The content of the invention
The present invention proposes a kind of generation method and generating means of new electronic invoice, and then at least to a certain extent gram
Take one or more problem caused by limitation and the defect due to correlation technique.
Other characteristics and advantage of the present invention will be apparent from by following detailed description, or partially by the present invention
Practice and acquistion.
According to the first aspect of the invention, it is proposed that a kind of generation method of electronic invoice, comprise the following steps:
The terminal of making out an invoice of electronic invoice is bound with the hardware device for safety certification;
The information of making out an invoice of electronic invoice is sent to the hardware device, so that the hardware device enters to the information of making out an invoice
Row encryption, obtains ciphertext;
Receive the ciphertext that the hardware device is sent;
Network linking is generated based on the ciphertext, the network linking is used to send opening comprising the ciphertext to server
Ticket is asked, so that the ciphertext is decrypted the server obtains the information of making out an invoice, and based on the information life of making out an invoice
Into electronic invoice.
In some embodiments of the invention, based on aforementioned schemes, the terminal of making out an invoice of the electronic invoice is carried out with being used for
The hardware device of safety certification is bound, including:
The terminal of making out an invoice obtains the numeral stored in the hardware device by the hardware interface of the hardware device and demonstrate,proved
Book and trust chain;
The terminal of making out an invoice is bound with the digital certificate and trust chain, to be bound with the hardware device.
In some embodiments of the invention, based on aforementioned schemes, the generation method of the electronic invoice also includes:
When service is made out an invoice in startup, the first random number is generated;
First random number is sent to the hardware device, so that the hardware device is based in the hardware device
Digital certificate first random number is signed, obtain sign result;
The signature result is verified according to the digital certificate with the terminal binding of making out an invoice;
To the signature result verification after, to the hardware device send described in make out an invoice information.
In some embodiments of the invention, based on aforementioned schemes, in the hardware device according to second generated at random
In the case that the information of making out an invoice is encrypted random number, in addition to:
Second random number that the hardware device is sent is received, wherein, also comprising described the in the request of making out an invoice
Two random numbers.
In some embodiments of the invention, based on aforementioned schemes, the network linking is linked including Quick Response Code.
According to the second aspect of the invention, it is also proposed that a kind of generation method of electronic invoice, comprise the following steps:
Bound for the hardware device of safety certification and the terminal of making out an invoice of electronic invoice;
The information of making out an invoice of the electronic invoice of terminal of being made out an invoice described in receiving transmission;
The information of making out an invoice is encrypted, ciphertext is obtained;
The ciphertext is sent to the terminal of making out an invoice, so that the terminal of making out an invoice is generated to server based on the ciphertext
Send the network linking for request of making out an invoice.
In some embodiments of the invention, based on aforementioned schemes, it is stored with the hardware device for being made out an invoice
The digital certificate and trust chain of certification, the hardware device are bound with the terminal of making out an invoice, including:
The digital certificate and trust chain are sent to the terminal of making out an invoice, so that the terminal of making out an invoice is demonstrate,proved with the numeral
Book and trust chain are bound.
In some embodiments of the invention, based on aforementioned schemes, the generation method of the electronic invoice also includes:
First random number of terminal of being made out an invoice described in receiving transmission;
First random number is signed based on the digital certificate stored in the hardware device, signature knot is obtained
Really;
The signature result is sent to the terminal of making out an invoice, so that the identity of the hardware device described in terminal-pair of making out an invoice
It is authenticated.
In some embodiments of the invention, based on aforementioned schemes, the generation method of the electronic invoice also includes:Storage
Shared key from the server;
The information of making out an invoice is encrypted, including:
The information of making out an invoice is signed based on the digital certificate, signature value is obtained;
The second random number is generated, interim conversation key is generated according to second random number and the shared key;
Information is made out an invoice and the signature value is encrypted to described by the interim conversation key, the ciphertext is obtained.
In some embodiments of the invention, based on aforementioned schemes, the generation method of the electronic invoice also includes:By institute
The second random number is stated to send to the terminal of making out an invoice.
In some embodiments of the invention, based on aforementioned schemes, in the server by the digital certificate to institute
State in the case that shared key is encrypted, in addition to:
It is decrypted based on the digital certificate, to obtain the shared key.
According to the third aspect of the invention we, it is also proposed that a kind of generation method of electronic invoice, comprise the following steps:
Server receives the request of making out an invoice of electronic invoice, includes in the request of making out an invoice and is set for the hardware of safety certification
The ciphertext that the standby information of making out an invoice to electronic invoice is obtained after being encrypted;
The ciphertext is decrypted, the information of making out an invoice is obtained;
Based on the information generation electronic invoice of making out an invoice.
