The digital signature and encryption technologies based on public key algorithms provide theoretical basis and technical feasibility for solving the above problems, the promulgation and implementation of the Electronic Signature Law of the People's Republic of China provide a legal basis for the use of digital signatures, so that digital signatures have the same legal force as traditional manual signatures and seals. Digital certificates are issued by an authoritative and impartial CA center and are proof of identity of network users. Using digital certificates, combined with digital signatures, digital envelopes, and other cryptographic technologies, you can achieve identity authentication for finance and taxation departments and online tax return enterprises, ensure the authenticity, integrity, confidentiality and non-repudiation of information transmitted over the network.
Application domain
Industry and Commerce Tax
Internal content
The current online tax processing platform in the domestic tax industry has been successfully applied for several years. Many enterprises and merchants use the electronic tax processing platform to perform tax processing, which greatly improves the efficiency of both parties, it is well received by taxpayers and tax cadres.
Due to the increasing maturity of Internet applications, information security issues have become increasingly prominent in various business systems. Many electronic tax systems have certain risks and risks. With the in-depth promotion of the system and the constant expansion of the number of users, these problems are particularly prominent. Generally, there are two main problems:
1. network security issues
Most online tax processing systems adopt the B/S mode, and the user authentication mechanism adopts the user name/Password
Code mechanism. Any taxpayer can access this system on any host in the world that can access the Internet. Using the traditional user name/password verification mechanism, the system is highly likely to be infiltrated by illegal users. At the same time, due to the low level of computer use by the majority of taxpayers, the network security awareness is very low, the initial password of the vast majority of taxpayers for online tax processing has never been changed.
2. Paper reports
Because the electronic declaration data submitted by taxpayers to the tax authority through the online tax processing system has no legal force, only paper declaration forms stamped with the company seal can be used as legal certificates. Therefore, after the taxpayer submits electronic data to the tax authority and successfully declares the data, the taxpayer still needs to print the paper declaration form and stamp it with the company seal and send it to the tax authority. After receiving the taxpayer's paper declaration form, the tax authority should check whether the data is consistent with the electronic data. If tax officers neglect to accept inconsistent paper declaration forms, this poses a great risk. At the same time, the workload of data verification is huge, which also reduces the efficiency of tax cadres.
The digital signature authentication system consists of browser signature control, signature authentication server, and web-based signature authentication management system.
The client browser signature control is in the form of ActiveX Control (), which is automatically downloaded and installed when the system is used for the first time. If Automatic download and installation fail, you can manually download and install the client control program.
The client signature control is automatically called in the form of browser plug-ins, or can be called in script mode, mainly to complete the following functions:
2. Signature of the login authentication request
2. Sign form data items on the webpage
2. Sign the content of the data file uploaded on the webpage.
2. Verify the signature of the data file downloaded from the server.
And authentication business process
The signature authentication server works with the EJB server and is connected to the certificate database. It mainly performs the following functions:
2. Authentication of user login requests
2. Sign the generated tax return data file
2. Verify the signature in the Data File Uploaded by the user
Shows the authentication business process of the signature authentication server:
(1) receive the authentication request data submitted by the EJB server;
(2) obtain data, data signatures, and user digital certificates from the authentication request data, and verify whether the user certificate is issued by a supported CA Based on the configured CA root certificate, whether it is within the validity period;
(3) query the status of the corresponding certificate in the certificate database and check whether the user certificate has been voided;
(4) use the user certificate to verify the user signature of the data, and use the certificate of the tax department to verify the signature;
(5) The data, Data signature and the corresponding signature certificate serial number that have been verified are stored in the Business Database of the EJB server's tax return system;
The web-based signature verification management system provides Web-based historical data query and signature verification functions. The business process is as follows:
(1) query historical data and signatures;
(2) Search for the user certificate in the certificate database based on the serial number of the signed certificate and the ca id that issues the certificate;
(3) Use the user certificate to verify the signature;
The business system uses API calls to communicate with the signature authentication server. The following APIs are provided:
A J2EE program that provides a jar package;
Delphi and other programs that provide COM component calls.
Technical Route
The digital signature security authentication system is used as the security guard for online tax return services, providing targeted security protection for the tax handling system, technically, it establishes a mechanism of mutual trust between the tax authority and the tax payer, and complies with the legal logic. In general, it has the following features:
(1) correctly identify tax return users in digital Spaces
(2) ensure that sensitive data transmitted over the network is not tampered
(3) keep business data transmitted over the public network confidential
(4) the business activities of both parties are undeniable.