CN102333077A

CN102333077A - Safety verification system for electronic document office system and method thereof

Info

Publication number: CN102333077A
Application number: CN201110205728A
Authority: CN
Inventors: 吴卫平
Original assignee: SHANGHAI INTERNET SODTWARE CO Ltd
Current assignee: SHANGHAI INTERNET SODTWARE CO Ltd
Priority date: 2011-07-21
Filing date: 2011-07-21
Publication date: 2012-01-25

Abstract

The invention discloses a safety verification system for an electronic document office system and a method thereof. The safety verification system comprises: a safety authentication center, which is used for issuing, revoking and recovering a digital certificate and an electronic signature for a user; an electronic signature subsystem, which is connected with a safety authentication center and an official document exchange subsystem and is used for obtaining an encrypted electronic signature provided by the safety authentication center and authorizing the encrypted electronic signature to a corresponded electronic signature client; and the electronic signature client, which is connected with the electronic signature subsystem and the official document exchange subsystem as well as is used for obtaining the obtained encrypted electronic signature authorized by the electronic signature subsystem and setting an electronic signature for a file that needs a signature when the file is processed. Besides, the electronic signature set by the electronic signature client is verified by the safety authentication center and the electronic signature client. According to the invention, the safety verification system for the electronic document office system and the method thereof enable safety of the system to be improved.

Description

The security authentication systems of electronic government documents office system and method

Technical field

The invention belongs to the E-Government technical field, relate to a kind of security authentication systems, relate in particular to a kind of security authentication systems of electronic government documents office system; Simultaneously, the invention still further relates to the safe verification method of above-mentioned security authentication systems.

Background technology

Since the nineties in 20th century, E-Government produced, had much about the definition of E-Government, and brought in constant renewal in along with the development of putting into practice.E-Government becomes one of informationalized most important field in the present age as the combination of electronic information technology and management.So-called E-Government; Use the present information and the communication technology exactly; Carry out integrated through network technology management and service; Realize the optimization reorganization of institutional framework and workflow on the internet, surmount the separation restriction between time and space and the department, high-quality and omnibearing, standard are provided and management and service transparent, that meet international level to society.

Go deep into along with what the government affairs information system promoted, the electronic government affairs system data volume is increasing, application function more and more, range of application is more and more wider, and platform stable property, reliability are just more and more important.

Yet existing E-government Platform is normally separate, like the office department of district level oneself E-government Platform is arranged all, and the E-government Platform of all departments does not connect each other.Yet under a lot of situation, some projects (like administrative permission etc.) need the participation of a plurality of departments, because not the linking to each other mutually of all departments' E-Government, existing work efficiency is low.

In addition, existing electronic government documents office system is not provided with electronic signature functionality, and official document is distorted easily, and can not leave a trace.

Summary of the invention

Technical problem to be solved by this invention is: a kind of security authentication systems of electronic government documents office system is provided, can improves the fail safe of system.

In addition, the present invention also provides a kind of safe verification method of electronic government documents office system, can improve the fail safe of system.

For solving the problems of the technologies described above, the present invention adopts following technical scheme:

A kind of security authentication systems of electronic government documents office system, said electronic government documents office system comprise that official document handles the open subsystem of subsystem, official document switching subsystem, official document directory subsystem, document information; The open subsystem of document information, official document directory subsystem, official document switching subsystem, official document are handled subsystem and are connected successively;

Said official document is handled the subsystem that subsystem has respectively for terminal all departments simultaneously; The support of the personalization of the service of using being made by oneself function is provided by cloud computing; All departments all are provided with the official document of one's own customization and handle subsystem, and official document is handled the effect that subsystem has played multiterminal access deal with data;

Said official document switching subsystem is handled subsystem in order to connect all official documents, and the platform action of the regional swap data of official document is provided;

Said official document directory subsystem obtains the information of DOC DATA in order to the data-transformation facility through the official document switching subsystem, makes the effect that the document information data of accomplishing mission have had concentrated filing to put on record;

The open subsystem of said document information needing to realize the function of public information to the issue of outer net website in order to obtain data from the official document directory subsystem through screening;

Said security authentication systems comprises:

Security authentication center is with thinking that the user provides, cancels, recovers digital certificate and Electronic Signature;

The Electronic Signature subsystem is connected with security authentication center, official document switching subsystem, in order to obtaining the encrypted electronic stamped signature that provides from security authentication center, and with the corresponding Electronic Signature client of encrypted electronic stamped signature mandate;

The Electronic Signature client is connected with Electronic Signature subsystem, official document switching subsystem, in order to obtaining the encrypted electronic stamped signature that obtains from the mandate of Electronic Signature subsystem, and when handling file, the file that needs stamped signature is set Electronic Signature;

The Electronic Signature that the Electronic Signature client is set is by security authentication center, Electronic Signature client validation.

As a kind of preferred version of the present invention, the process that said Electronic Signature client is set Electronic Signature is following:

The user is right through the key that its Electronic Signature client at first produces oneself, sends public keys and part personally identifiable information to security authentication center;

Security authentication center will be carried out necessary step after examining identity, sent by respective user really to be sure of request;

Security authentication center will be issued Electronic Signature of user through the Electronic Signature subsystem, comprise user's personal information and his public key information in this Electronic Signature, also have the signing messages of security authentication center simultaneously;

The comings and goings that the user uses the Electronic Signature of oneself to be correlated with.

As a kind of preferred version of the present invention, said security authentication systems further comprises the USB encrypting module.

As a kind of preferred version of the present invention; Said security authentication systems further comprises the digital certificates system; The Verification System of perfect electronics CA certificate is set up in deployment according to the management mode of electronic government documents and business characteristic, electronic government documents office system; The RA of registration of establishment approving authority system management point is convenient to unified management;

The RA system is embodied as individual, unit and server provides digital certificate and the relevant safe practice of certificate, supports various operational lines, realizes issuing, revise, nullifying of electronics CA certificate; Realization is reported the loss the control of management, blacklist for the electronics CA certificate.