In some embodiments of the invention, based on aforementioned schemes, the generation method of the electronic invoice also includes:
Generate shared key;
The shared key is stored to the hardware device, so that the hardware device is based on the shared key to institute
Information of making out an invoice is stated to be encrypted.
In some embodiments of the invention, based on aforementioned schemes, it is stored with to make out an invoice for progress in the server and recognizes
The digital certificate of card, the generation method of the electronic invoice also includes:
The hardware device is imported after the shared key is encrypted based on the digital certificate.
In some embodiments of the invention, based on aforementioned schemes, it is stored with to make out an invoice for progress in the server and recognizes
The digital certificate of card, also includes the second random number of the hardware device generation, the ciphertext is entered in the request of making out an invoice
Row decryption includes:
Interim conversation key is generated according to second random number and the shared key;
The ciphertext is decrypted based on the interim conversation key, make out an invoice information and the information of making out an invoice is obtained
Signature value;
The signature value is verified according to the digital certificate;
After being verified to the signature value, it is determined that obtaining the information of making out an invoice.
According to the fourth aspect of the invention, it is also proposed that a kind of generating means of electronic invoice, including:
Binding unit, the terminal of making out an invoice of electronic invoice is bound with the hardware device for safety certification;
Transmitting element, the information of making out an invoice for sending electronic invoice to the hardware device, so that the hardware device pair
The information of making out an invoice is encrypted, and obtains ciphertext;
Receiving unit, for receiving the ciphertext that the hardware device is sent;
Processing unit, for generating network linking based on the ciphertext, the network linking, which is used to send to server, wraps
Request of making out an invoice containing the ciphertext, so that the ciphertext is decrypted the server obtains the information of making out an invoice, and is based on
The information generation electronic invoice of making out an invoice.
In some embodiments of the invention, based on aforementioned schemes, the binding unit is configured to:
The digital certificate and trust chain that are stored in the hardware device are obtained by the hardware interface of the hardware device, will
The terminal of making out an invoice is bound with the digital certificate and trust chain, and the terminal of making out an invoice is carried out with the hardware device
Binding.
In some embodiments of the invention, based on aforementioned schemes, the generating means of described electronic invoice also include:It is raw
Into unit and authentication unit;
Wherein, the generation unit is used for, and when service is made out an invoice in startup, generates the first random number;
The transmitting element is additionally operable to:First random number is sent to the hardware device, so that the hardware is set
It is standby that first random number is signed based on the digital certificate in the hardware device, obtain result of signing;
The authentication unit is used for, and the signature result is tested according to the digital certificate with the terminal binding of making out an invoice
Card;
The transmitting element is configured to:After, institute is being sent to the hardware device to the signature result verification
State information of making out an invoice.
In some embodiments of the invention, based on aforementioned schemes, in the hardware device according to second generated at random
In the case that the information of making out an invoice is encrypted random number, the receiving unit is additionally operable to:
Second random number that the hardware device is sent is received, wherein, also comprising described the in the request of making out an invoice
Two random numbers.
In some embodiments of the invention, based on aforementioned schemes, the network linking is linked including Quick Response Code.
According to the fifth aspect of the invention, it is also proposed that a kind of generating means of electronic invoice, including:
Binding unit, the terminal of making out an invoice for the hardware device of safety certification and electronic invoice is bound;
Receiving unit, the information of making out an invoice of the electronic invoice for receiving the terminal transmission of making out an invoice;
Processing unit, for the information of making out an invoice to be encrypted, obtains ciphertext;
Transmitting element, for the ciphertext to be sent to the terminal of making out an invoice, so that the terminal of making out an invoice is based on described close
Text generates the network linking that request of making out an invoice is sent to server.
In some embodiments of the invention, based on aforementioned schemes, it is stored with the hardware device for being made out an invoice
The digital certificate and trust chain of certification, the binding unit are configured to:
The digital certificate and trust chain are sent to the terminal of making out an invoice, so that the terminal of making out an invoice is demonstrate,proved with the numeral
Book and trust chain are bound.
In some embodiments of the invention, based on aforementioned schemes, the receiving unit is additionally operable to, and is made out an invoice end described in reception
Hold the first random number sent;The processing unit is additionally operable to, based on the digital certificate stored in the hardware device to described
First random number is signed, and obtains result of signing;The transmitting element is additionally operable to, and the signature result is sent to described and opened
Ticket terminal, so that the identity for making out an invoice hardware device described in terminal-pair is authenticated.
In some embodiments of the invention, based on aforementioned schemes, the generating means of the electronic invoice also include:Storage
Unit, for storing the shared key from the server;
The processing unit is configured to:
The information of making out an invoice is signed based on the digital certificate, signature value is obtained;
The second random number is generated, interim conversation key is generated according to second random number and the shared key;
Information is made out an invoice and the signature value is encrypted to described by the interim conversation key, the ciphertext is obtained.
