA certificates to generate copies of the electronic certificate license, which can be applied to digital economic applications in various digital economic application environments and ensure mutual trust and mutual trust. recognition, which is more convenient and reliable in practical applications.
  • the embodiment of the present invention can be implemented in various hardware, software coding, or a combination of both.
  • the embodiment of the present invention may also be a program code for executing the above method in a digital signal processor (Digital Signal Processor, DSP).
  • the invention may also relate to a computer processor, digital signal processor, microprocessor or field programmable gate array (Field Programmable Gate Array, FPGA) performs various functions.
  • the processors described above may be configured in accordance with the present invention to perform specific tasks by executing machine-readable software code or firmware code that defines specific methods disclosed herein.
  • Software code or firmware code can be developed into different programming languages and different formats or forms. Software code can also be compiled for different target platforms. However, different code styles, types, and languages of software code and other types of configuration code that perform tasks according to the invention do not depart from the spirit and scope of the invention.
  • the device/method for authenticating the original and copy of the electronic certificate license of the present invention after the single key and single CA certificate pass the real-name authentication of the specific applet, the national market supervision and administration department allows The enterprise entity applies to download the original copy of the electronic certificate license through a specific mini program, and issues the key and CA certificate of the copy of the electronic certificate license to the market entity, which can be used together with the electronic seal.
  • the enterprise entity applies to download the original copy of the electronic certificate license through a specific mini program, and issues the key and CA certificate of the copy of the electronic certificate license to the market entity, which can be used together with the electronic seal.
  • By downloading the original copy of the electronic certificate license and the CA certificate To distinguish, in addition to being applicable to regional digital government applications (original), it can also be applied to digital economic applications (copies) in various digital economic application environments. There is mutual trust and mutual recognition, which is more convenient in practical applications. reliable.
  • the present invention uses specific embodiments to illustrate the principles and implementation methods of the present invention.
  • the description of the above embodiments is only used to help understand the method of the present invention and its core idea; at the same time, for those of ordinary skill in the art, based on this
  • the idea of the invention will be subject to change in the specific implementation and scope of application. In summary, the contents of this description should not be understood as limiting the invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Disclosed in the present invention are an authentication apparatus and authentication method for the original of and a copy of an electronic certificate license. The authentication apparatus for the original of and a copy of an electronic certificate license comprises: a first acquisition module, which obtains identity information of a first/second user, enterprise information and corresponding CA certificates; a second acquisition module, which obtains certificate information of the first/second user; an information authentication module, which authenticates the identity information and the enterprise information according to the CA certificates; an electronic personal seal/signature generation module; an electronic company seal generation module; and an electronic certificate license original and copy generation module, which displays the registration place of an enterprise and all downloadable electronic certificate license records at the registration place for the first/second user to choose, and generates a copy of a first/second electronic certificate license on the basis of the original of the first/second electronic certificate license, the state administrative department for market regulation allowing the first/second user to make an application for downloading the original of the first/second electronic certificate license by means of a specific applet after the first/second user chooses an enterprise name.