As a kind of preferred version of the present invention, the electronics CA certificate is divided into system's certificate and user certificate;

Wherein, System's certificate refers to the certificate that related management and operator are held in electronics CA certificate system and the sub level transportation; System's certificate is directly to be made by electronics CA certificate system, authorizes and issue to be meant deckle circle, and the associative operation of execution must pass through examining of CA and approve;

User certificate refers on CA safety certification system basis, to be engaged in the certificate that the main body of E-Government activity is held, as long as the physical identity of these main bodys obtains can applying for certificate after the audit approval of CA authorized organization; This type certificate comprises personal user's certificate, enterprise customer's certificate, server certificate, software code certificate.

A kind of safe verification method of above-mentioned security authentication systems, said safe verification method comprises the steps:

Digital certificate and Electronic Signature are provided, cancelled, recover to said security authentication center for the user;

Said Electronic Signature subsystem obtains the encrypted electronic stamped signature that provides from security authentication center, and with the corresponding Electronic Signature client of encrypted electronic stamped signature mandate;

Said Electronic Signature client is obtained the encrypted electronic stamped signature that obtains from the mandate of Electronic Signature subsystem, and when handling file, the file that needs stamped signature is set Electronic Signature;

The Electronic Signature that said Electronic Signature client is set is by security authentication center, Electronic Signature client validation.

Beneficial effect of the present invention is: the security authentication systems and the method for the electronic government documents office system that the present invention proposes, the fail safe that can improve system.Platform will have better official document and handle function, application of elastic design, DOC DATA switching performance; And have better externally explorative, a system combination property; And provide abundant, practical regional electronic government documents collaborative required various infrastructure service functions; Provide friendly, practical, easily, personalized official document handles system, and the E-Government smart client end system that is simple and easy to, intelligently pushing is provided.

Description of drawings

Fig. 1 is the composition sketch map of electronic government documents office system.

Fig. 2 is the safety verification sketch map of electronic government documents office system.

Fig. 3 is the Secure Application system sketch map of electronic government documents office system.

Fig. 4 handles the composition sketch map of system for the E-Government official document.

Fig. 5 is the data flow figure of message in-coming registration.

Fig. 6 is circulation of official document data flow figure.

Fig. 7 is circulation of official document administration configuration data flow figure.

Fig. 8 is the document information figure that openly circulates.

Embodiment

Specify the preferred embodiments of the present invention below in conjunction with accompanying drawing.

Embodiment one

The present invention discloses a kind of security authentication systems of electronic government documents office system, and said electronic government documents office system comprises that official document handles the open subsystem of subsystem, official document switching subsystem, official document directory subsystem, document information; The open subsystem of document information, official document directory subsystem, official document switching subsystem, official document are handled subsystem and are connected successively.

Said official document is handled the subsystem that subsystem has respectively for terminal all departments simultaneously; The support of the personalization of the service of using being made by oneself function is provided by cloud computing; All departments all are provided with the official document of one's own customization and handle subsystem, and official document is handled the effect that subsystem has played multiterminal access deal with data.

Said official document switching subsystem is handled subsystem in order to connect all official documents, and the platform action of the regional swap data of official document is provided.

Said official document directory subsystem obtains the information of DOC DATA in order to the data-transformation facility through the official document switching subsystem, makes the effect that the document information data of accomplishing mission have had concentrated filing to put on record.

The open subsystem of said document information needing to realize the function of public information to the issue of outer net website in order to obtain data from the official document directory subsystem through screening.

Said security authentication systems comprises: security authentication center, Electronic Signature subsystem, Electronic Signature client.Security authentication center is with thinking that the user provides, cancels, recovers digital certificate and Electronic Signature; The Electronic Signature subsystem is connected with security authentication center, official document switching subsystem, in order to obtaining the encrypted electronic stamped signature that provides from security authentication center, and with the corresponding Electronic Signature client of encrypted electronic stamped signature mandate; The Electronic Signature client is connected with Electronic Signature subsystem, official document switching subsystem, in order to obtaining the encrypted electronic stamped signature that obtains from the mandate of Electronic Signature subsystem, and when handling file, the file that needs stamped signature is set Electronic Signature; The Electronic Signature that the Electronic Signature client is set is by security authentication center, Electronic Signature client validation.

The process that said Electronic Signature client is set Electronic Signature is following: the user is right through the key that its Electronic Signature client at first produces oneself, sends public keys and part personally identifiable information to security authentication center; Security authentication center will be carried out necessary step after examining identity, sent by respective user really to be sure of request; Security authentication center will be issued Electronic Signature of user through the Electronic Signature subsystem, comprise user's personal information and his public key information in this Electronic Signature, also have the signing messages of security authentication center simultaneously; The comings and goings that the user uses the Electronic Signature of oneself to be correlated with.

Preferably, said security authentication systems further comprises the USB encrypting module.

In addition; In the present embodiment; Said security authentication systems further comprises the digital certificates system; The Verification System of perfect electronics CA certificate is set up in deployment according to the management mode of electronic government documents and business characteristic, electronic government documents office system, and the RA of registration of establishment approving authority system management point is convenient to unified management; The RA system is embodied as individual, unit and server provides digital certificate and the relevant safe practice of certificate, supports various operational lines, realizes issuing, revise, nullifying of electronics CA certificate; Realization is reported the loss the control of management, blacklist for the electronics CA certificate.

The electronics CA certificate is divided into system's certificate and user certificate; Wherein, System's certificate refers to the certificate that related management and operator are held in electronics CA certificate system and the sub level transportation; System's certificate is directly to be made by electronics CA certificate system, authorizes and issue to be meant deckle circle, and the associative operation of execution must pass through examining of CA and approve; User certificate refers on CA safety certification system basis, to be engaged in the certificate that the main body of E-Government activity is held, as long as the physical identity of these main bodys obtains can applying for certificate after the audit approval of CA authorized organization; This type certificate comprises personal user's certificate, enterprise customer's certificate, server certificate, software code certificate.