In some embodiments of the invention, based on aforementioned schemes, the transmitting element is additionally operable to:It is random by described second
Number is sent to the terminal of making out an invoice.
In some embodiments of the invention, based on aforementioned schemes, the memory cell arrangements are:
In the case where the shared key is encrypted by the digital certificate for the server, based on the number
Word certificate is decrypted, to obtain the shared key.
According to the sixth aspect of the invention, it is also proposed that a kind of generating means of electronic invoice, including:
Receiving unit, the request of making out an invoice for receiving electronic invoice includes for safety certification in the request of making out an invoice
Hardware device the information of making out an invoice of electronic invoice is encrypted after obtained ciphertext;
Decryption unit, for the ciphertext to be decrypted, obtains the information of making out an invoice;
Processing unit, for based on the information generation electronic invoice of making out an invoice.
In some embodiments of the invention, based on aforementioned schemes, the generating means of the electronic invoice also include:Generation
Unit, is stored to the hardware device for generating shared key, and by the shared key, so that the hardware device is based on
The information of making out an invoice is encrypted the shared key.
In some embodiments of the invention, based on aforementioned schemes, it is stored with to make out an invoice for progress in the server and recognizes
The digital certificate of card, the generation unit is configured to:Imported after the shared key is encrypted based on the digital certificate
The hardware device.
In some embodiments of the invention, based on aforementioned schemes, it is stored with to make out an invoice for progress in the server and recognizes
The digital certificate of card, also includes the second random number of the hardware device generation, the decryption unit in the request of making out an invoice
It is configured to:
Interim conversation key is generated according to second random number and the shared key;
The ciphertext is decrypted based on the interim conversation key, make out an invoice information and the information of making out an invoice is obtained
Signature value;
The signature value is verified according to the digital certificate;
After being verified to the signature value, it is determined that obtaining the information of making out an invoice.
In the technical scheme that some embodiments of the present invention are provided, due to being by the hardware for safety certification
Information of making out an invoice is encrypted equipment, therefore AES can perform in hardware, and then it is possible to prevente effectively from letter of making out an invoice
The problem of breath is maliciously distorted and forged.And by being total to by terminal of making out an invoice, for the hardware device and server of safety certification
With cooperation, and issuing for electronic invoice is realized according to digital certificate, the data safety of electronic invoice can be effectively ensured, favorably
In the further genralrlization of value-added tax electronic invoice business.
Embodiment
Example embodiment is described more fully with referring now to accompanying drawing.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the present invention will more
Fully and completely, and by the design of example embodiment those skilled in the art is comprehensively conveyed to.
Implement in addition, described feature, structure or characteristic can be combined in any suitable manner one or more
In example.Embodiments of the invention are fully understood so as to provide there is provided many details in the following description.However,
It will be appreciated by persons skilled in the art that technical scheme can be put into practice without one or more in specific detail,
Or can be using other methods, constituent element, device, step etc..In other cases, it is not shown in detail or describes known side
Method, device, realization operate to avoid fuzzy each aspect of the present invention.
Example embodiment is described more fully with referring now to accompanying drawing.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the present invention will more
Fully and completely, and by the design of example embodiment those skilled in the art is comprehensively conveyed to.
Implement in addition, described feature, structure or characteristic can be combined in any suitable manner one or more
In example.Embodiments of the invention are fully understood so as to provide there is provided many details in the following description.However,
It will be appreciated by persons skilled in the art that technical scheme can be put into practice without one or more in specific detail,
Or can be using other methods, constituent element, device, step etc..In other cases, it is not shown in detail or describes known side
Method, device, realization operate to avoid fuzzy each aspect of the present invention.
Block diagram shown in accompanying drawing is only functional entity, not necessarily must be corresponding with physically separate entity.
I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit
These functional entitys, or realize in heterogeneous networks and/or processor device and/or microcontroller device these functional entitys.
Flow chart shown in accompanying drawing is merely illustrative, it is not necessary to including all contents and operation/step,
It is not required to perform by described order.For example, some operation/steps can also be decomposed, and some operation/steps can be closed
And or part merge, therefore the actual order performed is possible to be changed according to actual conditions.
Explained individually below in terms of the terminal of making out an invoice of electronic invoice, the hardware device for safety certification and server three
State the technical scheme of the embodiment of the present invention:
The terminal of making out an invoice of electronic invoice
Fig. 1 diagrammatically illustrates the flow chart of the generation method of electronic invoice according to first embodiment of the invention,
The executive agent of the generation method is the terminal of making out an invoice of electronic invoice.
Reference picture 1, the generation method of electronic invoice according to first embodiment of the invention, including:
Step S102, the terminal of making out an invoice of electronic invoice is bound with the hardware device for safety certification.