Description

电子证执照正副本认证装置及方法Device and method for authenticating original and duplicate electronic certificates and licenses 技术领域Technical field
发明涉及信息安全技术领域,具体涉及一种电子证执照认证装置及电子证执照认证方法。The invention relates to the field of information security technology, and specifically relates to an electronic certificate license authentication device and an electronic certificate license authentication method.
背景技术Background technique
现代社会中,各类数字化应用的基础设施不断完善进步,我国的数字化科技及应用普及速度大幅提升。因此在各项由政府主导、企业推进的数字领域,已经迈入一个新的台阶,而在社区、家庭乃至个人层面的数字化应用将进入一个快速发展阶段。In modern society, the infrastructure for various digital applications is constantly improving and progressing, and the popularity of digital technology and applications in our country has increased significantly. Therefore, various digital fields led by the government and promoted by enterprises have entered a new level, and digital applications at the community, family and even individual levels will enter a stage of rapid development.
现有的电子证执照并没有正副本之分,且电子证执照应用还存在着身份认证难、证照管理难、互通互认难、应用场景少、数据不安全等问题,特别是PDF版的电子证执照在日常经济活动中传递存在较大的应用和管理风险,在现实经济领域里无法得到广泛应用。因此,有必要提供一种更可靠、更便利、更安全且能够合法合理认证、生成、下载、保存电子证执照的副本的装置及方法。There are no original and duplicate electronic certificates and licenses, and the application of electronic certificates and licenses still has problems such as difficulty in identity authentication, license management, interoperability and mutual recognition, few application scenarios, and data insecurity, especially in the PDF version of the electronic certificate. There are great application and management risks in the transfer of certificates and licenses in daily economic activities, and they cannot be widely used in the real economic field. Therefore, it is necessary to provide a device and method that is more reliable, more convenient, safer and can legally and reasonably authenticate, generate, download and save a copy of the electronic certificate license.
应该注意,上面对技术背景的介绍只是为了方便对本发明的技术方案进行清楚、完整的说明,并方便本领域技术人员的理解而阐述的。不能仅仅因为这些方案在本发明的背景技术部分进行了阐述而认为上述技术方案为本领域技术人员所公知。It should be noted that the above introduction to the technical background is only provided to facilitate a clear and complete description of the technical solution of the present invention and to facilitate the understanding of those skilled in the art. It cannot be considered that the above technical solutions are known to those skilled in the art just because these solutions are described in the background technology section of the present invention.
发明内容Contents of the invention
为了克服现有技术中的缺陷,本发明实施例提供了一种电子证执照正副本认证装置及电子证执照正副本认证方法。In order to overcome the deficiencies in the prior art, embodiments of the present invention provide a device for authenticating original and duplicate electronic certificates and licenses and a method for authenticating original and duplicate electronic certificates and licenses.
本申请实施例公开了:一种电子证执照正副本认证装置,包括:第一撷取模块,用于取得第一用户的复数个第一身份信息、复数个第一企业信息以及相对应的复数个第一CA证书;第二撷取模块,用于取得第一用户的复数个第一证件信息;信息认证模块,用于根据复数个第一CA证书对复数个第一身份信息、复数个第一企业信息进行实体或数字化认证,来生成复数个第一已认证身份信息和复数个第一已认证企业信息;电子私章/签名生成模块,用于根据复数个第一已认证身份信息来生成第一用户的第一电子私章/签名;电子公章生成模块,用于根据复数个第一已认证身份信息和复数个第一已认证企业信息来生成第一用户的第一电子公章;以及电子证执照正副本生成模块,在第一电子私章/签名、第一电子公章和复数个第一证件信息通过特定小程序的实名认证后,显示企业所在的登记地与该登记地的所有可下载电子证执照记录供所述第一用户选择,并在所述第一用户选择企业名称后,国家市场监督管理部门允许第一用户通过所述特定小程序来申领下载第一电子证执 照的正本。The embodiment of the present application discloses: a device for authenticating the original and copy of an electronic certificate, including: a first acquisition module, used to obtain a plurality of first identity information, a plurality of first enterprise information and a corresponding plurality of the first user. a first CA certificate; a second retrieval module, used to obtain a plurality of first certificate information of the first user; an information authentication module, used to obtain a plurality of first identity information, a plurality of third certificates based on the plurality of first CA certificates; An enterprise information is physically or digitally authenticated to generate a plurality of first authenticated identity information and a plurality of first authenticated enterprise information; an electronic private seal/signature generation module is used to generate a plurality of first authenticated identity information. The first electronic private seal/signature of the first user; an electronic official seal generation module configured to generate the first electronic official seal of the first user based on a plurality of first authenticated identity information and a plurality of first authenticated enterprise information; and an electronic official seal. The module for generating original and duplicate certificates and licenses displays the registration place where the enterprise is located and all downloadable documents of the registration place after the first electronic private seal/signature, the first electronic official seal and multiple first certificate information pass the real-name authentication of a specific mini-program. The electronic certificate license record is for the first user to select, and after the first user selects the enterprise name, the state market supervision and administration department allows the first user to apply for downloading the first electronic certificate license through the specific applet. Original photo.
进一步地,第一撷取模块还用于取得取得第二用户的复数个第二身份信息、复数个第二企业信息以及相对应的复数个第二CA证书;第二撷取模块还用于取得第二用户的复数个第二证件信息;信息认证模块还用于根据复数个第二CA证书对复数个第二身份信息、复数个第二企业信息进行实体或数字化认证,来生成复数个第二已认证身份信息和复数个第二已认证企业信息;电子私章/签名生成模块还用于根据复数个第二已认证身份信息来生成第二用户的第二电子私章/签名;电子公章生成模块还用于根据复数个第二已认证身份信息和复数个第二已认证企业信息来生成第二用户的第二电子公章;以及电子证执照正副本生成模块在第二电子私章/签名、第二电子公章和复数个第二证件信息通过特定小程序的实名认证后,显示企业所在的登记地与该登记地的所有可下载电子证执照记录供所述第一用户选择,并在所述第一用户选择企业名称后,国家市场监督管理部门允许第二用户通过所述特定小程序来申领下载第二电子证执照的正本。Further, the first retrieval module is also used to obtain a plurality of second identity information, a plurality of second enterprise information and a plurality of corresponding second CA certificates of the second user; the second retrieval module is also used to obtain A plurality of second certificate information of the second user; the information authentication module is also used to perform physical or digital authentication on a plurality of second identity information and a plurality of second enterprise information based on a plurality of second CA certificates to generate a plurality of second Certified identity information and a plurality of second certified corporate information; the electronic private seal/signature generation module is also used to generate a second electronic private seal/signature of the second user based on the plurality of second certified identity information; electronic official seal generation The module is also used to generate a second electronic official seal of the second user based on a plurality of second authenticated identity information and a plurality of second authenticated enterprise information; and the electronic certificate license original and copy generating module is used in the second electronic private seal/signature, After the second electronic official seal and plural second certificate information pass the real-name authentication of the specific applet, the registration place where the enterprise is located and all the downloadable electronic certificate license records of the registration place are displayed for the first user to select, and in the After the first user selects the enterprise name, the state market supervision and administration department allows the second user to apply for downloading the original copy of the second electronic certificate license through the specific applet.
进一步地,电子证执照正副本生成模块还用于根据第一电子证执照的正本和第二电子证执照的正本来生成第一电子证执照的副本和第二电子证执照的副本;在第一用户获得授权后,允许第一用户通过第一电子私章/签名及第一电子公章来调用第一电子证执照的副本;在第二用户获得授权后,允许第二用户通过第二电子私章/签名及第二电子公章来调用第二电子证执照的副本。Further, the electronic certificate license original and copy generating module is also used to generate a copy of the first electronic certificate license and a copy of the second electronic certificate license based on the original of the first electronic certificate license and the second electronic certificate license; in the first After the user is authorized, the first user is allowed to call a copy of the first electronic certificate license through the first electronic private seal/signature and the first electronic official seal; after the second user is authorized, the second user is allowed to call the copy through the second electronic private seal /Signature and second electronic official seal to call a copy of the second electronic certificate license.
进一步地,第一/第二电子证执照的正本采用单密钥、单CA证书,适用于数字政务应用;第一/第二电子证执照的副本采用多密钥、多CA证书,适用于数字经济应用。Furthermore, the original of the first/second electronic certificate license uses a single key and single CA certificate, which is suitable for digital government applications; the copy of the first/second electronic certificate license uses a multi-key, multi-CA certificate, which is suitable for digital government applications. Economic applications.
进一步地,电子证执照正副本认证装置还包括一多模块,多模块包括:中央控制模块,以及与中央控制模块相连接的通信模块、身份认证模块、密钥模块以及存储模块。通信模块用于实现第一/第二用户和外部服务器的通信;身份认证模块用于对第一/第二用户输入的生物特征识别数据进行认证,并于认证通过后,对第一/第二用户进行授权;密钥模块用于存储复数个密钥,并根据复数个密钥中相对应的密钥来对复数个第一/第二已认证身份信息和复数个第一/第二已认证企业信息进行加密,以生成复数个加密的第一/第二已认证身份信息和复数个加密的第一/第二已认证企业信息;存储模块,用于存储第一/第二用户的注册生物特征识别数据、复数个加密的第一/第二已认证身份信息、复数个加密的第一/第二已认证企业信息、第一/第二电子私章/签名和第一/第二电子公章;中央控制模块,用于接收输入并控制其他模块的操作,并在第一/第二用户获得授权后,允许第一/第二用户通过第一/第二电子私章/签名及第一/第二电子公章来调用第一/第二电子证执照的副本。Furthermore, the device for authenticating original and duplicate electronic certificates also includes a multi-module, which includes: a central control module, a communication module, an identity authentication module, a key module and a storage module connected to the central control module. The communication module is used to realize communication between the first/second user and the external server; the identity authentication module is used to authenticate the biometric identification data input by the first/second user, and after the authentication is passed, authenticate the first/second user The user authorizes; the key module is used to store a plurality of keys, and use the corresponding keys among the plurality of keys to authenticate a plurality of first/second authenticated identity information and a plurality of first/second authenticated information. The enterprise information is encrypted to generate a plurality of encrypted first/second authenticated identity information and a plurality of encrypted first/second authenticated enterprise information; a storage module is used to store the registered biometrics of the first/second user Feature identification data, a plurality of encrypted first/second authenticated identity information, a plurality of encrypted first/second authenticated enterprise information, the first/second electronic private seal/signature and the first/second electronic official seal ; The central control module is used to receive input and control the operations of other modules, and after the first/second user is authorized, allows the first/second user to pass the first/second electronic private seal/signature and the first/ The second electronic official seal is used to call the copy of the first/second electronic certificate license.
进一步地,复数个第一/第二企业信息包括银行系统及/或政府系统授权第一/第二用户 的电话号码、绑定银行账号、电子营业执照、税控信息、公章号、法人证件号、社会信用代码及/或电子证照号。Further, the plurality of first/second enterprise information includes the first/second user authorized by the banking system and/or the government system. phone number, bound bank account number, electronic business license, tax control information, official seal number, legal person ID number, social credit code and/or electronic license number.
进一步地,复数个第一/第二身份信息包括第一/第二用户的身份证信息、个人私章信息、个人签名信息、指纹、社保信息、电话、邮箱、生物特征信息、血型、基因测序结果、个人隐私特征信息数据、征信信息及/或个人照片信息等。Further, the plurality of first/second identity information includes the first/second user's ID card information, personal seal information, personal signature information, fingerprints, social security information, phone number, email address, biometric information, blood type, and gene sequencing. Results, personal privacy characteristic information, credit information and/or personal photo information, etc.
进一步地,复数个第一/第二证件信息包括户口本、房产证、身份证、社保、驾驶证、护照、职业资格证书等。Further, the plurality of first/second ID information includes household registration booklet, real estate certificate, ID card, social security, driver's license, passport, professional qualification certificate, etc.
本申请实施例公开了一种电子证执照正副本认证方法,包括以下步骤:The embodiment of this application discloses a method for authenticating the original and copy of an electronic certificate license, which includes the following steps:
提供电子证执照正副本认证装置,包括第一撷取模块、第二撷取模块、信息认证模块、电子私章/签名生成模块、电子公章生成模块、电子证执照正副本生成模块;利用第一撷取模块来取得第一用户的复数个第一身份信息、复数个第一企业信息以及相对应的复数个第一CA证书;利用第二撷取模块来取得第一用户的复数个第一证件信息;利用信息认证模块来根据复数个第一CA证书对复数个第一身份信息、复数个第一企业信息进行实体或数字化认证,来生成复数个第一已认证身份信息和复数个第一已认证企业信息;利用电子私章/签名生成模块来根据复数个第一已认证身份信息来生成第一用户的第一电子私章/签名;利用电子公章生成模块来根据复数个第一已认证身份信息和复数个第一已认证企业信息来生成第一用户的第一电子公章;以及利用电子证执照正副本生成模块在第一电子私章/签名、第一电子公章和复数个第一证件信息通过特定小程序的实名认证后,显示企业所在的登记地与该登记地的所有可下载电子证执照记录供第一用户选择,并在第一用户选择企业名称后,国家市场监督管理部门允许第一用户通过特定小程序来申领下载第一电子证执照的正本。Provides an electronic certificate and license authenticating device, including a first capture module, a second capture module, an information authentication module, an electronic private seal/signature generation module, an electronic official seal generation module, and an electronic certificate and license original and copy generation module; utilizing the first The retrieval module is used to obtain a plurality of first identity information, a plurality of first enterprise information and a corresponding plurality of first CA certificates of the first user; and the second retrieval module is used to obtain a plurality of first certificates of the first user. Information; use the information authentication module to perform physical or digital authentication on a plurality of first identity information and a plurality of first enterprise information based on a plurality of first CA certificates to generate a plurality of first authenticated identity information and a plurality of first authenticated information. Verify enterprise information; use the electronic private seal/signature generation module to generate the first electronic private seal/signature of the first user based on a plurality of first authenticated identity information; use an electronic official seal generation module to generate a first electronic seal/signature based on a plurality of first authenticated identities information and multiple first certified enterprise information to generate the first electronic official seal of the first user; and use the electronic certificate and license original and copy generation module to generate the first electronic private seal/signature, the first electronic official seal and multiple first certificate information. After passing the real-name authentication of a specific mini program, the registration place where the enterprise is located and all the downloadable electronic certificate license records of the registration place are displayed for the first user to select, and after the first user selects the enterprise name, the national market supervision and administration department allows the second A user applies to download the original copy of the First Electronic Certificate license through a specific mini program.
进一步地,该方法还包括以下步骤:利用第一撷取模块来取得取得第二用户的复数个第二身份信息、复数个第二企业信息以及相对应的复数个第二CA证书;利用第二撷取模块来取得第二用户的复数个第二证件信息;利用信息认证模块来根据复数个第二CA证书对复数个第二身份信息、复数个第二企业信息进行实体或数字化认证,来生成复数个第二已认证身份信息和复数个第二已认证企业信息;利用电子私章/签名生成模块来根据复数个第二已认证身份信息来生成第二用户的第二电子私章/签名;利用电子公章生成模块来根据复数个第二已认证身份信息和复数个第二已认证企业信息来生成第二用户的第二电子公章;以及利用电子证执照正副本生成模块在第二电子私章/签名、第二电子公章和复数个第二证件信息通过特定小程序的实名认证后,显示企业所在的登记地与该登记地的所有可下载电子证执照记录供第二用户选择,并在第二用户选择企业名称后,国家市场监督管理部 门允许第二用户通过特定小程序来申领下载第二电子证执照的正本。Further, the method also includes the following steps: using the first acquisition module to obtain a plurality of second identity information, a plurality of second enterprise information and a plurality of corresponding second CA certificates of the second user; using the second The retrieval module is used to obtain the plurality of second certificate information of the second user; the information authentication module is used to perform physical or digital authentication on the plurality of second identity information and the plurality of second enterprise information based on the plurality of second CA certificates to generate A plurality of second authenticated identity information and a plurality of second authenticated enterprise information; using an electronic private seal/signature generation module to generate a second electronic private seal/signature of the second user based on the plurality of second authenticated identity information; Using the electronic official seal generation module to generate the second electronic official seal of the second user based on the plurality of second authenticated identity information and the plurality of second authenticated enterprise information; and using the electronic certificate license original and copy generation module to generate the second electronic private seal /After the signature, second electronic official seal and multiple second certificate information pass the real-name authentication of the specific applet, the registration place where the enterprise is located and all the downloadable electronic certificate license records of the registration place are displayed for the second user to select, and in the After the second user selects the company name, the State Administration for Market Regulation The door allows the second user to apply for downloading the original copy of the second electronic certificate license through a specific applet.
进一步地,该方法还包括以下步骤:利用电子证执照正副本生成模块来根据第一电子证执照的正本和第二电子证执照的正本来生成第一电子证执照的副本和第二电子证执照的副本;在第一用户获得授权后,允许第一用户通过第一电子私章/签名及第一电子公章来调用第一电子证执照的副本;在第二用户获得授权后,允许第二用户通过第二电子私章/签名及第二电子公章来调用第二电子证执照的副本。Further, the method also includes the following steps: using an electronic certificate license original and copy generating module to generate a copy of the first electronic certificate license and a second electronic certificate license based on the original of the first electronic certificate license and the original of the second electronic certificate license. After the first user is authorized, the first user is allowed to call a copy of the first electronic certificate license through the first electronic private seal/signature and the first electronic official seal; after the second user is authorized, the second user is allowed to The copy of the second electronic certificate license is called through the second electronic private seal/signature and the second electronic official seal.
进一步地,该方法还包括以下步骤:Further, the method also includes the following steps:
提供多模块,多模块包括中央控制模块,以及与中央控制模块相连接的通信模块、身份认证模块、密钥模块以及存储模块;Provide multiple modules, including a central control module, and a communication module, identity authentication module, key module and storage module connected to the central control module;
利用通信模块来实现第一/第二用户和外部服务器的通信;Use the communication module to realize communication between the first/second user and the external server;
利用身份认证模块来对第一/第二用户输入的生物特征识别数据进行认证,并于认证通过后,对第一/第二用户进行授权;Use the identity authentication module to authenticate the biometric data input by the first/second user, and authorize the first/second user after passing the authentication;
利用密钥模块来存储复数个密钥,并根据复数个密钥中相对应的密钥来对复数个第一/第二已认证身份信息和复数个第一/第二已认证企业信息进行加密,以生成复数个加密的第一/第二已认证身份信息和复数个加密的第一/第二已认证企业信息;Utilize a key module to store a plurality of keys, and encrypt a plurality of first/second authenticated identity information and a plurality of first/second authenticated enterprise information based on corresponding keys among the plurality of keys. , to generate a plurality of encrypted first/second authenticated identity information and a plurality of encrypted first/second authenticated enterprise information;
利用存储模块来存储第一/第二用户的注册生物特征识别数据、复数个加密的第一/第二已认证身份信息、复数个加密的第一/第二已认证企业信息、第一/第二电子私章/签名和第一/第二电子公章;以及The storage module is used to store the registered biometric identification data of the first/second user, a plurality of encrypted first/second authenticated identity information, a plurality of encrypted first/second authenticated enterprise information, the first/second Two electronic private seals/signatures and first/second electronic official seals; and
利用中央控制模块来接收输入并控制其他模块的操作,并在第一/第二用户获得授权后,允许第一/第二用户通过第一/第二电子私章/签名及第一/第二电子公章来调用第一/第二电子证执照的副本。Use the central control module to receive input and control the operations of other modules, and after the first/second user is authorized, allow the first/second user to pass the first/second electronic private seal/signature and the first/second Electronic official seal to call the first/second electronic certificate copy of the license.
借由以上的技术方案,本发明的有益效果如下:本发明的电子证执照正副本认证装置/方法,在单密钥、单CA证书通过特定小程序的实名认证后,国家市场监督管理部门允许企业主体通过特定小程序来申领下载电子证执照的正本,并采用多密钥、多CA证书的方式来认证生成电子证执照的副本,通过将电子证执照的正本、副本区分开来,除了可以适用于区域的数字政务应用(正本)之外,更可以适用于各种数字经济应用环境中的数字经济应用(副本),彼此互信互认,在实际应用时更为方便可靠。Through the above technical solution, the beneficial effects of the present invention are as follows: The device/method for authenticating the original and copy of the electronic certificate license of the present invention, after the single key and single CA certificate pass the real-name authentication of the specific applet, the national market supervision and administration department allows Enterprise entities apply to download the original copy of the electronic certificate license through a specific mini program, and use multi-key and multi-CA certificates to authenticate and generate copies of the electronic certificate license. By distinguishing the original and copy of the electronic certificate license, in addition to In addition to being applicable to regional digital government applications (original), it can also be applied to digital economic applications (copies) in various digital economic application environments. There is mutual trust and mutual recognition, making it more convenient and reliable in practical applications.
本发明的电子证执照正副本认证装置将证书和密钥存储在芯片中,而不是存储在公共平台,私密性强,安全性高。且所有的信息皆是以电子密钥的形式加以保存,再根据实际需求来调取使用,大大提升证书和密钥的安全性。芯片被安装在带有芯片存储应用的可读介质中,可读介质包括但不限于服务器、路由器、笔记本电脑、手机终端、智能电子印章、 U-key、5Gsim卡、4Gsim卡。The device for authenticating original and duplicate electronic certificates and licenses of the present invention stores certificates and keys in the chip instead of on a public platform, and has strong privacy and high security. All information is stored in the form of electronic keys and can be retrieved and used according to actual needs, greatly improving the security of certificates and keys. The chip is installed in a readable medium with chip storage applications. The readable medium includes but is not limited to servers, routers, laptops, mobile phone terminals, smart electronic seals, U-key, 5Gsim card, 4Gsim card.
与现有技术相比较,本发明提供的电子证执照正副本认证方法/装置,将电子证执照的正本、副本区分开来,正本由国家统一建库管理,副本则根据国家规定建立之后,放在市场主体的被认可的可私有化部署的芯片介质备份应用库中,交由用户自行保管与应用,不但合理合法合规,还可以减少系统性风险,对客户数据信息安全更有保障。芯片被安装在带有芯片存储应用的可读介质中,可读介质包括但不限于服务器、路由器、笔记本电脑、手机终端、智能电子印章、U-key、5Gsim卡、4Gsim卡。Compared with the existing technology, the method/device for authenticating the original and copy of the electronic certificate license provided by the present invention distinguishes the original and duplicate copies of the electronic certificate license. The original is managed by the state in a unified database, and the copy is created according to national regulations. In the recognized chip media backup application library of market entities that can be deployed privately, it is left to the users to keep and apply it. It is not only reasonable, legal and compliant, but can also reduce systemic risks and ensure the security of customer data and information. The chip is installed in a readable medium with chip storage applications. The readable medium includes but is not limited to servers, routers, laptops, mobile terminals, smart electronic seals, U-key, 5Gsim cards, and 4Gsim cards.
此外,本发明的电子证执照正副本认证方法/装置,将电子证执照的副本的密钥、CA证书下发给市场主体,可以匹配电子印章来一起使用,更适合应用在各种数字经济应用环境中的数字经济应用,彼此互信互认,在实际应用时更为方便可靠。In addition, the method/device for authenticating the original and copy of the electronic certificate license of the present invention issues the key and CA certificate of the copy of the electronic certificate license to market entities, which can be used together with the electronic seal, and is more suitable for application in various digital economy applications Digital economic applications in the environment trust and recognize each other, making them more convenient and reliable in practical applications.
附图说明Description of the drawings
图1是本发明第一实施例中的一种电子证执照正副本认证装置的框架图。Figure 1 is a framework diagram of an electronic certificate and license authenticating device in the first embodiment of the present invention.
图2是本发明第二实施例中的一种电子证执照正副本认证装置的框架图。Figure 2 is a frame diagram of an electronic certificate authenticating device in the second embodiment of the present invention.
图3是图1和图2中的多模块的框架图。FIG. 3 is a block diagram of the multiple modules in FIGS. 1 and 2 .
图4是本发明的电子证执照正副本认证装置的一实际应用的示意图。Figure 4 is a schematic diagram of a practical application of the device for authenticating original and duplicate electronic certificate licenses of the present invention.
图5是本发明第一实施例中的一种电子证执照正副本认证方法的流程图。Figure 5 is a flow chart of a method for authenticating the original and duplicate of an electronic certificate license in the first embodiment of the present invention.
图6是本发明第二实施例中的一种电子证执照正副本认证方法的流程图。Figure 6 is a flow chart of a method for authenticating the original and duplicate of an electronic certificate license in the second embodiment of the present invention.