The present invention discloses the safe verification method of above-mentioned security authentication systems simultaneously, and said safe verification method comprises the steps:

Wherein, the process of said Electronic Signature client setting Electronic Signature is following:

Embodiment two

Cloud computing (cloud computing) is a kind of based on network supercomputing pattern, and in long-range data center, a large amount of computers and server connect into a slice computer cloud.Therefore, cloud computing can be experienced operational capability at a high speed.The user inserts data center through modes such as computer, notebook, mobile phones, be distributed on a large amount of distributed computers through making to calculate by oneself demand, but not in local computer or the remote server, the operation at government data center will be more similar with the Internet.This makes that government can be with resource switch to the application of needs, according to demand access computer and storage system.This is a kind of revolutionary behave.

The purpose of electronic government documents cloud platform construction cloud computing platform, being provides based on quick deploy resources of Intel Virtualization Technology or acquisition service for the user; Realize dynamic, telescopic expansion; By demand resource is provided; Through district's government affairs Intranet provide, towards the disposal ability of magnanimity information; The user can participate in easily, reduces the processing burden of user terminal; Reduced the dependence of user for IT professional knowledge.

See also Fig. 1; Said cloud application service layer comprises the electronic government documents office system, and the electronic government documents office system comprises that official document handles open system of system's (official document is handled subsystem), official document switching center (official document switching subsystem), official document catalogue center (official document directory subsystem), document information (the open subsystem of document information); The open subsystem of document information, official document directory subsystem, official document switching subsystem, official document are handled subsystem and are connected successively.

[official document is handled system]

Electronic government documents is handled system and is done the subsystem that score of the game does not have simultaneously for terminal each committee; The support of function is made in the personalization of the powerful application service that provides by cloud computing by oneself; Each office of doing of committee all has the official document of one's own customization to handle system, and this system has played the effect of multiterminal access deal with data.

See also Fig. 4, said electronic government documents is handled system and is comprised: briefcase module, receiving management module, outgoing dispatch management module, finish processing module.

Briefcase

The briefcase module is in order to store the official document document in each stage; Comprise the official document document the processing stage of being in each, official document document wherein will show with the form of listed files individual demand handle listed files, handle listed files, pass round part tabulation etc.

1. pending case

Official document (comprising the official document in receiving management and the outgoing dispatch management) tabulation that demonstration needs the active user to handle.The literary composition action of handling as required again of specifically doing is carried out corresponding operating by the user.Do literary composition action comprise official document handle in action commonly used: read and make comments, make comments and instructions, handle, conutersign, examine, sign and issue, seal is transmitted, checked papers, goes over a manuscript or draft, proofreads, always examines, copies in filing, message in-coming, dispatch is registered, document received is registered, make a draft, distribute, handle, pass round, keep in or the like.Also customized justice is done the literary composition action.

2. case to be read

Wait to read official document quantity and contents list to passing round part design demonstration, provide official document to pass round function, be used to pass round official document, and can reply handling suggestion document received.Wait to read case mainly by readding official document and do not read official document and distinguish, list content has also comprised and has passed round suggestion, column such as passes round again except the essential information of official document.

3. hang-up case

Do scholar person according to circumstances, can and hang up the temporary transient preservation of official document hanging up case, to deal with again in the future.

4. collection box

Show the lists of documents of deletion and the relevant rudimentary information of document, the function of replying deleted document is provided.

5. the agency is provided with

The user can be through being provided with the agent, the setting of agent operation authority, and options such as mandate time come the authorized agent to handle the official document spare in the briefcase.

6. handle document

Possess the essential information (official document title, numbering, action-item) of official document in each briefcase that automatic preservation user processing crosses, that is easy User operation log is provided.

Receiving management

Receiving management has realized envisioning, issue, pass round a series of processes such as handling and finish filing with the form of electronic government documents from message in-coming registration, file on the inherent network of the scope of organization.Can facilitate the introduction of the office documents form of various main flows.Receiving management should be accomplished the complete message in-coming flow process of one government bodies, comprises message in-coming registration, circulation of official document, official document retrieval etc.Receiving management provides to electronics or papery document received; Carry out document received registration and typing; And circulate by the message in-coming handling process that sets, message in-coming divides message in-coming to handle list, text, annex together to circulate, can pass round this official document in the circulation; Also can provide and envision suggestion, make comments and instructions suggestion, handle suggestion, and can transmit automatically and handle suggestion and handle to the related personnel with the information of passing round by each related personnel.

1. the main flow process of message in-coming

The type message in-coming flow process of reference, message in-coming are handled and are related to recipient, registrant, person approving, envision the people, issue the people, the undertaker, press the people.

The recipient; Be responsible for the official document of receiving is signed for.

Registrant: be responsible for the official document of receiving is registered.

Person approving: be responsible for the official document of receiving is examined.

Envision the people: be responsible for the official document of receiving is proposed to envision suggestion.

Issue the people: be responsible for the official document of receiving is made comments and instructions processing.

Undertaker: be responsible for handling the official document of receiving.

Press the people: be responsible for issuing the official document that people's written instructions or undertaker handle and pressing to sending.

Message in-coming flow process case: outside document received

1) confidential employee of office registers document received, if the document received of notice, reception, visit, invitation class then needs the leader of office audit, if be necessary examine then will for innings leader, then to leader of relevant departments and internal or office work;

2) if district office level is read part, information then will read according to the leader and show, give the confidential employee then, send a leader of relevant departments and internal or office work by the confidential employee, at last filing;

3) if regimental part, the information of readding in district then needs the department head to read to show;

4) if do part, then need pass through the leader with specific duties of office and just examine, office mainly leads audit, returns the cryptographer then, by the cryptographer file is sent to sponsoring department and assistant department; At first doing jointly presents one's view after file is received by department, needs the department head to examine if necessary, gives main department then; Main department handles according to the suggestion of the department of doing jointly, and then to department's internal or office work, department's internal or office work according to circumstances perhaps changes inner sign newspaper or certification processing over to; Perhaps be given to the cryptographer; Read and make comments for the leader of office by the cryptographer, the suggestion feedback of leading office is then finished at last, is filed to dependent office leader, relevant unit and document received unit again.