In an embodiment of the present invention, electronic invoice is the electronic image and electronical record of paper invoice, it is not necessary to papery
Carrier, needs not move through the printing link of traditional paper invoice.The terminal of making out an invoice of electronic invoice can be computer, smart mobile phone,
The equipment such as tablet personal computer, it can be communicated with the hardware device and server for safety certification.For safety certification
Hardware device is the equipment encrypted based on hardware, such as can be UKEY.
According to the exemplary embodiment of the present invention, step S102 is specifically included:The terminal of making out an invoice is set by the hardware
Standby hardware interface obtains the digital certificate and trust chain stored in the hardware device;The terminal of making out an invoice is demonstrate,proved with the numeral
Book and trust chain are bound, to be bound with the hardware device.
In an embodiment of the present invention, digital certificate is through certificate authority (Certificate Authority, CA)
The file comprising public-key cryptography owner information and public-key cryptography of digital signature;Trust chain is used to record numeral trusty
Relation between certificate.Digital certificate and letter are directly realized by hardware interface between terminal and the hardware device due to making out an invoice
Appoint the acquisition of chain, therefore it is possible to prevente effectively from the problem of digital certificate and trust chain are distorted by malice.
Step S104, the information of making out an invoice of electronic invoice is sent to the hardware device, so that the hardware device is to described
Information of making out an invoice is encrypted, and obtains ciphertext.
In an embodiment of the present invention, the information of making out an invoice of electronic invoice is included in the information that needs when issuing invoice are used,
Such as purchaser's title, seller title, seller Taxpayer Identification Number, trade name, quantity, unit price, the amount of money, the tax rate, tax
Volume etc. is when above-mentioned hardware device is connected with terminal of making out an invoice by hardware interface (such as USB interface), and terminal of making out an invoice can be by two
Connecting interface between the person information that will make out an invoice is sent to the hardware device.
Step S106, receives the ciphertext that the hardware device is sent.
Step S108, network linking is generated based on the ciphertext, and the network linking, which is used to send to server, includes institute
The request of making out an invoice of ciphertext is stated, so that the ciphertext is decrypted the server obtains the information of making out an invoice, and based on described
Information of making out an invoice generates electronic invoice.
In an embodiment of the present invention, network linking preferably can be Quick Response Code link, so when user is set by movement
When standby (such as smart mobile phone) scans corresponding Quick Response Code, server can be linked to, to obtain the electronic invoice of server generation.
Certainly, network linking can also be http addresses, and user is linked to server by clicking on the http addresses and obtains corresponding
Electronic invoice.In addition, network linking can also be realized in other forms.
Based on the scheme shown in Fig. 1, in some embodiments of the invention, the generation method of the electronic invoice is also wrapped
Include:
When service is made out an invoice in startup, the first random number is generated;
First random number is sent to the hardware device, so that the hardware device is based in the hardware device
Digital certificate first random number is signed, obtain sign result;
The signature result is verified according to the digital certificate with the terminal binding of making out an invoice;
To the signature result verification after, to the hardware device send described in make out an invoice information.
The technical scheme of the embodiment can be set before terminal of making out an invoice sends information of making out an invoice to hardware device to the hardware
It is standby to be verified, the problem of information that causes to make out an invoice is by maliciously distorting to avoid hardware device illegal.
In some embodiments of the invention, based on aforementioned schemes, in the hardware device according to second generated at random
In the case that the information of making out an invoice is encrypted random number, in addition to:Receive that the hardware device sends described second with
Machine number, wherein, also include second random number in the request of making out an invoice.
In this embodiment, if information of making out an invoice is encrypted according to the second random number generated at random for hardware device,
Then in order to ensure that the obtained ciphertext of encryption can be decrypted for server, hardware device needs to send the second random number to opening
Ticket terminal, and terminal is made out an invoice when generating above-mentioned network linking, it is also desirable in view of the second random number, that is, need in guarantee
When stating network linking triggering, the second random number can be sent to server by request of making out an invoice.
Fig. 2 diagrammatically illustrates the block diagram of the generating means of electronic invoice according to first embodiment of the invention.
As shown in Fig. 2 the generating means 200 of electronic invoice according to first embodiment of the invention, including:Binding is single
Member 202, transmitting element 204, receiving unit 206 and processing unit 208.
Specifically, binding unit 202 is tied up the terminal of making out an invoice of electronic invoice with the hardware device for safety certification
It is fixed;Transmitting element 204 is used for the information of making out an invoice that electronic invoice is sent to the hardware device, so that the hardware device is to described
Information of making out an invoice is encrypted, and obtains ciphertext;Receiving unit 206 is used to receive the ciphertext that the hardware device is sent;Processing
Unit 208 is used to generate network linking based on the ciphertext, and the network linking, which is used to send to server, includes the ciphertext
Request of making out an invoice so that the ciphertext is decrypted the server obtains the information of making out an invoice, and based on the letter of making out an invoice
Breath generation electronic invoice.