以上附图的附图标记:
10A、10B、电子证执照正副本认证装置;110、第一撷取模块;120、第二撷取模块;
130、信息认证模块;140、电子私章/签名生成模块;150、电子公章生成模块;160、电子证执照正副本生成模块;300、多模块;310、中央控制模块;320、通信模块;330、身份认证模块;340、密钥模块;350、存储模块;IDA1-IDAn、第一身份信息;IDB1-IDBn、第二身份信息;aIDA1-aIDAn、第一已认证身份信息;aIDB1-aIDBn、第二已认证身份信息;eaIDA1-eaIDAn、加密的第一已认证身份信息;eaIDB1-eaIDBn、加密的第二已认证身份信息;CA_A1-CA_Ap、第一CA证书;CA_B1-CA_Bp、第二CA证书;DIA1-DIAm、第一证件信息;DIB1-DIBm、第二证件信息;CIA1-CIAm、第一企业信息;CIB1-CIBm、第二企业信息;aCIA1-aCIAm、第一已认证企业信息;aCIB1-aCIBm、第二已认证企业信息;eaCIA1-eaCIAm、加密的第一已认证企业信息;eaCIB1-eaCIBm、加密的第二已认证企业信息;EPS1、第一电子私章/签名;EPS2、第二电子私章/签名;ECS1、第一电子公章;ECS2、第二电子公章;KEY1-KEYp、密钥;ECL_A、第一电子证执照的正本;ECL_A1、第一电子证执照的副本;ECL_B、第二电子证执照的正本;ECL_B1、第二电子证执照的 副本;ECL_C、第三电子证执照的正本;ECL_C1、第三电子证执照的副本;S410-S470、S510-S530、步骤。Reference signs for the above drawings:
10A, 10B, electronic certificate original and copy authentication device; 110, first capture module; 120, second capture module;
130. Information authentication module; 140. Electronic private seal/signature generation module; 150. Electronic official seal generation module; 160. Electronic certificate and license original and copy generation module; 300. Multi-module; 310. Central control module; 320. Communication module; 330 , identity authentication module; 340, key module; 350, storage module; IDA1-IDAn, first identity information; IDB1-IDBn, second identity information; aIDA1-aIDAn, first authenticated identity information; aIDB1-aIDBn, third Two authenticated identity information; eaIDA1-eaIDAn, encrypted first authenticated identity information; eaIDB1-eaIDBn, encrypted second authenticated identity information; CA_A1-CA_Ap, first CA certificate; CA_B1-CA_Bp, second CA certificate; DIA1-DIAm, first certificate information; DIB1-DIBm, second certificate information; CIA1-CIAm, first company information; CIB1-CIBm, second company information; aCIA1-aCIAm, first certified company information; aCIB1-aCIBm , the second certified company information; eaCIA1-eaCIAm, the encrypted first certified company information; eaCIB1-eaCIBm, the encrypted second certified company information; EPS1, the first electronic private seal/signature; EPS2, the second electronic private seal Seal/Signature; ECS1, the first electronic official seal; ECS2, the second electronic official seal; KEY1-KEYp, key; ECL_A, the original of the first electronic certificate license; ECL_A1, a copy of the first electronic certificate license; ECL_B, the second electronic certificate The original copy of the electronic certificate license; ECL_B1, the second electronic certificate license Copy; ECL_C, original copy of the third electronic certificate license; ECL_C1, copy of the third electronic certificate license; S410-S470, S510-S530, steps.
具体实施方式Detailed ways
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without exerting creative efforts.
为让本发明的上述和其他目的、特征和优点能更明显易懂,下文特列举较佳实施例,并配合所附图式,作详细说明如下。In order to make the above and other objects, features and advantages of the present invention more clearly understood, preferred embodiments are enumerated below and described in detail with reference to the accompanying drawings.
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of the present invention.
需要说明的是,在本发明的描述中,术语“第一”、“第二”等仅用于描述目的和区别类似的对象,两者之间并不存在先后顺序,也不能理解为指示或暗示相对重要性。此外,在本发明的描述中,除非另有说明,“多个”的含义是两个或两个以上。It should be noted that in the description of the present invention, the terms "first", "second", etc. are only used for descriptive purposes and to distinguish similar objects. There is no order between the two, and they cannot be understood as indicating or implies relative importance. Furthermore, in the description of the present invention, unless otherwise specified, "plurality" means two or more.
请参考图1,图1是本发明第一实施例中的一种电子证执照正副本认证装置10A的框架图。如图1所示,电子证执照正副本认证装置10A包括第一撷取模块110、第二撷取模块120、信息认证模块130、电子私章/签名生成模块140、电子公章生成模块150、电子证执照正副本生成模块160和多模块300。于本实施例中,第一撷取模块110用于取得第一用户的复数个第一身份信息IDA1-IDAn、复数个第一企业信息CIA1-CIAm以及相对应的复数个第一CA证书CA_A1-CA_Ap。第二撷取模块120用于取得第一用户的复数个第一证件信息DIA1-DIAm。信息认证模块130耦接于第一撷取模块110,用于根据复数个第一CA证书CA_A1-CA_Ap对复数个第一身份信息IDA1-IDAn、复数个第一企业信息CIA1-CIAm进行实体或数字化认证,来生成复数个第一已认证身份信息aIDA1-aIDAn和复数个第一已认证企业信息aCIA1-aCIAm。电子私章/签名生成模块140耦接于信息认证模块130,用于根据复数个第一已认证身份信息aIDA1-aIDAn来生成第一用户的第一电子私章/签名EPS1。电子公章生成模块150耦接于信息认证模块130,用于根据复数个第一已认证身份信息aIDA1-aIDAn和复数个第一已认证企业信息aCIA1-aCIAm来生成第一用户的第一电子公章ECS1。电子证执照正副本生成模块160耦接于电子私章/签名生成模块140、电子公章生成模块150和第二撷取模块120,在第一电子私章/签名EPS1、第一电子公章ECS1和复数个第 一证件信息DIA1-DIAm通过特定小程序(如:微信小程序、支付宝小程序、百度小程序等)的实名认证后,显示企业所在的登记地与该登记地的所有可下载电子证执照记录供第一用户选择,并在第一用户选择企业名称后,国家市场监督管理部门允许第一用户通过特定小程序来申领下载第一电子证执照的正本ECL_A。Please refer to FIG. 1 , which is a frame diagram of an electronic certificate authenticating device 10A in the first embodiment of the present invention. As shown in Figure 1, the electronic certificate authenticator 10A includes a first acquisition module 110, a second acquisition module 120, an information authentication module 130, an electronic private seal/signature generation module 140, an electronic official seal generation module 150, and an electronic seal generation module 150. Certificate license original and copy generation module 160 and multi-module 300. In this embodiment, the first acquisition module 110 is used to obtain the plurality of first identity information IDA1-IDAn, the plurality of first enterprise information CIA1-CIAm and the corresponding plurality of first CA certificates CA_A1- of the first user. CA_Ap. The second acquisition module 120 is used to acquire a plurality of first ID information DIA1-DIAm of the first user. The information authentication module 130 is coupled to the first acquisition module 110 and is used to physically or digitally process the plurality of first identity information IDA1-IDAn and the plurality of first enterprise information CIA1-CIAm according to the plurality of first CA certificates CA_A1-CA_Ap. Authentication to generate a plurality of first authenticated identity information aIDA1-aIDAn and a plurality of first authenticated enterprise information aCIA1-aCIAm. The electronic private seal/signature generation module 140 is coupled to the information authentication module 130 and is used to generate the first electronic private seal/signature EPS1 of the first user based on the plurality of first authenticated identity information aIDA1-aIDAn. The electronic official seal generation module 150 is coupled to the information authentication module 130 and is used to generate the first electronic official seal ECS1 of the first user based on the plurality of first authenticated identity information aIDA1-aIDAn and the plurality of first authenticated enterprise information aCIA1-aCIAm. . The electronic certificate license original and copy generating module 160 is coupled to the electronic private seal/signature generating module 140, the electronic official seal generating module 150 and the second acquisition module 120. In the first electronic private seal/signature EPS1, the first electronic official seal ECS1 and the plural Geth After the certificate information DIA1-DIAm passes the real-name authentication of a specific applet (such as WeChat applet, Alipay applet, Baidu applet, etc.), it displays the registration place where the enterprise is located and all the downloadable electronic certificate license records of the registration place. After the first user selects the company name, the State Market Supervision and Administration Department allows the first user to apply for downloading the original ECL_A of the first electronic certificate license through a specific mini program.
请参考图2,图2是本发明第二实施例中的一种电子证执照正副本认证装置10B的框架图。图2的电子证执照正副本认证装置10B与图1的电子证执照正副本认证装置10A类似,在本实施例中,第一撷取模块110还用于取得取得第二用户的复数个第二身份信息IDB1-IDBn、复数个第二企业信息CIB1-CIBm以及相对应的复数个第二CA证书CA_B1-CA_Bp。第二撷取模块120还用于取得第二用户的复数个第二证件信息DIB1-DIBm。信息认证模块130还用于根据复数个第二CA证书CA_B1-CA_Bp对复数个第二身份信息IDB1-IDBn、复数个第二企业信息CIB1-CIBm进行实体或数字化认证,来生成复数个第二已认证身份信息aIDB1-aIDBn和复数个第二已认证企业信息aCIB1-aCIBm。电子私章/签名生成模块140还用于根据复数个第二已认证身份信息aIDB1-aIDBn来生成第二用户的第二电子私章/签名EPS2。电子公章生成模块150还用于根据复数个第二已认证身份信息aIDB1-aIDBn和复数个第二已认证企业信息aCIB1-aCIBm来生成第二用户的第二电子公章ECS2。电子证执照正副本生成模块160在第二电子私章/签名EPS2、第二电子公章ECS2和复数个第二证件信息DIB1-DIBm通过特定小程序的实名认证后,显示企业所在的登记地与该登记地的所有可下载电子证执照记录供第二用户选择,并在第二用户选择企业名称后,国家市场监督管理部门允许第二用户通过特定小程序来申领下载第二电子证执照的正本ECL_B。Please refer to Figure 2, which is a frame diagram of an electronic certificate original and copy authentication device 10B in the second embodiment of the present invention. The electronic certificate license authenticating device 10B in Figure 2 is similar to the electronic certificate license authenticating device 10A in Figure 1 . In this embodiment, the first retrieval module 110 is also used to obtain a plurality of second data of the second user. Identity information IDB1-IDBn, a plurality of second enterprise information CIB1-CIBm, and a plurality of corresponding second CA certificates CA_B1-CA_Bp. The second acquisition module 120 is also used to obtain a plurality of second ID information DIB1-DIBm of the second user. The information authentication module 130 is also configured to perform physical or digital authentication on the plurality of second identity information IDB1-IDBn and the plurality of second enterprise information CIB1-CIBm according to the plurality of second CA certificates CA_B1-CA_Bp to generate a plurality of second certificates. Authentication identity information aIDB1-aIDBn and plural second authenticated enterprise information aCIB1-aCIBm. The electronic private seal/signature generation module 140 is also configured to generate a second electronic private seal/signature EPS2 of the second user based on the plurality of second authenticated identity information aIDB1-aIDBn. The electronic official seal generation module 150 is also used to generate a second electronic official seal ECS2 of the second user based on the plurality of second authenticated identity information aIDB1-aIDBn and the plurality of second authenticated enterprise information aCIB1-aCIBm. After the second electronic private seal/signature EPS2, the second electronic official seal ECS2 and the plurality of second certificate information DIB1-DIBm pass the real-name authentication of the specific applet, the electronic certificate license generation module 160 displays the registration place where the enterprise is located and the All downloadable electronic certificate license records in the registration place are available for the second user to select. After the second user selects the company name, the State Administration for Market Regulation allows the second user to apply for downloading the original copy of the second electronic certificate license through a specific mini program. ECL_B.
值得注意的是,如果无法通过特定小程序的实名认证,则第一/第二用户需要到当地的市场监督部门下载电子证执照的正本。It is worth noting that if the real-name authentication of a specific mini program cannot be passed, the first/second user needs to download the original copy of the electronic certificate license from the local market supervision department.
请注意,上述复数个第一/第二身份信息IDA1-IDAn/IDB1-IDBn包括第一/第二用户的身份证信息、个人私章信息、个人签名信息、指纹、社保信息、电话、邮箱、生物特征信息、血型、基因测序结果、个人隐私特征信息数据、征信信息及/或个人照片信息,但此仅为范例说明,并非本发明的限制条件。再者,复数个第一/第二证件信息DIA1-DIAm/DIB1-DIBm包括户口本、房产证、身份证、社保、驾驶证、护照、职业资格证书,但本发明并不局限于此,其他类似的证件信息,亦属于本发明所涵盖的范畴。Please note that the plurality of first/second identity information IDA1-IDAn/IDB1-IDBn mentioned above include the first/second user’s ID card information, personal seal information, personal signature information, fingerprints, social security information, phone number, email address, Biometric information, blood type, gene sequencing results, personal privacy feature information, credit information and/or personal photo information, but this is only an example and is not a limitation of the present invention. Furthermore, the plurality of first/second certificate information DIA1-DIAm/DIB1-DIBm include household registration book, real estate certificate, ID card, social security, driver's license, passport, and professional qualification certificate, but the invention is not limited to this, and other Similar certificate information also falls within the scope of the present invention.
请再注意,复数个第一/第二企业信息CIA1-CIAm/CIB1-CIBm包括银行系统及/或政府系统授权第一/第二用户的电话号码、绑定银行账号、电子营业执照、税控信息、公章号、法人证件号、社会信用代码及/或电子证照号,但本发明并不局限于此,其他类似的企业信 息,亦属于本发明所涵盖的范畴。Please note again that the plurality of first/second company information CIA1-CIAm/CIB1-CIBm includes the phone number of the first/second user authorized by the banking system and/or the government system, bound bank account number, electronic business license, tax control Information, official seal number, legal person ID number, social credit code and/or electronic license number, but the present invention is not limited to this, other similar enterprise information Information also belongs to the scope covered by the present invention.