2. message in-coming registration

Set up the message in-coming registration form, send to according to written instruction of leader civilian registration form in future and paper document and undertake sections.System will provide interface, receive image file or the file after the conversion of identification softwares such as OCR through the scanning input, thereby realize the importing of external file/data.

The file manager who undertakes sections can hand over the staff of sections specifically to do literary composition file according to department head's written instructions, and situation is filled in these sections document received registration form.

3. message in-coming registration: data flow is as shown in Figure 5.

Data dictionary

The storage clauses and subclauses:

Storage numbering: D1

Storage title: list to be signed for

The source: the user registers generation

Form: one is made up of flow process continuous item and official document element

Storage numbering: D2

Storage title: pending list

The source: the user registers submission

Form: one is made up of flow process continuous item and official document element, and the same D1 of Database field distinguishes through flow state.

Storage numbering: D3

Storage title: list

The source: the user registers generation

Storage numbering: D4

Storage title: task center table

The source: the user operates at every turn

Form: this table mainly comprises the data that produce circulation, reflects the node of each circulation, operator, operating time etc.

Storage numbering: D5

Storage title: list two (handling process of asking for instructions andding submit reports)

The source: flow process gets into office and produces

4. message in-coming register

Similar and function papery message in-coming register generates automatically.

5. read and show (written instructions)

This functional node supports readding of official document to show (readding part) function, can specify the people who passes round and pass round people's order.These functions can customize realization through workflow.

reads and shows (written instructions) example: ask declaration for instructions

1) handler intends literary composition, is just examined by the leader with specific duties of department then, again by the chief leading cadre of department audit, transfers to the handler if the plan literary composition has problem and remodifies the plan literary composition, walks as above flow process again;

2) intend literary composition through after examining, give department's internal or office work, internal or office work is given each countersign department with literary composition; Give the department head after literary composition is received in the internal or office work of countersign department, the department head perhaps directly makes a suggestion, and handles perhaps for the related personnel of department; Give department's internal or office work at last, get back to the internal or office work of handler department then;

3) handle department's internal or office work office be given in literary composition;

4) after the cryptographer of office receives literary composition, examine literary composition (if problem is arranged then return sponsoring department), envision then;

5) just examine for the leader with specific duties, give main leader's audit again, if the centre has any problem to return, after the audit, literary composition comes back to the confidential employee;

6) confidential employee gives office's written instruction of leader with literary composition, and the confidential employee returns to according to the written instruction of leader suggestion more again and is correlated with according to leader and department, finishes filing at last.

6. literary composition is transmitted in message in-coming

Message in-coming according to needing to change document properties, becomes the dispatch document by message in-coming in handling process, get into the dispatch flow process once more and carry out the processing of envisioning of official document.

7. message in-coming is handled

Official document written instructions are handled and are meant that the leader checks the official document original paper and makes comments and instructions handling Dan Shangke.And the staff can and then carry out relevant work according to the written instruction of leader content.

8. circulation inquiry

Be used to inquire about the circulation process and the current state of official document.

9. the circulation of official document data flow sees also Fig. 6.

Data dictionary

Storage numbering: D6

Storage title: repertory

Source: produce during registration

Form: item id, project status, and the compositions such as time of operation

Storage numbering: D7

Storage title: data flow table

Source: define by the keeper

Form:, and flow to the logical attribute composition by present node and next node.

Storage numbering: D8

Storage title: data flow node table

Source: define by the keeper

Form: by present node, node type, attributes such as nodal operation personnel are formed.

Processing logic is as shown in table 1.

Table 1

10. circulation of official document administration configuration data flow sees also Fig. 7.

Outgoing dispatch management

Outgoing dispatch management has realized that the form with electronic government documents is examined modification, formal written a series of processes from dispatch drafting, manuscript on the inherent network of the scope of organization.Can facilitate the introduction of the office documents form of various main flows.Outgoing dispatch management should be accomplished the complete dispatch flow process of one government bodies; Comprise the relevant functional modules of dispatch flow process such as pending official document, official document exchange, official document rollback, data security; Simultaneously, system answers supporting attachment to upload, and the official document printing function of different-format and version.

1. typical dispatch main flow

Reference typical case dispatch flow process:

Dispatch is handled and is related to drafter, person approving, signed by, checks the people, copies and print people, usefulness seal people, registrant, distribution people.

Drafter: be responsible for drafting of official document.

Person approving: be responsible for the audit of official document.

Signed by: be responsible for the careful of official document and sign and issue.

Check the people: be responsible for checking of official document.

The seal people copies: the seal of copying of being responsible for official document.

With printing the people: the seal of using of being responsible for official document.

Registrant: be responsible for the registration of official document.

Distribution people: be responsible for the distribution of official document.

In the outgoing dispatch management process, the responsibilities of the link of respectively flowing through is described as shown in table 2:

Table 2

The outgoing dispatch management system provides to document received or directly intends literary composition, preserves the back official document and begins circulation by user-defined flow process.In intending civilian process, system can preserve the modification of being done automatically, and promptly vestige keeps.Can generate the function of similar papery message in-coming register automatically to all kinds of dispatches.Finish processing links functions such as comprising system literary composition, plan filing, dispatch, issue, inquiry are provided.

2. dispatch is made a draft

Make a draft (drafting official document): after certain document received or direct plan literary composition (drafting official document) preservation, official document begins circulation by defined flow process; In intending civilian process, the modification system that intends literary composition is preserved the modification of being made automatically, promptly vestige keeps.