According to the exemplary embodiment of the present invention, the network linking is linked including Quick Response Code.
In some embodiments of the invention, based on aforementioned schemes, the binding unit 202 is configured to:By described hard
The hardware interface of part equipment obtains the digital certificate and trust chain stored in the hardware device, by it is described make out an invoice terminal with it is described
Digital certificate and trust chain are bound, and the terminal of making out an invoice is bound with the hardware device.
In some embodiments of the invention, based on aforementioned schemes, the generating means of described electronic invoice also include:It is raw
Into unit (not shown in Fig. 2) and authentication unit (not shown in Fig. 2);
Wherein, the generation unit is used for, and when service is made out an invoice in startup, generates the first random number;The transmitting element 204
It is additionally operable to:First random number is sent to the hardware device, so that the hardware device is based in the hardware device
Digital certificate first random number is signed, obtain sign result;The authentication unit is used for, and is opened according to described
The digital certificate of ticket terminal binding is verified to the signature result;The transmitting element 204 is configured to:To the signature
Result verification is after, to information of being made out an invoice described in hardware device transmission.
In some embodiments of the invention, based on aforementioned schemes, in the hardware device according to second generated at random
In the case that the information of making out an invoice is encrypted random number, the receiving unit 206 is additionally operable to:Receive the hardware device hair
Second random number sent, wherein, also include second random number in the request of making out an invoice.
It should be noted that the generating means 200 of the electronic invoice shown in Fig. 2 can apply to making out an invoice for electronic invoice
Terminal, i.e., the terminal of making out an invoice of electronic invoice according to embodiments of the present invention includes the generating means 200 of the electronic invoice.
Hardware device for safety certification
Fig. 3 diagrammatically illustrates the flow chart of the generation method of the electronic invoice of second embodiment according to the present invention,
The executive agent of the generation method is the hardware device for safety certification.
As shown in figure 3, according to the generation method of the electronic invoice of second embodiment of the present invention, including:
Step S302, is bound for the hardware device of safety certification and the terminal of making out an invoice of electronic invoice.
In an embodiment of the present invention, the terminal of making out an invoice of electronic invoice can be computer, smart mobile phone, tablet personal computer etc.
Equipment, it can be communicated with the hardware device and server for safety certification.Hardware device for safety certification is
The equipment encrypted based on hardware, such as can be UKEY.
According to the exemplary embodiment of the present invention, the numeral card being stored with the hardware device for the certification that make out an invoice
Book and trust chain, then step S302 specifically include:The digital certificate and trust chain are sent to the terminal of making out an invoice, so that institute
Terminal of making out an invoice is stated to be bound with the digital certificate and trust chain.
Step S304, receives the information of making out an invoice for the electronic invoice that the terminal of making out an invoice is sent.
In an embodiment of the present invention, the hardware device for safety certification can be by the hardware between terminal of making out an invoice
Interface receives information of making out an invoice, and to avoid making out an invoice, information is tampered.
Step S306, is encrypted to the information of making out an invoice, obtains ciphertext.
In an embodiment of the present invention, the hardware device for safety certification is that information of making out an invoice is encrypted inside it
, it is that information of making out an invoice is encrypted by the way of hardware encryption, it is ensured that the Information Security of information of making out an invoice.
Step S308, the ciphertext is sent to the terminal of making out an invoice, so that the terminal of making out an invoice is given birth to based on the ciphertext
Into the network linking that request of making out an invoice is sent to server.
Based on the generation method of the electronic invoice shown in Fig. 3, in some embodiments of the invention, the electronic invoice
Generation method also includes:
First random number of terminal of being made out an invoice described in receiving transmission;
First random number is signed based on the digital certificate stored in the hardware device, signature knot is obtained
Really;
The signature result is sent to the terminal of making out an invoice, so that the identity of the hardware device described in terminal-pair of making out an invoice
It is authenticated.
The technical scheme of the embodiment can make the to make out an invoice identity of terminal-pair hardware device is verified, to avoid hardware from setting
The problem of causing to make out an invoice information for illegal by maliciously distorting.
According to the exemplary embodiment of the present invention, being total to from server if the hardware device for safety certification is stored with
Key is enjoyed, then above-mentioned steps S306 is specifically included:
The information of making out an invoice is signed based on the digital certificate, signature value is obtained;
The second random number is generated, interim conversation key is generated according to second random number and the shared key;
Information is made out an invoice and the signature value is encrypted to described by the interim conversation key, the ciphertext is obtained.