值得注意的是,此处的第一/第二电子私章/电子签名EPS1/EPS2属于一个广泛的概念,凡是能够辨识个人身份且具有法律效力的各种电子/数字格式的个人电子名章、电子签名、数字签名、指纹等电子签章模皆涵盖在内。此外,此处的第一/第二电子公章ECS1/ECS2属于一个广泛的概念,凡是能够代表企业且具有法律效力的各种电子/数字格式的公章、法人章、发票专用章、财务章、合同章等电子签章模皆涵盖在内。It is worth noting that the first/second electronic private seal/electronic signature EPS1/EPS2 here belongs to a broad concept, any personal electronic name seal in various electronic/digital formats that can identify an individual's identity and has legal effect. Electronic signatures, digital signatures, fingerprints and other electronic signature models are all covered. In addition, the first/second electronic official seal ECS1/ECS2 here belongs to a broad concept, any official seal, legal person seal, special invoice seal, financial seal, contract in various electronic/digital formats that can represent the enterprise and have legal effect. Electronic signature templates such as stamps are included.
在一个具体实施例中,电子证执照正副本生成模块160还用于根据第一电子证执照的正本ECL_A和第二电子证执照的正本ECL_B来生成第一电子证执照的副本ECL_A1和第二电子证执照的副本ECL_B1;如此一来,在第一用户获得授权后,允许第一用户通过第一电子私章/签名EPS1及第一电子公章ECS1来调用第一电子证执照的副本ECL_A1;而在第二用户获得授权后,允许第二用户通过所述第二电子私章/签名EPS2及第二电子公章ECS2来调用第二电子证执照的副本ECL_B1。In a specific embodiment, the electronic certificate license original and copy generating module 160 is also used to generate copies of the first electronic certificate license ECL_A1 and the second electronic certificate license based on the original ECL_A of the first electronic certificate license and the original ECL_B of the second electronic certificate license. A copy of the first electronic certificate license ECL_B1; in this way, after the first user is authorized, the first user is allowed to call the copy of the first electronic certificate license ECL_A1 through the first electronic private seal/signature EPS1 and the first electronic official seal ECS1; and in After the second user is authorized, the second user is allowed to call the copy ECL_B1 of the second electronic certificate license through the second electronic private seal/signature EPS2 and the second electronic official seal ECS2.
值得注意的是,此处的“第一/第二电子证执照的正本ECL_A/ECL_B”是指在CA证书、密钥通过特定小程序的实名认证后,国家市场监督管理部门允许企业主体通过特定小程序来申领下载正本,并统一存放在证执照中心库,企业主体不能私自拥有存放电子证执照的正本,要通过前置机服务器连接到证执照中心库才能下载使用电子证执照的正本;而“第一/第二电子证执照的副本ECL_A1/ECL_B”则可以由企业主体或者第三方提供可下发电子证执照的介质所生成,如此一来,既能符合法令规定,又能对企业主体的电子证执照与电子印章应用完成私有化布署,在保护企业主体的数据信息安全的同时,大大减轻了国家电子证执照中心库的应用带来的各种压力。It is worth noting that the "original ECL_A/ECL_B of the first/second electronic certificate license" here means that after the CA certificate and key pass the real-name authentication of a specific applet, the national market supervision and management department allows the enterprise entity to pass a specific Mini program to apply for downloaded originals and store them in the certificate and license central library. Enterprise entities cannot privately own the originals of electronic certificates and licenses. They must connect to the certificate and license central library through the front-end server to download and use the original electronic certificates and licenses; The "Copy of the First/Second Electronic Certificate License ECL_A1/ECL_B" can be generated by the enterprise or a third party providing a medium that can issue the electronic certificate license. In this way, it can not only comply with the legal provisions, but also be beneficial to the enterprise. The subject's electronic certificate license and electronic seal applications have been privatized, which not only protects the security of the enterprise's data information, but also greatly reduces the various pressures caused by the application of the national electronic certificate license central database.
请一并参考图1、图2和图3,电子证执照正副本认证装置10A/10B还包括多模块300。如图3所示,多模块300包括中央控制模块310,以及与中央控制模块310相连接的通信模块320、身份认证模块330、密钥模块340以及存储模块350。通信模块320用于实现第一/第二用户和外部服务器的通信;身份认证模块330用于对第一/第二用户输入的生物特征识别数据进行认证,并于认证通过后,对第一/第二用户进行授权;密钥模块340用于存储复数个密钥KEY1-KEYp,并根据复数个密钥KEY1-KEYp中相对应的密钥来对复数个第一/第二已认证身份信息aIDA1-aIDAn/aIDB1-aIDBn和复数个第一/第二已认证企业信息aCIA1-aCIAm/aCIB1-aCIBm进行加密,以生成复数个加密的第一/第二已认证身份信息eaIDA1-eaIDAn/eaIDB1-eaIDBn和复数个加密的第一/第二已认证企业信息eaCIA1-eaCIAm/eaCIB1-eaCIBm;存储模块350用于存储第一/第二用户的注册生物特征识别数据、复数个加密的第一/第二已认证身份信息eaIDA1-eaIDAn/eaIDB1-eaIDBn、复数个 加密的第一/第二已认证企业信息aCIA1-aCIAm/aCIB1-aCIBm、第一/第二电子私章/签名EPS1/EPS2和第一/第二电子公章ECS1/ECS2。中央控制模块310用于接收输入并控制其他模块320-350的操作,并在第一/第二用户获得授权后,允许第一/第二用户通过第一/第二电子私章/签名EPS1/EPS2及第一/第二电子公章ECS1/ECS2来调用第一/第二电子证执照的副本ECL_A1/ECL_B1。Please refer to Figure 1, Figure 2 and Figure 3 together. The device 10A/10B for authenticating original and duplicate electronic certificate licenses also includes a multi-module 300. As shown in Figure 3, the multi-module 300 includes a central control module 310, a communication module 320, an identity authentication module 330, a key module 340 and a storage module 350 connected to the central control module 310. The communication module 320 is used to implement communication between the first/second user and the external server; the identity authentication module 330 is used to authenticate the biometric identification data input by the first/second user, and after the authentication is passed, authenticate the first/second user. The second user authorizes; the key module 340 is used to store a plurality of keys KEY1-KEYp, and to verify a plurality of first/second authenticated identity information aIDA1 according to the corresponding keys in the plurality of keys KEY1-KEYp. -aIDAn/aIDB1-aIDBn and a plurality of first/second authenticated enterprise information aCIA1-aCIAm/aCIB1-aCIBm are encrypted to generate a plurality of encrypted first/second authenticated identity information eaIDA1-eaIDAn/eaIDB1-eaIDBn and a plurality of encrypted first/second authenticated enterprise information eaCIA1-eaCIAm/eaCIB1-eaCIBm; the storage module 350 is used to store the registered biometric data of the first/second user, a plurality of encrypted first/second Authenticated identity information eaIDA1-eaIDAn/eaIDB1-eaIDBn, plural Encrypted first/second certified enterprise information aCIA1-aCIAm/aCIB1-aCIBm, first/second electronic private seal/signature EPS1/EPS2 and first/second electronic official seal ECS1/ECS2. The central control module 310 is used to receive input and control the operations of other modules 320-350, and after the first/second user obtains authorization, allows the first/second user to pass the first/second electronic private seal/signature EPS1/ EPS2 and the first/second electronic official seal ECS1/ECS2 to call the copy ECL_A1/ECL_B1 of the first/second electronic certificate license.
进一步地,通信模块320可包括:3G通信模块、4G通信模块、5G通信模块、WIFI模块、NBIoT模块、蓝牙模块、NFC模块和红外模块中的至少一种;通信模块320支持IPV4和IPV6协议。Further, the communication module 320 may include: at least one of a 3G communication module, a 4G communication module, a 5G communication module, a WIFI module, an NBIoT module, a Bluetooth module, an NFC module and an infrared module; the communication module 320 supports IPV4 and IPV6 protocols.
请注意,上述的生物特征识别数据可包括指纹信息数据、虹膜信息数据及/或面部特征识别数据,或者任何可识别用户的生物特征数据。在实际的应用中,可采取其中一种或者多种的组合来进行安全辨识。Please note that the above-mentioned biometric data may include fingerprint information data, iris information data and/or facial feature recognition data, or any biometric data that can identify the user. In actual applications, one or a combination of more of them can be used for security identification.
本发明的电子证执照正副本认证装置10A/10B可以是一个可信认证的服务器系统,或者一个第三方认证平台系统,这个装置包括电子私章/签名、电子公章等各种证书密钥的认证、存储、管理、应用,它对应的是社会经交易任何一个部门或者平台系统,包括个人、家庭、中小微企业/个体工商户家庭、企业、社区、政府。The electronic certificate original and copy authentication device 10A/10B of the present invention can be a trusted authentication server system or a third-party authentication platform system. This device includes authentication of various certificate keys such as electronic private seals/signatures and electronic official seals. , storage, management, and application, which corresponds to any department or platform system of social economic transactions, including individuals, families, small and medium-sized enterprises/individual industrial and commercial households, enterprises, communities, and governments.
请参考图4,图4是本发明的电子证执照正副本认证装置10A/10B的一实际应用的示意图。首先,在图(4A)中,电子证执照正副本认证装置10A/10B会分别取得企业用户A、企业用户B、企业用户C的复数个身份信息、复数个企业信息、复数个证件信息以及相对应的复数个CA证书,并在一系列的认证与授权之后,分别生成企业用户A、企业用户B、企业用户C的电子证执照的正本ECL_A、ECL_B、ECL_C。接着,在图(4B)中,电子证执照正副本认证装置10A/10B会先根据企业用户A、企业用户B、企业用户C的电子证执照的正本ECL_A、ECL_B、ECL_C来生成电子证执照的副本ECL_A1、ECL_B1、ECL_C1。值得注意的是,在单密钥、单CA证书通过特定小程序的实名认证后,国家市场监督管理部门允许企业主体通过特定小程序来申领下载电子证执照的正本ECL_A、ECL_B、ECL_C,主要应用场景为区域政务环境的数字政务应用,无法适用于数字经济应用;而将电子证执照的副本ECL_A1、ECL_B1、ECL_C1的密钥、CA证书下发给市场主体,可以匹配电子印章来一起使用,更适合应用在各种数字经济应用环境中的数字经济应用。Please refer to FIG. 4 , which is a schematic diagram of a practical application of the electronic certificate original and copy authentication device 10A/10B of the present invention. First, in Figure (4A), the electronic certificate license authenticating device 10A/10B will respectively obtain a plurality of identity information, a plurality of enterprise information, a plurality of certificate information and related information of enterprise user A, enterprise user B and enterprise user C. Corresponding plural CA certificates, and after a series of authentication and authorization, the originals ECL_A, ECL_B, and ECL_C of the electronic certificate licenses of enterprise user A, enterprise user B, and enterprise user C are generated respectively. Next, in Figure (4B), the electronic certificate license original and copy authentication device 10A/10B will first generate an electronic certificate license based on the originals ECL_A, ECL_B, and ECL_C of the electronic certificate licenses of enterprise user A, enterprise user B, and enterprise user C. Copies ECL_A1, ECL_B1, ECL_C1. It is worth noting that after the single-key and single-CA certificate passes the real-name authentication of a specific applet, the state market supervision and administration department allows business entities to apply for downloading the originals of the electronic certificate license ECL_A, ECL_B, and ECL_C through the specific applet. Mainly The application scenario is digital government applications in the regional government environment, which cannot be applied to digital economy applications; and the keys and CA certificates of the electronic certificate license copies ECL_A1, ECL_B1, ECL_C1 are issued to market entities, and they can be used together with the electronic seal. It is more suitable for digital economic applications in various digital economic application environments.
举例来说,由于电子证执照的副本ECL_A1、ECL_B1是根据企业用户A、企业用户B、企业用户C的电子证执照的正本ECL_A、ECL_B、ECL_C来生成的,当企业用户A与企业用户B之间有合约Con_AB须签署时,则企业用户B会承认企业用户A提供的电子证执照的副本ECL_A1,企业用户A也会承认企业用户B提供的电子证执照的副本ECL_B1,彼此互 信互认。同理,企业用户C也会承认企业用户A提供的电子证执照的副本ECL_A1与企业用户B提供的电子证执照的副本ECL_B1。For example, since the copies of the electronic certificate licenses ECL_A1 and ECL_B1 are generated based on the originals ECL_A, ECL_B, and ECL_C of the electronic certificate licenses of enterprise user A, enterprise user B, and enterprise user C, when enterprise user A and enterprise user B When there is a contract Con_AB that needs to be signed, enterprise user B will recognize the copy of the electronic certificate license ECL_A1 provided by enterprise user A, and enterprise user A will also recognize the copy ECL_B1 of the electronic certificate license provided by enterprise user B. Mutual recognition of trust. In the same way, enterprise user C will also recognize the copy of the electronic certificate license ECL_A1 provided by enterprise user A and the copy ECL_B1 of the electronic certificate license provided by enterprise user B.
值得注意的是,本发明的电子证执照正副本认证装置10A/10B可由一个物电一体智能电子印章的智能安全芯片来实现,物电一体智能电子印章的智能安全芯片存储各种证书和密钥,例如:身份证信息、个人私章信息、个人签名信息、指纹、社保信息、户口本、驾驶证、护照、职业资格证书、电话、邮箱、生物特征信息、血型、基因测序结果、个人隐私特征信息数据、征信信息及/或个人照片信息等。智能安全芯片中还储存了各种企业信息,例如:银行系统及/或政府系统授权第一/第二用户的电话号码、绑定银行账号、电子营业执照、税控信息、公章号、法人证件号、社会信用代码及/或电子证照号。本发明的电子证执照正副本认证装置10A/10B可广泛应用于个人、企业的多证集约场景,一次认证,全网通办、一号多用、多证合一、证照集约、电子发票认证使用合同签订到开票付款密钥链记账一体化、电子签章、个人授信等办事场景。实现企业、个人电子证照等信息的集约、调用、认证、授权。用户能在确保数据私密性和安全性的前提下,共同富裕便民服务做到人人都是电商、家家都是企业,高效可靠地实现其社会政治、文化、经济活动的全面数字化。It is worth noting that the electronic certificate and license authenticating device 10A/10B of the present invention can be implemented by an intelligent security chip of an integrated physical and electrical intelligent electronic seal. The intelligent security chip of the integrated physical and electrical intelligent electronic seal stores various certificates and keys. , such as: ID card information, personal seal information, personal signature information, fingerprints, social security information, household register, driver's license, passport, professional qualification certificate, phone number, email address, biometric information, blood type, gene sequencing results, personal privacy characteristics Information data, credit information and/or personal photo information, etc. The smart security chip also stores various corporate information, such as: phone number of the first/second user authorized by the banking system and/or government system, bound bank account number, electronic business license, tax control information, official seal number, legal person certificate number, social credit code and/or electronic license number. The device for authenticating original and duplicate electronic certificates and licenses 10A/10B of the present invention can be widely used in multi-certificate intensive scenarios for individuals and enterprises, one-time authentication, all-network processing, one number for multiple uses, multiple certificates in one, centralized licenses, and electronic invoice authentication use contracts. Service scenarios such as key chain accounting integration from signing to invoicing, electronic signatures, and personal credit extension. Realize the concentration, transfer, authentication, and authorization of corporate and personal electronic certificates and other information. On the premise of ensuring data privacy and security, users can use common prosperity and convenient services to make everyone an e-commerce business and every household an enterprise, and realize the comprehensive digitization of their social, political, cultural, and economic activities efficiently and reliably.