3. dispatch is handled

The main processing function comprises system literary composition, intends filing, electronics dispatch, " adding a cover E-seal (spare interface) " wait, can carry out the direct modification of text to the dispatch of circulation, and the content of modification is carried out functions such as vestige reservation.

dispatch system is civilian: the reddish tone system literary composition before written file is sent the documents;

Example is handled in

dispatch: dispatch, meeting summary are examined

1) handler intends literary composition, is gone over a manuscript or draft by the department head then, remodifies the plan literary composition if problem is arranged then transfer to the handler, walks as above flow process again;

2) intend literary composition through after examining; Give department's internal or office work; Internal or office work is given each countersign department with literary composition, gives the department head after literary composition is received in the internal or office work of countersign department, and the department head perhaps directly makes a suggestion or makes a suggestion for the related personnel of department and examine shortly; Give department's internal or office work at last, get back to the internal or office work of handler department then;

4) after the cryptographer of office receives literary composition, examine literary composition, envision then; Give then and be in charge of director's first trial, give main leader's audit again, if there is any problem the centre then returns the confidential employee; The confidential employee is given to the department of envisioning again, after audit, comes back to the confidential employee;

5) confidential employee gives literary composition according to written instruction of leader, and the confidential employee is again according to written instruction of leader, and the confidential employee files, prints and distributes, feeds back sponsoring department then according to written instructions system literary composition;

6) dispatch a joint document then like need literary composition is printed the countersign to other unit, in typing countersign suggestion, give according to the leader then and read and make comments then, print and distribute at last, file.

4. press, supervise and manage

Press, supervisor's information sends according to the official document time limit by pressing the people automatically; It is a special information, relevant with official document the person of handling is played the urgency effect.The person of handling is unsuppressible; Press, supervise and manage the back if official document also is untreated, operation will be reminded according to the information reminding function setting by system.If the official document processed information will be deleted automatically.

5. the unit's of striding countersign, the function of dispatching a joint document

Can send to units concerned with needing countersign or the official document of dispatching a joint document and drafting single-pass to cross the official document Switching Module.This unit after inter-process, feeds back countersign or the suggestion of dispatching a joint document is given the transmission unit.The a plurality of files that produce in the processing are as the procedure file of this file.

Finish processing

Provide after circulation of official document finishes and finish function, after dispatch is passed round and is finished, can the unit's of transfer document library.Official document in the filing storehouse can regularly mail to official document catalogue center and carry out unified management.Constituent parts filing storehouse can provide the query function by multiple modes such as departments, and each unit is responsible for finishing of our unit and handles management.Whole official document system can regularly concentrate from the filing storehouse of all departments collect archive file, and sends it to the functions such as plan filing before formal filing is accomplished at the catalogue center.

This module is being listed the official document tabulation that need handle, can make the following function of handling:

1. official document is finished

This module mainly shows the listed files that has circulated and finished, and comprises the date of issuance, theme, message serial number, content, position, circulation situation, cancels, handles, made each element information such as literary composition.

2. dispatch exchange

The dispatch exchange is exactly according to official document flow process and official document handling suggestion; The corresponding department that specific message in-coming is sent to corresponding unit issues again, carries out handling of next step through the circulate relevant departments of our unit or other unit of the official document commuting case in district's official document switching system.

3. intend filing

Unit is handled the official document document that finishes that finishes or circulate carry out the plan filing processing of file; At first build each unit official document storehouse separately; Again the official document of finishing is included into document bibliography information; Wait until the official document catalog system and regularly collect, get into unified filing flow process according to government document filing processing requirements in official document catalogue centring system at last.

4. print, overlap and beat

5. official document is recognized note

For accomplishing the official document that official document is handled flow process outside the system, realize unified additional registration function.This functions of modules can realize recognizing the management of note operation simultaneously through all operations step in the single account number registration circulation of official document process through role's control of authority.

6. official document monitoring

The official document supervisory control system realizes based on supervisor's monitoring mechanism of workflow platform, realizes the graphical monitoring for the workflow application item, the daily record monitoring that circulates, the efficiency analysis that circulates, presses supervisor's function.System can trigger and press message or supervisor's task carrying out comprehensively monitoring in the circulation task, comprises that processing project monitoring, pending supervisor's part, initiation are supervised and manage, processing has been done supervisor's part, the supervisor's situation in the responsibility and right scope is carried out query analysis, reported.

The visible service flow monitoring is according to the state that carries out of government affairs project that flow process is handled, with patterned each node state of form display items display and circulation situation.As required, the user can understand the interim situation of business processing flow.Product provides patterned handling process, inquiry and monitoring function.The user can understand the corresponding interim performance of flow process according to the authority of oneself, and the task disposition of each node is handled information such as used time and mandatory period in the querying flow like task handler, task status, task.Owing to adopted graphical monitoring, system is with the task treatment state of various colors flow for displaying, and the interface is visual in image, and the user can understand the relevant information of each flow process, each node very clearly.

System can write down the circulation process of each Pending tasks automatically, and generation task circulation daily record based on this log analysis, can obtain the circulation process data of certain task, carries out effectiveness analysis.

Vestige keeps

Graphical vestige keeps technology, and the modification vestige of file in the circulation overall process can be noted down by system, and realizes with the patterned way of What You See Is What You Get, reaches the office requirement of the comprehensive record fileinfo of government department.

Reserve digital signature and E-seal interface

After adding a cover E-seal on the electronic government documents, the document will carry out slave mode automatically, thus content be locked, the document content of this moment possess anti-write change, security feature such as anti-copy.

The official document inquiry

Can also can show (example: can be divided into message in-coming and two kinds of dispatches) according to condition query by the form of lists of documents.

1) message in-coming list: list whole message in-coming tabulations, similar and function papery message in-coming register generates automatically.

2) dispatch list: list whole dispatch tabulations, similar function with papery dispatch register generates automatically, and the confidential employee shows whole dispatches, and other staff shows the official document of oneself envisioning.