It should be noted that above-mentioned server can be imported shared key for the hard of safety certification by hardware interface
Part equipment, and stored by the hardware device.Given birth to by generating the second random number, and according to the second random number and shared key
Into interim conversation key, with by interim conversation key to making out an invoice information and signature value is encrypted so that can avoid using
Fixed key is come to making out an invoice information and signature value is encrypted and causes to make out an invoice information and signature value is maliciously stolen and usurped
The problem of changing.
In some embodiments of the invention, based on aforementioned schemes, the generation method of the electronic invoice also includes:By institute
The second random number is stated to send to the terminal of making out an invoice.
In this embodiment, by the way that the second random number is sent to terminal of making out an invoice so that terminal of making out an invoice is above-mentioned in generation
, that is, can be by request of making out an invoice by the when ensureing above-mentioned network linking triggering it is contemplated that the second random number during network linking
Two random numbers are sent to server, by server according to the second random number come computing generation interim conversation key, to be decrypted
Processing.
In some embodiments of the invention, based on aforementioned schemes, in the server by the digital certificate to institute
State in the case that shared key is encrypted, in addition to:It is decrypted based on the digital certificate, it is described shared close to obtain
Key.
Fig. 4 diagrammatically illustrates the block diagram of the generating means of the electronic invoice of second embodiment according to the present invention.
As shown in figure 4, according to the generating means 400 of the electronic invoice of second embodiment of the present invention, including:Binding is single
Member 402, receiving unit 404, processing unit 406 and transmitting element 408.
Specifically, binding unit 402 is tied up the terminal of making out an invoice for the hardware device of safety certification and electronic invoice
It is fixed;Receiving unit 404 is used for the information of making out an invoice for receiving the electronic invoice of the terminal transmission of making out an invoice;Processing unit 406 be used for pair
The information of making out an invoice is encrypted, and obtains ciphertext;Transmitting element 408 is used to send the ciphertext to the terminal of making out an invoice, with
The network linking that request of making out an invoice is sent to server is generated based on the ciphertext for the terminal of making out an invoice.
In some embodiments of the invention, based on aforementioned schemes, it is stored with the hardware device for being made out an invoice
The digital certificate and trust chain of certification, the binding unit 402 are configured to:The digital certificate and trust chain are sent to described
Make out an invoice terminal, so that the terminal of making out an invoice is bound with the digital certificate and trust chain.
In some embodiments of the invention, based on aforementioned schemes, the receiving unit 404 is additionally operable to, and is opened described in reception
The first random number that ticket terminal is sent;The processing unit 406 is additionally operable to, based on the digital certificate stored in the hardware device
First random number is signed, result of signing is obtained;The transmitting element 408 is additionally operable to, by the signature result hair
The terminal of making out an invoice is delivered to, so that the identity for making out an invoice hardware device described in terminal-pair is authenticated.
In some embodiments of the invention, based on aforementioned schemes, the generating means of the electronic invoice also include:Storage
Unit (not shown in Fig. 4), for storing the shared key from the server;
The processing unit 406 is configured to:
The information of making out an invoice is signed based on the digital certificate, signature value is obtained;
The second random number is generated, interim conversation key is generated according to second random number and the shared key;
Information is made out an invoice and the signature value is encrypted to described by the interim conversation key, the ciphertext is obtained.
In some embodiments of the invention, based on aforementioned schemes, the transmitting element 408 is additionally operable to:By described second
Random number is sent to the terminal of making out an invoice.
In some embodiments of the invention, based on aforementioned schemes, the memory cell arrangements are:It is logical in the server
Cross in the case that the shared key is encrypted the digital certificate, be decrypted based on the digital certificate, to obtain
The shared key.
It should be noted that the generating means 400 of the electronic invoice shown in Fig. 4 can apply to for safety certification
Hardware device, i.e., the hardware device for safety certification according to embodiments of the present invention includes the generating means of the electronic invoice
400。
Server
Fig. 5 diagrammatically illustrates the flow chart of the generation method of the electronic invoice of the 3rd embodiment according to the present invention,
The executive agent of the generation method is server.
Reference picture 5, according to the generation method of the electronic invoice of the 3rd embodiment of the present invention, including:
Step S502, server receives the request of making out an invoice of electronic invoice, includes in the request of making out an invoice and recognizes for safety
The ciphertext that the hardware device of card is obtained after the information of making out an invoice of electronic invoice is encrypted.
Embodiments in accordance with the present invention, the request of making out an invoice is to trigger above-described embodiment (embodiment for terminal of making out an invoice by user
With the embodiment of the hardware device for safety certification) in network linking after send.It is logical than such as above-mentioned network linking
Cross Quick Response Code to show, then after user scans the Quick Response Code by mobile phone, request of making out an invoice can be sent to server.
Step S504, the ciphertext is decrypted, and obtains the information of making out an invoice.
Step S506, based on the information generation electronic invoice of making out an invoice.