此处的电子证执照属于一个广义的概念,凡是电子营业执照、电子证照、电子发票、电子票据开票联/存根联/报账联等有正本/副本及多联凭证皆涵盖在内,甚至是房产证、户口本、身份证等原先是纸质的电子证执照皆要变成电子的,且将正本、副本分开来。如此一来,能够体现正副本的孪生应用无论从合法性、安全性来看都是更好的。The electronic certificate license here is a broad concept, covering all electronic business licenses, electronic licenses, electronic invoices, electronic bill invoicing copies/stub copies/accounting statements, etc. with originals/copies and multiple vouchers, even real estate Certificates, household registers, ID cards, and other electronic certificates and licenses that were originally paper must be converted into electronic ones, and the originals and copies must be separated. In this way, twin applications that can reflect the original copy are better in terms of legality and security.
请一并参考图1、图2和图5,图5是本发明第一实施例中的一种电子证执照正副本认证方法的流程图。图5中的电子证执照正副本认证方法包括以下步骤:Please refer to Figures 1, 2 and 5 together. Figure 5 is a flow chart of a method for authenticating the original and copy of an electronic certificate license in the first embodiment of the present invention. The method for authenticating the original and copy of the electronic license in Figure 5 includes the following steps:
步骤S410:提供电子证执照正副本认证装置,包括第一撷取模块、第二撷取模块、信息认证模块、电子私章/签名生成模块、电子公章生成模块、电子证执照正副本生成模块。Step S410: Provide an electronic certificate and license original and copy authentication device, including a first acquisition module, a second acquisition module, an information authentication module, an electronic private seal/signature generation module, an electronic official seal generation module, and an electronic certificate and license original and copy generation module.
步骤S420:利用第一撷取模块来取得第一/第二用户的复数个第一/第二身份信息、复数个第一/第二企业信息以及相对应的复数个第一/第二CA证书。Step S420: Use the first retrieval module to obtain a plurality of first/second identity information, a plurality of first/second enterprise information, and a plurality of corresponding first/second CA certificates of the first/second user .
步骤S430:利用第二撷取模块来取得第一/第二用户的复数个第一/第二证件信息。Step S430: Use the second acquisition module to obtain a plurality of first/second ID information of the first/second user.
步骤S440:利用信息认证模块来根据复数个第一/第二CA证书对复数个第一/第二身份信息、复数个第一/第二企业信息进行实体或数字化认证,来生成复数个第一/第二已认证身份信息和复数个第一/第二已认证企业信息。Step S440: Use the information authentication module to perform physical or digital authentication on the plurality of first/second identity information and the plurality of first/second enterprise information based on the plurality of first/second CA certificates to generate a plurality of first /Second authenticated identity information and multiple first/second authenticated enterprise information.
步骤S450:利用电子私章/签名生成模块来根据复数个第一/第二已认证身份信息来生成第一/第二用户的第一/第二电子私章/签名。Step S450: Use the electronic private seal/signature generation module to generate the first/second electronic private seal/signature of the first/second user based on the plurality of first/second authenticated identity information.
步骤S460:利用电子公章生成模块来根据复数个第一/第二已认证身份信息和复数个第 一/第二已认证企业信息来生成第一/第二用户的第一/第二电子公章。Step S460: Use the electronic official seal generation module to generate the seal based on a plurality of first/second authenticated identity information and a plurality of third The first/second authenticated enterprise information is used to generate the first/second electronic official seal of the first/second user.
步骤S470:利用电子证执照正副本生成模块在第一/第二电子私章/签名、第一/第二电子公章和复数个第一/第二证件信息通过特定小程序的实名认证后,显示企业所在的登记地与该登记地的所有可下载电子证执照记录供第一/第二用户选择,并在第一/第二用户选择企业名称后,国家市场监督管理部门允许第一/第二用户通过特定小程序来申领下载第一/第二电子证执照的正本。Step S470: Use the electronic certificate license original and copy generation module to display the first/second electronic private seal/signature, the first/second electronic official seal and the plurality of first/second certificate information through the real-name authentication of the specific applet. The registration place where the enterprise is located and all the downloadable electronic certificate and license records of the registration place are available for the first/second user to select, and after the first/second user selects the enterprise name, the state market supervision and administration department allows the first/second user to Users can apply to download the original copy of the first/second electronic certificate license through a specific mini program.
请注意,步骤S420是由第一撷取模块110所执行,步骤S430是由第二撷取模块120所执行,步骤S440是由信息认证模块130所执行,步骤S450是由电子私章/签名生成模块140所执行,步骤S460是由电子公章生成模块150所执行,步骤S470是由电子证执照正副本生成模块160所执行。Please note that step S420 is executed by the first capture module 110, step S430 is executed by the second capture module 120, step S440 is executed by the information authentication module 130, and step S450 is generated by the electronic private seal/signature. The module 140 executes the step S460 by the electronic official seal generating module 150 and the step S470 by the electronic certificate and license original and copy generating module 160 .
请一并参考图2和图6,图6是本发明第二实施例中的一种电子证执照正副本认证方法的流程图。图6中的电子证执照正副本认证方法包括以下步骤:Please refer to FIG. 2 and FIG. 6 together. FIG. 6 is a flow chart of a method for authenticating the original and copy of an electronic certificate in the second embodiment of the present invention. The method for authenticating the original and copy of the electronic license in Figure 6 includes the following steps:
步骤S510:利用电子证执照正副本生成模块来根据第一电子证执照的正本和第二电子证执照的正本来生成第一电子证执照的副本和第二电子证执照的副本。Step S510: Use the electronic certificate license original and copy generating module to generate a copy of the first electronic certificate license and a copy of the second electronic certificate license based on the original of the first electronic certificate license and the original of the second electronic certificate license.
步骤S520:在第一用户获得授权后,允许第一用户通过第一电子私章/签名及第一电子公章来调用第一电子证执照的副本。Step S520: After the first user obtains authorization, the first user is allowed to call a copy of the first electronic certificate license through the first electronic private seal/signature and the first electronic official seal.
步骤S530:在第二用户获得授权后,允许第二用户通过第二电子私章/签名及第二电子公章来调用第二电子证执照的副本。Step S530: After the second user obtains authorization, the second user is allowed to call a copy of the second electronic certificate license through the second electronic private seal/signature and the second electronic official seal.
请注意,步骤S510是由电子证执照正副本生成模块160所执行。Please note that step S510 is executed by the electronic certificate license original and copy generating module 160.
本发明的电子证执照正副本认证装置将证书和密钥存储在物电一体智能电子印章的芯片中,而不是存储在公共平台,私密性强,安全性高。且所有的信息皆是以电子密钥的形式加以保存,再根据实际需求来调取使用,大大提升证书和密钥的安全性。与现有技术相比较,本发明提供的电子证执照正副本认证方法/装置,将电子证执照的正本、副本区分开来,正本由国家统一建库管理,副本则根据国家规定建立之后,交由用户自行保管与应用,不但合理合法合规,还可以减少系统性风险,对客户数据信息安全更有保障。此外,本发明的电子证执照正副本认证方法/装置,所生成的电子证执照的副本采用多密钥、多CA证书,可应用在各种数字经济应用环境中的数字经济应用,彼此互信互认,在实际应用时更为方便可靠。The device for authenticating original and duplicate electronic certificates and licenses of the present invention stores certificates and keys in the chip of an integrated intelligent electronic seal, instead of storing them on a public platform. It has strong privacy and high security. All information is stored in the form of electronic keys and can be retrieved and used according to actual needs, greatly improving the security of certificates and keys. Compared with the existing technology, the method/device for authenticating the original and copy of the electronic certificate license provided by the present invention distinguishes the original and the duplicate of the electronic certificate license. The original is managed by the state in a unified database, and the copy is created according to national regulations and handed over. It is kept and applied by users themselves, which is not only reasonable, legal and compliant, but can also reduce systemic risks and ensure the security of customer data and information. In addition, the method/device for authenticating the original and copy of the electronic certificate license of the present invention uses multi-key and multi-CA certificates to generate copies of the electronic certificate license, which can be applied to digital economic applications in various digital economic application environments and ensure mutual trust and mutual trust. recognition, which is more convenient and reliable in practical applications.
上述的本发明实施例可在各种硬件、软件编码或两者组合中进行实施。例如,本发明的实施例也可为在数据信号处理器(Digital Signal Processor,DSP)中执行上述方法的程序代码。本发明也可涉及计算机处理器、数字信号处理器、微处理器或现场可编程门阵列 (Field Programmable Gate Array,FPGA)执行的多种功能。可根据本发明配置上述处理器执行特定任务,其通过执行定义了本发明揭示的特定方法的机器可读软件代码或固件代码来完成。可将软件代码或固件代码发展为不同的程序语言与不同的格式或形式。也可为不同的目标平台编译软件代码。然而,根据本发明执行任务的软件代码与其他类型配置代码的不同代码样式、类型与语言不脱离本发明的精神与范围。The above-described embodiments of the present invention can be implemented in various hardware, software coding, or a combination of both. For example, the embodiment of the present invention may also be a program code for executing the above method in a digital signal processor (Digital Signal Processor, DSP). The invention may also relate to a computer processor, digital signal processor, microprocessor or field programmable gate array (Field Programmable Gate Array, FPGA) performs various functions. The processors described above may be configured in accordance with the present invention to perform specific tasks by executing machine-readable software code or firmware code that defines specific methods disclosed herein. Software code or firmware code can be developed into different programming languages and different formats or forms. Software code can also be compiled for different target platforms. However, different code styles, types, and languages of software code and other types of configuration code that perform tasks according to the invention do not depart from the spirit and scope of the invention.
借由以上的技术方案,本发明的有益效果如下:本发明的电子证执照正副本认证装置/方法,在单密钥、单CA证书通过特定小程序的实名认证后,国家市场监督管理部门允许企业主体通过特定小程序申领下载电子证执照的正本,将电子证执照的副本的密钥、CA证书下发给市场主体,可以匹配电子印章来一起使用,通过将电子证执照的正本、副本区分开来,除了可以适用于区域的数字政务应用(正本)之外,更可以适用于各种数字经济应用环境中的数字经济应用(副本),彼此互信互认,在实际应用时更为方便可靠。Through the above technical solution, the beneficial effects of the present invention are as follows: The device/method for authenticating the original and copy of the electronic certificate license of the present invention, after the single key and single CA certificate pass the real-name authentication of the specific applet, the national market supervision and administration department allows The enterprise entity applies to download the original copy of the electronic certificate license through a specific mini program, and issues the key and CA certificate of the copy of the electronic certificate license to the market entity, which can be used together with the electronic seal. By downloading the original copy of the electronic certificate license and the CA certificate To distinguish, in addition to being applicable to regional digital government applications (original), it can also be applied to digital economic applications (copies) in various digital economic application environments. There is mutual trust and mutual recognition, which is more convenient in practical applications. reliable.
本发明中应用了具体实施例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。 The present invention uses specific embodiments to illustrate the principles and implementation methods of the present invention. The description of the above embodiments is only used to help understand the method of the present invention and its core idea; at the same time, for those of ordinary skill in the art, based on this The idea of the invention will be subject to change in the specific implementation and scope of application. In summary, the contents of this description should not be understood as limiting the invention.