[official document switching center]

Official document switching center has then got in touch all official documents and has handled subsystem, and the platform action of the regional swap data of official document is provided, and this subsystem then is that the positive mid-game of seat is arranged, the effect of contact each side.

For cooperating official document exchange promotion and application; Official document switching center and office system are combined closely; Convenient transmitting-receiving scholar person operation, the official document system will be at the official document switching system that provides each committee to do innings standard, the pairing official document Switching Module of main processing official document commuting case.

Official document exchange (dispatch)

The clerical workforce can pass through this module, sends document information to the office of doing of committee, obtains the situation etc. of signing for of sending file, and can control for the flow direction of document information data through the route setting.

1. publishing documents

(1) treats the dispatch shelves

Show that temporary needs send document information.

The clerical workforce can safeguard list information, such as reselecting transmission unit, adds accessory information, revises document information etc.After clicking transmission, send document information.

(2) file sends

The clerical workforce sends document information through this module to each office of doing of committee.

Attention: when selection unit, the background process logic needs the corresponding recruiting unit's information of binding data switching plane, comprises unit designator code etc.

(3) fat file

The document information content that the clerical workforce can send through condition query.

2. the result feeds back

The clerical workforce can pass through this module, checks announced document information, and checks and sign for unit information and sign for situation.Show the document information that has sent.

3. route setting

The user can pass through the route setting, manages the circulation of dissimilar official documents, can define whole district's circulation (promptly send out and change all units), bar linear flow commentaries on classics (promptly only between part correlation unit, circulating) or unidirectional delivery (promptly send and specify unit).

Official document exchange (message in-coming)

Message in-coming part in the official document exchange mainly shows the DOC DATA that gets access in the official document commuting case, and the clerical workforce can be docked the breath of collecting mail and signed for, distribution processor, and combine this office system to start the message in-coming flow process, carry out the message in-coming circulation.

1. document to be signed for

Wait to sign for the document information that the document function can show that each office of doing of committee sends over.

The clerical workforce can sign for official document, and the information of signing for will feed back to committee through the official document switching plane and do office system, also can distribute official document, starts inner message in-coming circulation and oneself circulates.

2. signed for file

Show the fileinfo of having signed for, the clerical workforce can also distribute official document simultaneously, starts inner message in-coming circulation and oneself circulates.This module also comprises the official document query function simultaneously, and the user can pass through keyword, inquiry official document exchange message.

3. handle tracking

Show the document information handling, and condition query function such as keyword is provided, can inquire about official document (message in-coming) information.

[official document catalogue center]

Official document catalogue center then is the information that obtains DOC DATA through the data-transformation facility of official document switching center, the effect that the feasible document information data of accomplishing mission have had concentrated filing to put on record.

For the official document of finishing in the gamut, set up official document catalogue center, realize the sectional lists centralized management of finishing official document, authorize check, the function of electronic filing.Five kinds of functions such as the operation of document information comprises typing, browses, inquires about, manages, filing; Can include and check official document easily, and meet the file format that national archive requires to the official document spare of various ways through intending filing to handle to change into.This module list mode represents, and main modular is divided document typing, catalogue browsing, document query, document management, filing management, authority setting.

1. document typing

Manual and automatic collection and collection document information to be filed; Can manual typing relevant official document details; Simultaneously through automatically being provided with, regularly from official document finish collect the processing finish processing through official document and be stored in each committee and do and finish official document in file store of office.

2. catalogue browsing

Show the tabulation of the existing whole document informations in catalogue center with the form of catalogue, realize sharing of controlled document information resource and in functions such as utilizations through control of authority.

3. document query

Can be according to condition query.

After the logical input inquiry information; Search Results will be listed whole tabulations of finishing official document according to the pattern of official document list; The function of similar archives register generates automatically, is clicking the details (being more information contents such as official document content, settling time, the time of finishing, process name, relevant unit, leader, handling suggestion, relevant date, director) that can check official document behind the official document title.

4. document management

For user, can safeguard and revise (remarks in the authority add and Position Control) to the official document of response with administration authority.

According to actual needs, there is the user of authority can the official document at catalogue center be pushed to the information disclosure service system, realizes functions such as official document show-and-tell.

5. filing management and archives economy interface are integrated

Be mainly the function that realizes the filing of official document electronization, can realize the plan filing of document information.Intending filing is exactly that the official document in the official document catalogue center service system is filed through the conversion of form; Be transformed into and meet the electronic edition archives spare that Archives Administration's filing requires; And through with the interface setting of Archives Administration, directly will accomplish the official document spare of intending filing and push to archive management system and file.

(1) filing preliminary treatment

Official document is intended main official document and other secretarial document data that the routine work accumulation is formed of realizing of filing and is carried out localization filing preliminary treatment, comprises that the work of archives is gone into, put, make a catalogue, stands the processing of tentatively standardizing of localized files such as volume, numbering, evaluation and operate.

Localization filing preprocessing function is as follows:

archival description: the files level that provides the file of electronic government documents to record interface and electronic record is recorded the interface.

files evaluation: the electronic government documents fileinfo is identified.And form when from file-level information, extracting partial information and identify daily record as the directory level information of same.

File Maintenance: the modification of directory level information only is provided to the maintenance of electronic government documents file.

cataloguing of file: all catalogued files all form the Recordset data set through query statement data set are passed to report file by report file Unified Treatment (comprising Show Styles).

shelves number are rearranged: carry out shelves according to selected sortord and the intrinsic coding rule of archives and number rearrange.

is open to be identified: revise evaluation to open field in the electronic government documents file.

transfers evaluation: be applied to the transfer that archives send to before the archives economy and examine process.

data derive: be sent to archive management system to file data in batches.

(2) performing step

Electronic government documents is finished in the processing capacity module at official document after handling system's circulation of official document completion, at first official document is intended filing.

The document information content can change official document catalogue center over to through official document Exchange Service system, in the filing management module, selects the official document that will file.