In some embodiments of the invention, based on aforementioned schemes, the generation method of the electronic invoice also includes:Generation
Shared key;The shared key is stored to the hardware device, so that the hardware device is based on the shared key pair
The information of making out an invoice is encrypted.
In an embodiment of the present invention, server can be by the hardware interface between the hardware device by shared key
Store into the hardware device, it is to avoid shared key is stolen.
In some embodiments of the invention, based on aforementioned schemes, it is stored with to make out an invoice for progress in the server and recognizes
The digital certificate of card, the generation method of the electronic invoice also includes:The shared key is carried out based on the digital certificate
The hardware device is imported after encryption.
In this embodiment, due to the digital certificate that is stored with hardware device (digital certificate comes from server), because
This by digital certificate to shared key after being encrypted and being imported in hardware device, and hardware device can be according to the numeral of storage
Certificate obtains the shared key.
In some embodiments of the invention, based on aforementioned schemes, it is stored with to make out an invoice for progress in the server and recognizes
The digital certificate of card, also includes the second random number of the hardware device generation, the ciphertext is entered in the request of making out an invoice
Row decryption includes:
Interim conversation key is generated according to second random number and the shared key;
The ciphertext is decrypted based on the interim conversation key, make out an invoice information and the information of making out an invoice is obtained
Signature value;
The signature value is verified according to the digital certificate;
After being verified to the signature value, it is determined that obtaining the information of making out an invoice.
Fig. 6 diagrammatically illustrates the block diagram of the generating means of the electronic invoice of the 3rd embodiment according to the present invention.
As shown in fig. 6, according to the generating means 600 of the electronic invoice of the 3rd embodiment of the present invention, including:Receive single
Member 602, decryption unit 604 and processing unit 606.
Specifically, receiving unit 602 is used for the request of making out an invoice for receiving electronic invoice, and including in the request of making out an invoice is used for
The ciphertext that the hardware device of safety certification is obtained after the information of making out an invoice of electronic invoice is encrypted;Decryption unit 604 be used for pair
The ciphertext is decrypted, and obtains the information of making out an invoice;Processing unit 606 is used for based on the information generation electronics hair of making out an invoice
Ticket.
In some embodiments of the invention, based on aforementioned schemes, the generating means 600 of electronic invoice also include:Generation
Unit (not shown in Fig. 6), is stored to the hardware device for generating shared key, and by the shared key, so that institute
Hardware device is stated the information of making out an invoice is encrypted based on the shared key.
In some embodiments of the invention, based on aforementioned schemes, it is stored with to make out an invoice for progress in the server and recognizes
The digital certificate of card, the generation unit is configured to:Imported after the shared key is encrypted based on the digital certificate
The hardware device.
In some embodiments of the invention, based on aforementioned schemes, it is stored with to make out an invoice for progress in the server and recognizes
The digital certificate of card, also includes the second random number of the hardware device generation, the decryption unit in the request of making out an invoice
604 are configured to:
Interim conversation key is generated according to second random number and the shared key;
The ciphertext is decrypted based on the interim conversation key, make out an invoice information and the information of making out an invoice is obtained
Signature value;
The signature value is verified according to the digital certificate;
After being verified to the signature value, it is determined that obtaining the information of making out an invoice.
It should be noted that the generating means 600 of the electronic invoice shown in Fig. 6 can apply to server, i.e. basis
The server of the embodiment of the present invention includes the generating means 600 of the electronic invoice.
Below in conjunction with Fig. 7 to Fig. 9 by UKEY of the above-mentioned hardware device for safety certification, the performance shape of network linking
Formula is Quick Response Code, above-mentioned terminal of making out an invoice be make out an invoice client, above-mentioned server be signature sign test server exemplified by this hair
The technical scheme of bright embodiment is described further.
In this embodiment, using hardware carriers of the UKEY as safety certification, UKEY inside composition schematic diagram such as Fig. 7
It is shown, its safe digital certificate and shared key.Digital certificate is used for carrying out authentication and digital signature, shared key
For protecting transmission data and mark user identity.All keys and crypto-operation are performed in hardware, while can be by user
Key is set to export.
Invoice backstage is using signature sign test server as hardware carrier, and safety stores shared key, and carries out password fortune
Calculate, it is same to ensure that key and crypto-operation are performed in hardware.
When using UKEY, first using digital certificate authentication UKEY identity, it is verified rear and can be used.In generation two
Tie up before code, information of making out an invoice is encrypted using shared key, digital certificate is signed to information of making out an invoice.Invoice backstage is received
To after request of making out an invoice, using signature sign test server decryption original text, and signature is verified.