Claims (12)

  1. 一种电子证执照正副本认证装置,包括:A device for authenticating original and duplicate electronic certificates and licenses, including:
    一第一撷取模块,用于取得一第一用户的复数个第一身份信息、复数个第一企业信息以及相对应的复数个第一CA证书;A first retrieval module, used to obtain a plurality of first identity information, a plurality of first enterprise information, and a plurality of corresponding first CA certificates of a first user;
    一第二撷取模块,用于取得所述第一用户的复数个第一证件信息;a second retrieval module, used to obtain a plurality of first certificate information of the first user;
    一信息认证模块,耦接于所述第一撷取模块,用于根据所述复数个第一CA证书对所述复数个第一身份信息、所述复数个第一企业信息进行实体或数字化认证,来生成复数个第一已认证身份信息和复数个第一已认证企业信息;An information authentication module, coupled to the first acquisition module, used to perform physical or digital authentication on the plurality of first identity information and the plurality of first enterprise information according to the plurality of first CA certificates , to generate a plurality of first authenticated identity information and a plurality of first authenticated enterprise information;
    一电子私章/签名生成模块,耦接于所述信息认证模块,用于根据所述复数个第一已认证身份信息来生成所述第一用户的一第一电子私章/签名;An electronic private seal/signature generation module, coupled to the information authentication module, used to generate a first electronic private seal/signature of the first user based on the plurality of first authenticated identity information;
    一电子公章生成模块,耦接于所述信息认证模块,用于根据所述复数个第一已认证身份信息和所述复数个第一已认证企业信息来生成所述第一用户的一第一电子公章;以及An electronic official seal generation module, coupled to the information authentication module, used to generate a first user's first identity information based on the plurality of first authenticated identity information and the plurality of first authenticated enterprise information. Electronic official seal; and
    一电子证执照正副本生成模块,耦接于所述电子私章/签名生成模块、所述电子公章生成模块和所述第二撷取模块,在所述第一电子私章/签名、所述第一电子公章和所述复数个第一证件信息通过特定小程序的实名认证后,显示企业所在的登记地与该登记地的所有可下载电子证执照记录供所述第一用户选择,并在所述第一用户选择企业名称后,国家市场监督管理部门允许所述第一用户通过所述特定小程序来申领下载一第一电子证执照的正本。An electronic certificate license original and copy generating module, coupled to the electronic private seal/signature generating module, the electronic official seal generating module and the second acquisition module, in the first electronic private seal/signature, the After the first electronic official seal and the plurality of first certificate information pass the real-name authentication of the specific applet, the registration place where the enterprise is located and all the downloadable electronic certificate license records of the registration place are displayed for the first user to select, and in After the first user selects a company name, the state market supervision and administration department allows the first user to apply for downloading the original copy of the first electronic certificate license through the specific applet.
  2. 如权利要求1所述的电子证执照正副本认证装置,其特征在于:The device for authenticating original and duplicate electronic certificates and licenses as claimed in claim 1, characterized in that:
    所述第一撷取模块还用于取得取得一第二用户的复数个第二身份信息、复数个第二企业信息以及相对应的复数个第二CA证书;The first retrieval module is also used to obtain a plurality of second identity information, a plurality of second enterprise information, and a plurality of corresponding second CA certificates of a second user;
    所述第二撷取模块还用于取得所述第二用户的复数个第二证件信息;The second retrieval module is also used to obtain a plurality of second certificate information of the second user;
    所述信息认证模块还用于根据所述复数个第二CA证书对所述复数个第二身份信息、所述复数个第二企业信息进行实体或数字化认证,来生成复数个第二已认证身份信息和复数个第二已认证企业信息;The information authentication module is also configured to perform physical or digital authentication on the plurality of second identity information and the plurality of second enterprise information according to the plurality of second CA certificates to generate a plurality of second authenticated identities. Information and plural second certified enterprise information;
    所述电子私章/签名生成模块还用于根据所述复数个第二已认证身份信息来生成所述第二用户的一第二电子私章/签名;The electronic private seal/signature generation module is also configured to generate a second electronic private seal/signature of the second user based on the plurality of second authenticated identity information;
    所述电子公章生成模块还用于根据所述复数个第二已认证身份信息和所述复数个第二已认证企业信息来生成所述第二用户的一第二电子公章;以及 The electronic official seal generation module is also configured to generate a second electronic official seal of the second user based on the plurality of second authenticated identity information and the plurality of second authenticated enterprise information; and
    所述电子证执照正副本生成模块在所述第二电子私章/签名、所述第二电子公章和所述复数个第二证件信息通过特定小程序的实名认证后,显示企业所在的登记地与该登记地的所有可下载电子证执照记录供所述第二用户选择,并在所述第二用户选择企业名称后,国家市场监督管理部门允许所述第二用户通过所述特定小程序来申领下载一第二电子证执照的正本。The electronic certificate license original and copy generating module displays the registration place of the enterprise after the second electronic private seal/signature, the second electronic official seal and the plurality of second certificate information pass the real-name authentication of the specific applet. All downloadable electronic certificate license records related to the registration place are available for the second user to select, and after the second user selects the enterprise name, the State Market Supervision and Administration Department allows the second user to use the specific applet to select Apply to download the original copy of the second electronic certificate.
  3. 如权利要求2所述的电子证执照正副本认证装置,其特征在于:The device for authenticating original and duplicate electronic certificates and licenses as claimed in claim 2, characterized in that:
    所述电子证执照正副本生成模块还用于根据所述第一电子证执照的正本和所述第二电子证执照的正本来生成所述第一电子证执照的副本和所述第二电子证执照的副本;The electronic certificate license original and copy generating module is also configured to generate a copy of the first electronic certificate license and the second electronic certificate based on the original of the first electronic certificate license and the original of the second electronic certificate license. A copy of the license;
    其中,在所述第一用户获得授权后,允许所述第一用户通过所述第一电子私章/签名及所述第一电子公章来调用所述第一电子证执照的副本;Wherein, after the first user is authorized, the first user is allowed to call a copy of the first electronic certificate license through the first electronic private seal/signature and the first electronic official seal;
    其中,在所述第二用户获得授权后,允许所述第二用户通过所述第二电子私章/签名及所述第二电子公章来调用所述第二电子证执照的副本。Wherein, after the second user is authorized, the second user is allowed to call a copy of the second electronic certificate license through the second electronic private seal/signature and the second electronic official seal.
  4. 如权利要求2所述的电子证执照正副本认证装置,其特征在于,所述复数个第一/第二企业信息包括银行系统及/或政府系统授权所述第一/第二用户的电话号码、绑定银行账号、电子营业执照、税控信息、公章号、法人证件号、社会信用代码及/或电子证照号。The device for authenticating original and duplicate electronic certificate licenses according to claim 2, wherein the plurality of first/second enterprise information includes phone numbers of the first/second users authorized by a banking system and/or a government system. , bind bank account number, electronic business license, tax control information, official seal number, legal person ID number, social credit code and/or electronic license number.
  5. 如权利要求2所述的电子证执照正副本认证装置,其特征在于,所述复数个第一/第二身份信息包括所述第一/第二用户的身份证信息、个人私章信息、个人签名信息、指纹、社保信息、电话、邮箱、生物特征信息、血型、基因测序结果、个人隐私特征信息数据、征信信息及/或个人照片信息。The device for authenticating original and duplicate electronic certificate licenses according to claim 2, wherein the plurality of first/second identity information includes the first/second user's ID card information, personal seal information, personal seal information, and personal seal information. Signature information, fingerprints, social security information, phone number, email address, biometric information, blood type, gene sequencing results, personal privacy feature information, credit information and/or personal photo information.
  6. 如权利要求2所述的电子证执照正副本认证装置,其特征在于,所述复数个第一/第二证件信息包括户口本、房产证、身份证、社保、驾驶证、护照、职业资格证书。The device for authenticating original and duplicate electronic certificates and licenses according to claim 2, wherein the plurality of first/second certificate information includes household register, real estate certificate, ID card, social security, driver's license, passport, and professional qualification certificate. .
  7. 如权利要求3所述的电子证执照正副本认证装置,其特征在于:The device for authenticating original and duplicate electronic certificates and licenses as claimed in claim 3, characterized in that:
    所述第一/第二电子证执照的正本采用单密钥、单CA证书;The original of the first/second electronic certificate license adopts a single key and single CA certificate;
    所述第一/第二电子证执照的副本采用多密钥、多CA证书。The copies of the first/second electronic certificate license adopt multi-key and multi-CA certificates.
  8. 如权利要求3所述的电子证执照正副本认证装置,其特征在于,还包括一多模块,所述多模块包括:The device for authenticating original and duplicate electronic certificates as claimed in claim 3, further comprising a multi-module, and the multi-module includes:
    一中央控制模块,以及与所述中央控制模块相连接的一通信模块、一身份认证模块、一密钥模块以及一存储模块;A central control module, and a communication module, an identity authentication module, a key module and a storage module connected to the central control module;
    所述通信模块,用于实现所述第一/第二用户和外部服务器的通信;The communication module is used to implement communication between the first/second user and the external server;
    所述身份认证模块,用于对所述第一/第二用户输入的生物特征识别数据进行认证,并于认证通过后,对所述第一/第二用户进行授权; The identity authentication module is used to authenticate the biometric identification data input by the first/second user, and authorize the first/second user after passing the authentication;
    所述密钥模块,用于存储复数个密钥,并根据所述复数个密钥中相对应的密钥来对所述复数个第一/第二已认证身份信息和所述复数个第一/第二已认证企业信息进行加密,以生成复数个加密的第一/第二已认证身份信息和复数个加密的第一/第二已认证企业信息;The key module is used to store a plurality of keys, and to compare the plurality of first/second authenticated identity information and the plurality of first keys according to the corresponding keys among the plurality of keys. /Second authenticated enterprise information is encrypted to generate a plurality of encrypted first/second authenticated identity information and a plurality of encrypted first/second authenticated enterprise information;
    所述存储模块,用于存储所述第一/第二用户的注册生物特征识别数据、所述复数个加密的第一/第二已认证身份信息、所述复数个加密的第一/第二已认证企业信息、所述第一/第二电子私章/签名和所述第一/第二电子公章;以及The storage module is used to store the registered biometric identification data of the first/second user, the plurality of encrypted first/second authenticated identity information, and the plurality of encrypted first/second authenticated identity information. Certified enterprise information, the first/second electronic private seal/signature and the first/second electronic official seal; and
    所述中央控制模块,用于接收输入并控制其他模块的操作,并在所述第一/第二用户获得授权后,允许所述第一/第二用户通过所述第一/第二电子私章/签名及所述第一/第二电子公章来调用所述第一/第二电子证执照的副本。The central control module is used to receive input and control the operations of other modules, and after the first/second user obtains authorization, allows the first/second user to pass the first/second electronic private seal/signature and the first/second electronic official seal to call a copy of the first/second electronic certificate license.
  9. 一种电子证执照正副本认证方法,包括以下步骤:A method for authenticating original and duplicate electronic certificates and licenses, including the following steps:
    提供一电子证执照正副本认证装置,包括一第一撷取模块、一第二撷取模块、一信息认证模块、一电子私章/签名生成模块、一电子公章生成模块、一电子证执照正副本生成模块;An electronic certificate and license authenticating device is provided, including a first acquisition module, a second acquisition module, an information authentication module, an electronic private seal/signature generation module, an electronic official seal generation module, and an electronic certificate and license authenticator. Replica generation module;
    利用所述第一撷取模块来取得一第一用户的复数个第一身份信息、复数个第一企业信息以及相对应的复数个第一CA证书;Utilize the first retrieval module to obtain a plurality of first identity information, a plurality of first enterprise information, and a plurality of corresponding first CA certificates of a first user;
    利用所述第二撷取模块来取得所述第一用户的复数个第一证件信息;Utilize the second acquisition module to obtain a plurality of first certificate information of the first user;
    利用所述信息认证模块来根据所述复数个第一CA证书对所述复数个第一身份信息、所述复数个第一企业信息进行实体或数字化认证,来生成复数个第一已认证身份信息和复数个第一已认证企业信息;Utilize the information authentication module to perform physical or digital authentication on the plurality of first identity information and the plurality of first enterprise information based on the plurality of first CA certificates to generate a plurality of first authenticated identity information. and multiple first certified enterprise information;
    利用所述电子私章/签名生成模块来根据所述复数个第一已认证身份信息来生成所述第一用户的一第一电子私章/签名;Utilize the electronic private seal/signature generation module to generate a first electronic private seal/signature of the first user based on the plurality of first authenticated identity information;
    利用所述电子公章生成模块来根据所述复数个第一已认证身份信息和所述复数个第一已认证企业信息来生成所述第一用户的一第一电子公章;以及Utilize the electronic official seal generation module to generate a first electronic official seal of the first user based on the plurality of first authenticated identity information and the plurality of first authenticated enterprise information; and
    利用所述电子证执照正副本生成模块在所述第一电子私章/签名、所述第一电子公章和所述复数个第一证件信息通过特定小程序的实名认证后,显示企业所在的登记地与该登记地的所有可下载电子证执照记录供所述第一用户选择,并在所述第一用户选择企业名称后,国家市场监督管理部门允许所述第一用户通过所述特定小程序来申领下载一第一电子证执照的正本。Use the electronic certificate license original and copy generating module to display the registration of the enterprise after the first electronic private seal/signature, the first electronic official seal and the plurality of first certificate information pass the real-name authentication of the specific applet. All downloadable electronic certificate license records in the registration place are available for the first user to select, and after the first user selects the company name, the national market supervision and administration department allows the first user to pass the specific applet. Come and apply to download the original copy of the First Electronic Certificate.
  10. 如权利要求9所述的电子证执照正副本认证方法,该方法还包括以下步骤:The method for authenticating the original and duplicate of an electronic certificate license as claimed in claim 9, further comprising the following steps:
    利用所述第一撷取模块来取得取得一第二用户的复数个第二身份信息、复数个第二企业信息以及相对应的复数个第二CA证书; Utilize the first retrieval module to obtain a plurality of second identity information, a plurality of second enterprise information, and a plurality of corresponding second CA certificates of a second user;
    利用所述第二撷取模块来取得所述第二用户的复数个第二证件信息;Utilize the second retrieval module to obtain a plurality of second certificate information of the second user;
    利用所述信息认证模块来根据所述复数个第二CA证书对所述复数个第二身份信息、所述复数个第二企业信息进行实体或数字化认证,来生成复数个第二已认证身份信息和复数个第二已认证企业信息;Utilize the information authentication module to perform physical or digital authentication on the plurality of second identity information and the plurality of second enterprise information based on the plurality of second CA certificates to generate a plurality of second authenticated identity information. and multiple second certified enterprise information;
    利用所述电子私章/签名生成模块来根据所述复数个第二已认证身份信息来生成所述第二用户的一第二电子私章/签名;Utilize the electronic private seal/signature generation module to generate a second electronic private seal/signature of the second user based on the plurality of second authenticated identity information;
    利用所述电子公章生成模块来根据所述复数个第二已认证身份信息和所述复数个第二已认证企业信息来生成所述第二用户的一第二电子公章;以及Utilize the electronic official seal generation module to generate a second electronic official seal of the second user based on the plurality of second authenticated identity information and the plurality of second authenticated enterprise information; and
    利用所述电子证执照正副本生成模块在所述第二电子私章/签名、所述第二电子公章和所述复数个第二证件信息通过特定小程序的实名认证后,显示企业所在的登记地与该登记地的所有可下载电子证执照记录供所述第二用户选择,并在所述第二用户选择企业名称后,国家市场监督管理部门允许所述第二用户通过所述特定小程序来申领下载一第二电子证执照的正本。The electronic certificate license original and copy generating module is used to display the registration of the enterprise after the second electronic private seal/signature, the second electronic official seal and the plurality of second certificate information pass the real-name authentication of the specific applet. All downloadable electronic certificate license records in the registration place are available for the second user to select, and after the second user selects the company name, the national market supervision and administration department allows the second user to pass the specific applet. Come and apply to download the original copy of the second electronic certificate.
  11. 如权利要求10所述的电子证执照正副本认证方法,该方法还包括以下步骤:The method for authenticating the original and duplicate of an electronic certificate license as claimed in claim 10, which further includes the following steps:
    利用所述电子证执照正副本生成模块来根据所述第一电子证执照的正本和所述第二电子证执照的正本来生成所述第一电子证执照的副本和所述第二电子证执照的副本;Utilize the electronic certificate license original and copy generating module to generate a copy of the first electronic certificate license and the second electronic certificate license based on the original of the first electronic certificate license and the original of the second electronic certificate license. a copy of;
    在所述第一用户获得授权后,允许所述第一用户通过所述第一电子私章/签名及所述第一电子公章来调用所述第一电子证执照的副本;After the first user is authorized, the first user is allowed to call a copy of the first electronic certificate license through the first electronic private seal/signature and the first electronic official seal;
    在所述第二用户获得授权后,允许所述第二用户通过所述第二电子私章/签名及所述第二电子公章来调用所述第二电子证执照的副本。After the second user is authorized, the second user is allowed to call a copy of the second electronic certificate license through the second electronic private seal/signature and the second electronic official seal.
  12. 如权利要求11所述的电子证执照正副本认证方法,其特征在于,该方法还包括以下步骤:The method for authenticating the original and duplicate of an electronic license as claimed in claim 11, characterized in that the method further includes the following steps:
    提供一多模块,所述多模块包括一中央控制模块,以及与所述中央控制模块相连接的一通信模块、一身份认证模块、一密钥模块以及一存储模块;Provide a multi-module, the multi-module includes a central control module, and a communication module, an identity authentication module, a key module and a storage module connected to the central control module;
    利用所述通信模块来实现所述第一/第二用户和外部服务器的通信;Utilize the communication module to implement communication between the first/second user and the external server;
    利用所述身份认证模块来对所述第一/第二用户输入的生物特征识别数据进行认证,并于认证通过后,对所述第一/第二用户进行授权;Use the identity authentication module to authenticate the biometric identification data input by the first/second user, and authorize the first/second user after passing the authentication;
    利用所述密钥模块来存储复数个密钥,并根据所述复数个密钥中相对应的密钥来对所述复数个第一/第二已认证身份信息和所述复数个第一/第二已认证企业信息进行加密,以生成复数个加密的第一/第二已认证身份信息和复数个加密的第一/第二已认证企业信息;The key module is used to store a plurality of keys, and the plurality of first/second authenticated identity information and the plurality of first/second authenticated identity information are stored according to corresponding keys among the plurality of keys. The second authenticated enterprise information is encrypted to generate a plurality of encrypted first/second authenticated identity information and a plurality of encrypted first/second authenticated enterprise information;
    利用所述存储模块来存储所述第一/第二用户的注册生物特征识别数据、所述复数个加 密的第一/第二已认证身份信息、所述复数个加密的第一/第二已认证企业信息、所述第一/第二电子私章/签名和所述第一/第二电子公章;以及The storage module is used to store the registered biometric identification data of the first/second user, the plurality of added The encrypted first/second authenticated identity information, the plurality of encrypted first/second authenticated enterprise information, the first/second electronic private seal/signature and the first/second electronic official seal ;as well as
    利用所述中央控制模块来接收输入并控制其他模块的操作,并在所述第一/第二用户获得授权后,允许所述第一/第二用户通过所述第一/第二电子私章/签名及所述第一/第二电子公章来调用所述第一/第二电子证执照的副本。 The central control module is used to receive input and control the operations of other modules, and after the first/second user is authorized, the first/second user is allowed to pass the first/second electronic private seal /Signature and the first/second electronic official seal to call a copy of the first/second electronic certificate license.
PCT/CN2023/081779 2022-04-06 2023-03-16 Authentication apparatus and method for original of and copy of electronic certificate license WO2023193585A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210378445.8A CN114840833A (en) 2022-04-06 2022-04-06 Device and method for authenticating positive copy of electronic certificate
CN202210378445.8 2022-04-06

Publications (1)

Publication Number Publication Date
WO2023193585A1 true WO2023193585A1 (en) 2023-10-12

Family

ID=82564043

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/081779 WO2023193585A1 (en) 2022-04-06 2023-03-16 Authentication apparatus and method for original of and copy of electronic certificate license

Country Status (2)

Country Link
CN (1) CN114840833A (en)
WO (1) WO2023193585A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114840833A (en) * 2022-04-06 2022-08-02 胡金钱 Device and method for authenticating positive copy of electronic certificate

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005010301A (en) * 2003-06-17 2005-01-13 Ricoh Co Ltd Electronic certificate, authentication method and authentication program
CN107317806A (en) * 2017-06-20 2017-11-03 上海浩霖汇信息科技有限公司 A kind of electronics license application copy securely generates method and device
CN109684801A (en) * 2018-11-16 2019-04-26 阿里巴巴集团控股有限公司 The generation of electronic certificate is signed and issued and verification method and device
CN111368324A (en) * 2018-12-25 2020-07-03 北京思源政通科技集团有限公司 Credible electronic license platform system based on block chain and authentication method thereof
CN113411184A (en) * 2021-05-31 2021-09-17 胡金钱 Integrated management terminal device and integrated management method
CN114840833A (en) * 2022-04-06 2022-08-02 胡金钱 Device and method for authenticating positive copy of electronic certificate

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005010301A (en) * 2003-06-17 2005-01-13 Ricoh Co Ltd Electronic certificate, authentication method and authentication program
CN107317806A (en) * 2017-06-20 2017-11-03 上海浩霖汇信息科技有限公司 A kind of electronics license application copy securely generates method and device
CN109684801A (en) * 2018-11-16 2019-04-26 阿里巴巴集团控股有限公司 The generation of electronic certificate is signed and issued and verification method and device
CN111368324A (en) * 2018-12-25 2020-07-03 北京思源政通科技集团有限公司 Credible electronic license platform system based on block chain and authentication method thereof
CN113411184A (en) * 2021-05-31 2021-09-17 胡金钱 Integrated management terminal device and integrated management method
CN114840833A (en) * 2022-04-06 2022-08-02 胡金钱 Device and method for authenticating positive copy of electronic certificate

Also Published As

Publication number Publication date
CN114840833A (en) 2022-08-02

Similar Documents

Publication Publication Date Title
US20220052852A1 (en) Secure biometric authentication using electronic identity
US20230246842A1 (en) Compact recordation protocol
CN111201752A (en) Data verification system based on Hash
CN108540449B (en) Intelligent seal control method and system and computer storage medium
WO2020073491A1 (en) Blockchain-based supply chain payment method, payment collection method, device, apparatus, and medium
CN113853775A (en) Credential verification and issuance by a credential service provider
TW202021307A (en) Cross-block chain interaction method and system, computer device, and storage medium
AU2014279915B2 (en) System and method for encryption
CN101651675A (en) Method and system for enhancing security of network transactions
CN110992053B (en) Secure payment system and method based on finger vein recognition and blockchain technology
WO2022228106A1 (en) Enterprise number and enterprise code management method, and enterprise number and enterprise code management terminal apparatus
US20240080208A1 (en) Blockchain application method and blockchain application terminal apparatus
US11740817B2 (en) Modular data processing and storage system
WO2023193585A1 (en) Authentication apparatus and method for original of and copy of electronic certificate license
WO2023174091A1 (en) Home-based business startup pre-authentication apparatus and home-based business startup pre-authentication method
WO2023130862A1 (en) Digital asset management terminal device and digital asset management method
CA3121338A1 (en) System and method for identity creation and assertion
US11971929B2 (en) Secure signing method, device and system
CN113868618B (en) Multi-code collaborative fusion and authentication system based on multiple two-dimensional code standards
CN109583977A (en) A kind of certificate chain house pre-sale permit electronics license system and its application method
CN111222105A (en) Network mapping certificate issuing method
US11681787B1 (en) Ownership validation for cryptographic asset contracts using irreversibly transformed identity tokens
US20240127242A1 (en) Methods and systems for processing customer-initiated payment transactions
CN118282700A (en) Global data right-confirming authorization root message system and global data right-confirming authorization method
EP3884611A1 (en) Method and system for providing a tamper proof record chain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23784149

Country of ref document: EP

Kind code of ref document: A1