When this official document is formally filed, call database interface, preserve data in the corresponding tables of data of archive management system database, and, be convenient to the filing inquiry at the inner copy information of preserving the official document filing of official document catalogue centring system.Archive management system can read this tables of data information, carry out unified file administration.

(3) relevant treatment flow process

Rule of thumb, official document is handled unit has more deep understanding to file attributes such as the retention period of official document, levels of confidentiality, and therefore, the setting of these attributes will be carried out in official document catalogue center service system by the official document personnel that handle, and promptly intends filing.Intend being pushed to archive management system after the official document of filing is recorded completion according to the form of archives, the archives control staff only need check once more the file attribute of this official document and get final product, and archives work intensity is effectively reduced.

The staff intends official document after the filing submission, and the document will be pushed in the archive management system automatically, and the file clerk has three kinds of processing modes to this part document:

further identifies and replenishes and record the back filing;

recalls document and encloses and severely punish suggestion, lets the related personnel intend filing again;

recalls and informs that this official document of related personnel need not filing.

6. authority setting

Control the open levels of official document catalogue center through reading being provided with of authority, realize the opening of classification, classification, fraction, shared document information resource for the user.

[the open system of document information]

The open system of document information then only obtains data from official document catalogue center, lets the back needing realize the function of public information to the issue of outer net website through screening.

Construction along with the government affairs website; The huge achievement that among government office, constantly obtains with network information technology; To the needs of administrative guidance policies such as openness of government affairsization, policy transparence, the information issue on the website has proposed exigence for document information.Design through platform and website interface; When accomplishing the linking of official document platform and government affairs net; System also will provide functions such as true, safe, controlled document information issue, tracking, inquiry, thereby better accomplish the effect that official document is brought into play in the government information disclosure engineering.

1. open document

Form with official document tabulation shows the official document title, finishes the date, relevant unit, official document numbering, open demand, examine information such as situation, concentrates the basic condition that displayings need disclosed official document document.This module is mainly included from official document catalogue center service system and is equal to the document information content to be released that level system sends over.Module can be according to authority, and transmission also gets into information disclosure editor, approval status, for the user who possesses authority its content is safeguarded, adds, is revised, and promotes simultaneously and gets into whether approval process continues information disclosure with decision flow process.

2. follow the tracks of according to open

It is set that functions of modules is mainly monitoring open file progress and document information state; The user can inquire relevant file through official document title or official document numbering; Simultaneity factor will show the interdependent node of relevant documentation in the information disclosure flow process, and can check the content information that document information is revised or added in the information disclosure system under the current progress.

Trace information source is can the open flow process of reference documents as shown in Figure 8.

need disclosed official document need official document intend or the processing stage select filling out of correspondence and to indicate the open attribute of official document in the frame: initiatively open or open according to application.

After

lets when the official document end that in electronic document system, circulates; After having accomplished official document and handling unit in the system and finish processing procedure, change an official document catalogue centring system by unified the sending out of official document switching system transmission channel.The open system of document information this moment will need disclosed official document spare information grasp at the open system of official document from the official document storehouse of intending the filing state with entering, thereby will realize including function.

is in the open system of official document; Also be provided with special secondary approval process, for the disclosed document information of needs is done final examination.And (annotate: editor and modification at first must be satisfied purview certification, can not change textual content simultaneously, can only add remarks or annotation information or openly wait operation according to requiring to carry out part to carry out open adaptability edit-modify according to authority for disclosed document information.)。

be treated document information at this moment; Through being with open official document module to carry out packaging ciphering, wait for that the staff is through artificial download relevant information.

shifts through artificial; Document information wrapped to pass to reach on the physically-isolated outer network server, the document information of packing is carried out being published on the website of government affairs outer net after decompress(ion), the decryption processing through the open document information module of treating of outer net.

3. open inquiry

Can be according to condition query.After the logical input inquiry information; Search Results will be listed whole tabulations of finishing official document according to the pattern of official document list; The function of similar archives register generates automatically, is clicking the details (being more information contents such as official document content, settling time, the time of finishing, process name, relevant unit, leader, handling suggestion, relevant date, director) that can check official document behind the official document title.Also can pass through the government affairs web site url, retrieve in the website again.

See also Fig. 2, Fig. 3, the main interface routine of electronics CA system of security centre and official document system is exactly the client-side program of Electronic Signature.This module can design and be integrated into whole official document and handle system.And the part that other is associated has only the transmission of verification msg and the change data of user profile, and these contacts only need the reservation of data transmission port, and do not need further development system program.

Said cloud application service module further comprises security authentication systems, and said security authentication systems comprises: security authentication center, Electronic Signature subsystem, Electronic Signature client.Security authentication center is with thinking that the user provides, cancels, recovers digital certificate and Electronic Signature; The Electronic Signature subsystem is connected with security authentication center, official document switching subsystem, in order to obtaining the encrypted electronic stamped signature that provides from security authentication center, and with the corresponding Electronic Signature client of encrypted electronic stamped signature mandate; The Electronic Signature client is connected with Electronic Signature subsystem, official document switching subsystem, in order to obtaining the encrypted electronic stamped signature that obtains from the mandate of Electronic Signature subsystem, and when handling file, the file that needs stamped signature is set Electronic Signature; The Electronic Signature that the Electronic Signature client is set is by security authentication center, Electronic Signature client validation.

[digital certificates system]

Management mode and business characteristic according to electronic government documents; For promoting the safety requirements of the authentication in the electronic government documents transmission course; The deployment of whole district's electronic document system need be set up perfect district level electronics CA service system, sets up the RA management point, is convenient to unified management.The RA system of Luwan District official document system can be implemented as business objects such as individual, unit and server digital certificate and the relevant safe practice of certificate is provided, and supports various operational lines, realizes issuing, revise, nullifying of electronics CA; Realization is reported the loss functions such as management, blacklist control for electronics CA's.