The basic flow sheet of the generation method of the electronic invoice of the embodiment of the present invention is illustrated in figure 8, is specifically included:According to
Shops's information generates and provides digital certificate, is stored in UKEY safely;Shared key is issued;Terminal of making out an invoice binds UKEY;Open
Ticket terminal authentication UKEY;Information of making out an invoice is encrypted, Quick Response Code is generated;Transmission is made out an invoice request;Decrypt Quick Response Code;Generate and issue electronics
Invoice is to user.The flow is described in detail below in conjunction with Fig. 9:
As shown in figure 9, the idiographic flow of the generation method of the electronic invoice of the embodiment of the present invention, including following several mistakes
Journey:
1st, initial distribution
(1) digital certificate issued
Specifying information (including shops's information etc. of selling goods) is submitted CA companies by publishing platform, CA companies provide digital certificate and
Trust chain, and be stored in UKEY, while by signature sign test server of the digital certificate store in publishing platform.
Wherein, hardware UKEY has in uniqueness, read-only property, encryption, anti-tamper, anti-copying characteristic, UKEY and deposited
The digital certificate of storage is unique, and internally stores by encryption, can not export, can not change.
(2) shared key is issued
Signature sign test server generates AES-256 symmetric keys (i.e. shared key) at random, and stores safely.Meanwhile, make
It is encrypted in importing UKEY with digital certificate, whole process is carried out within hardware, it is ensured that key does not go out hardware.
(3) client of making out an invoice is issued
Quick Response Code client of making out an invoice (shows the Quick Response Code component for client of making out an invoice, does not show that the client that makes out an invoice in Fig. 9
End) initialization distribution when, call UKEY interfaces to obtain digital certificate information and trust chain in the UKEY, and by obtained data
With client binding of making out an invoice, so that this is made out an invoice, client is bound with the UKEY.
2nd, terminal authentication
Start Quick Response Code make out an invoice service when, Quick Response Code component firstly generates random number, by UKEY to the random number and other
Authentication information is signed.Afterwards, Quick Response Code component verifies that numeral is demonstrate,proved in user UKEY according to the user profile bound when issuing
Book validity and UKEY after being verified, can start the Quick Response Code service of making out an invoice to the signature of random number.
3rd, Quick Response Code is generated and request of making out an invoice
Open after service, the Quick Response Code service of making out an invoice is to the incoming information of making out an invoice of UKEY, and UKEY is split with digital certificate first
Ticket information generates signature value;Then random number is produced in UKEY, and MAC operation is carried out with shared key, special meeting is calculated
Key is talked about, information of making out an invoice is encrypted with signature value with interim conversation key, and ciphertext and random number are returned into Quick Response Code
The service of making out an invoice.
Quick Response Code, which is made out an invoice, to be serviced ciphertext, random number, entity information (client-side information of such as making out an invoice), address of service (such as
Sell goods shops's information etc.) etc. information package generation Quick Response Code.Preferably, the two dimension can be directly printed in consumption receipt
Code.
4) Quick Response Code decryption is generated with invoice
After user is by user's terminal scanning Quick Response Code, request of making out an invoice can be initiated, publishing platform receives request of making out an invoice
Afterwards, signature sign test server is called;Signature sign test server finds corresponding shared key, and carrying out MAC operation with random number obtains
To interim conversation key;Make out an invoice information and signature are obtained using interim conversation secret key decryption ciphertext, entity certificate and signature is used
Value verifies authenticity, the integrality for information of making out an invoice.After being verified, platform preserves make out an invoice information and signature value, and generates electronics
Invoice.Wherein, electronic invoice can be PDF format.After generation electronic invoice, wechat, multimedia message, mail etc. can be passed through
Mode is pushed to user.
Although it should be noted that being referred to some modules or list of the equipment for action executing in above-detailed
Member, but this division is not enforceable.In fact, according to the embodiment of the present invention, it is above-described two or more
Module or the feature and function of unit can embody in a module or unit.Conversely, an above-described mould
The feature and function of block or unit can be further divided into being embodied by multiple modules or unit.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can be realized by software, can also be realized by way of software combines necessary hardware.Therefore, according to the present invention
The technical scheme of embodiment can be embodied in the form of software product, the software product can be stored in one it is non-volatile
Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are to cause a calculating
Equipment (can be personal computer, server, touch control terminal or network equipment etc.) is performed according to embodiment of the present invention
Method.
Those skilled in the art will readily occur to its of the present invention after considering specification and putting into practice invention disclosed herein
Its embodiment.The application be intended to the present invention any modification, purposes or adaptations, these modifications, purposes or
Person's adaptations follow the general principle of the present invention and including undocumented common knowledge in the art of the invention
Or conventional techniques.Description and embodiments are considered only as exemplary, and true scope and spirit of the invention are by following
Claim is pointed out.
It should be appreciated that the invention is not limited in the precision architecture for being described above and being shown in the drawings, and
And various modifications and changes can be being carried out without departing from the scope.The scope of the present invention is only limited by appended claim.