Device certificate) and two kinds of user certificates the certificate kind: CA certificate can be divided into system's certificate from application point and (claim again:.Wherein system's certificate refers to the certificate (operation and the administrator certificate that contain CA system, RA system, RAT system) that related management and operator are held in CA and the sub level transportation; System's certificate is directly to be made by CA; Authorize and issue to be meant deckle circle, the associative operation of execution must pass through examining of CA and approve.

User certificate refers on CA safety certification system basis, to be engaged in the certificate that the main body of E-Government activity is held, as long as after the physical identity of these main bodys obtains the audit approval of CA authorized organization (like RA, RAT), just can apply for certificate.This type certificate comprises personal user's certificate, enterprise customer's certificate, server certificate, software code certificate etc.Below provide the introduction of corresponding formal certificate:

Personal identification certificate: with the number binding of identity documents such as personal identity card, officer's identity card or passport, represent personal identification, support main flow browser and specific user to hold software;

Personal identification double certificate: on the basis of realizing the personal identification certificate, encrypted certificate and signing certificate are provided simultaneously.

Sign and issue the certificate of multiple form: diploma system can be according to the requirement of operation system, and the extension of cert defines.As using through the extended attribute part, make certificate have the different grade authority, implement control of authority.For the specific (special) requirements of operation system, can in extension, add its marker code in addition.The certificate signed and issued of diploma system is followed X.509 V3 standard in a word; Can satisfy the requirement of electric CA center cert classification fully; Extension field customization function flexibly also is provided simultaneously, and the operating personnel of system customize extension field, to satisfy needs of different applications.Diploma system can also be signed and issued the certificate of different application according to different user's requests; The various different application of certificate are the parts of certificate policy; Be embodied in above the extension field of V3 X.509; Application software realizes various application through explaining these certificate extension territories, thereby realizes the management strategy of certificate.

[Electronic Seal System]

The advanced Electronic Signature software of one cover prevents to distort, prevents to pretend to be, prevents the security system denied as system information; Bring on the platform of whole application safety management system; Unified plan is in client's OA management system; Improve the operating efficiency of administrative examination and approval flow processs at different levels, guarantee the integrality and the reliability of system information and data, strengthen the safeguard protection of whole system data transfer.

As shown in Figure 3; The design of whole Electronic Signature security system is to be main core with the Electronic Signature technology, uses in conjunction with digital certificate, utilizes USB KEY hardware encipher to preserve means; The expansion safety guarantee function; Whole security system and real application systems are closely connected, and security control is more comprehensive, and the user also can be according to the assembly of self system's actual conditions selection needs.Security system mainly is made up of following several parts: visual Electronic Signature based on the Office e-file, visual Electronic Signature based on the Web page, digital certificate management center (CA), USB KEY hardware.

The effect of Electronic Signature: Electronic Signature solves problems such as denying, forge, distort and pretend to be.Specific requirement:

A) the sender's message signature that afterwards can not deny sending,

B) recipient can examine the message signature that the sender sends,

C) recipient can not forge sender's message signature,

D) recipient can not carry out part and distorts to sender's message,

E) a certain user in the network can not pretend to be another user as sender or recipient.

The range of application of Electronic Signature very extensively; In the fail safe that ensures electronic data interchange is a breakthrough progress; Everyly need can use Electronic Signature, such as encrypting mail, commercial correspondence, order purchase system, long-range financial transaction, automatic mode processing etc. and the related official document document of this project to the situation that user's identity is judged.

System performance index of the present invention is following:

1) single page average response time was less than 4 seconds;

2) the data query time was less than 6 seconds;

3) system's mean free error time should be greater than 800 hours;

4) after system formally reaches the standard grade, with the use of supporting at least 1000 users;

5) follow-up through load-balancing technique, newly-increased load-balancing device and application server satisfy the user's instructions for use more than 2000.

In sum, the security authentication systems and the method for the electronic government documents office system that the present invention proposes, the fail safe that can improve system.System platform will have better official document and handle function, application of elastic design, DOC DATA switching performance; And have better externally explorative, a system combination property; And provide abundant, practical regional electronic government documents collaborative required various infrastructure service functions; Provide friendly, practical, easily, personalized official document handles system, and the E-Government smart client end system that is simple and easy to, intelligently pushing is provided.

Here description of the invention and application is illustrative, is not to want with scope restriction of the present invention in the above-described embodiments.Here the distortion of the embodiment that is disclosed and change are possible, and the replacement of embodiment is known with the various parts of equivalence for those those of ordinary skill in the art.Those skilled in the art are noted that under the situation that does not break away from spirit of the present invention or substantive characteristics, and the present invention can be with other form, structure, layout, ratio, and realize with other assembly, material and parts.Under the situation that does not break away from the scope of the invention and spirit, can carry out other distortion and change here to the embodiment that is disclosed.

Claims

1. the security authentication systems of an electronic government documents office system is characterized in that, said electronic government documents office system comprises that official document handles the open subsystem of subsystem, official document switching subsystem, official document directory subsystem, document information; The open subsystem of document information, official document directory subsystem, official document switching subsystem, official document are handled subsystem and are connected successively;

Said security authentication systems comprises:

2. the security authentication systems of electronic government documents office system according to claim 1 is characterized in that:

The process that said Electronic Signature client is set Electronic Signature is following:

3. the security authentication systems of electronic government documents office system according to claim 1 is characterized in that:

Said security authentication systems further comprises the USB encrypting module.

4. the security authentication systems of electronic government documents office system according to claim 1 is characterized in that:

Said security authentication systems further comprises the digital certificates system; The Verification System of perfect electronics CA certificate is set up in deployment according to the management mode of electronic government documents and business characteristic, electronic government documents office system; The RA of registration of establishment approving authority system management point is convenient to unified management;

5. the security authentication systems of electronic government documents office system according to claim 4 is characterized in that:

The electronics CA certificate is divided into system's certificate and user certificate;

6. the safe verification method of the said security authentication systems of claim 1 is characterized in that, said safe verification method comprises the steps:

7. safe verification method according to claim 6 is characterized in that: