Digital certificate method based on notarial informationOne. technical field
The present invention discloses a kind of digital certificate method, particularly based on the Procedure of Notary of notary organization and the digital certificate method of notarial information.
Two. background technology
What China carried out always for many years is the anonymous system in the Internet.Because " excessively free " state of this network anonymous system causes problems such as the disseminating of false and fallacious message on the Internet, network fraud, internet-relevant violence, network money laundering, hacker wreak havoc serious day by day, become factors leading to social instability, also seriously hindered further developing of China the Internet.To this, country has taked to have obtained local renovating effect such as counter-measures such as the registration of Internet bar's real name, the registration of Email real name, encourage growth network security technologys.Simultaneously, country has also issued decree rules and the national standards that tens of network securitys are relevant, particularly 2008 China " two Conferences " hold during the Real-name Registration legislation shown great attention to.This curtain that is shown in China's " Real-name Registration " will in advance soon formally draw back.
Under the Real-name Registration, the recognition and verification of net user's true identity is the necessary key link of network security.The existing authentication product of China is numerous, and its technology almost all is PKI system i.e. " public key architecture ".PKI (Public Key Infrastructure) is a kind of key management platform of following set standard, is the infrastructure that security service is provided of utilizing the PKI theory and technology to set up.In the PKI system, net user's identity is confirmed by its digital certificate of holding, and digital certificate is signed and issued by having authenticating authority mechanism (CA), and it is the core of PKI.The signature and the distribution of all entity certificates is responsible at the CA safety certification center.From view of theory, the fail safe of PKI system is a most perfect present solution.But, PKI is also pessimistic in the present application situation of China, only see with regard to construction and the ruuning situation of CA, because the PKI core technology is subjected to the influence of u.s. export restriction and causes domestic PKI technical standard disunity, ca authentication mechanism is subjected to the disease humiliation to granting and rigorous inadequately its authority that causes of audit of certificate, drop into number of C A authentication center that huge fund sets up and can't satisfy the reasons such as basic demand of third party's authenticating authority mechanism owing to its tangible region and professional, domestic ca authentication organizational construction still is in disordered state, though expensive tens billion of its practical application situations are still very undesirable.
Notary system is the preventative structure of the law of a current international practice, be the specialized agency and the professional thereof of state's laws mandate, through party's application,, prove the structure of the law of its authenticity, legitimacy, legitimacy to the relevant law behavior, by the document and the fact of legal sense.The preventive measure of notary system and to the appropriateness intervention of people's business activity for ensureing transaction security, is dissolved transaction risk, reduces cost of judicial, alleviates party's caseloads, and strengthening the social credibility construction has irreplaceable important function undoubtedly.Notarization is the application of notary organization according to natural person, legal person or its hetero-organization, according to legal procedure to the authenticity of act in-the-law, the fact that legal sense is arranged and document, the activity that legitimacy is proved, notarization is a sign that society is sincere, it is the system of a national preclude disputes, be the means that reduce the marketing risk, reduce the dependence of right relief cost especially.Notary organization sets up in accordance with the law, does not accomplish the object of profit making, independent in accordance with the law public welfare and non-profit-making certifying authority of exercising attest function, independent by bear civil liability.Notary organization or notary obtain and exercise this proof power by the mode of state's laws mandate.Through the item of certification by a notary, has preferential evidential effect and the corresponding effectiveness of executing in accordance with the law.Notarization mechanism of the existing thousands of family of China has covered all parts of the country with relevant professional website at present, has established the basis of legal principle and enforcement for the individual provides the public affairs letter proof of legal identity.Therefore, introducing notary organization's this link of Procedure of Notary in electronic identity authentication makes it give full play to the proof that law authorizes to weigh this unique status and effect, can effectively prevent has the drawbacks such as many technology, investment and operation that ca authentication presented under the PKI system now, thereby effectively promotes the fast development of China's internet real-name.
Three. summary of the invention
The purpose that the present invention is based on the digital certificate method of notarial information is to provide a kind of new digital certificate, the fail safe of this digital certificate is based on the Procedure of Notary of notary organization and notarial information rather than based on common PKI system, effect with the existing notary organization of performance China overcomes the existing all drawbacks of PKI system.
For realizing the present invention's purpose, the invention provides a kind of new digital certificate method based on notarial information, may further comprise the steps:
A, user real identification and the notarization of mirror mark.The user submits true legal users proof of identification to and uses the mirror standard specimen originally to notary organization, and notary organization provides papery notarization file according to legal Procedure of Notary after the strictness audit.
B, the encapsulation of notarization stamp information.For the key message of describing this notarial document and the industrial and commercial registration information of notary organization are set up e-file, and encrypt the electronic data file bag that is encapsulated as unique form, the present invention is called " notarization is stabbed ".The stamp information registering of will notarizing is as required gone into special notarization and is stabbed in the information database.
C, digital certificate information binding encapsulation.With subscriber identity information, user reflect mark information, key information, and notarization stamp information, according to special form processing conversion and pack, form the customer digital certificate packet.Form reflect mark information, key information and the stamp information of notarizing of its summary and subscriber identity information, user with HASH coding then and encrypt encapsulation, make packaged information to change.
D, digital certificate generate.The digital certificate information packet of aforementioned binding encapsulation is stored in the dedicated storage means, and provides and use to the user.
Described user identity proof can be to meet national regulation proof of identification certificate, comprises business license that identity card that the individual uses, the industry and commerce that unit uses issues, unit code card, other special-purpose certificates etc.
The described user standard specimen that reflects refers to that originally the user needs the discriminating identification document that uses in application-specific, comprises that official stamp, individual seal, idiograph, individual fingerprint, personal identity card and other are used to the special proof certificate sample that proves that identity and proof behavior are renderd a service.
Described notarization stamp information comprises the industrial and commercial registration information of notary organization, notary organization's title, Institution Code, business license information, address information, official stamp etc., can review information comprise notarization activity duration the information in addition and work operations personal information of notarizing etc.
Described notarization is stabbed information database and can be set up by this notary organization, also can according to circumstances be set up by the third party service organization.And the application support that information database should provide legal external inquiry to verify is stabbed in notarization.
Described key information adopts symmetric key or unsymmetrical key to be determined by the encipher-decipher method that concrete application system adopted.
The dedicated storage means of described digital certificate can be decided according to concrete application, and for example USB-KEY, IC-card and other are through custom-designed isolated plant with have the device that mobile storage is used ability.
Result of use of the present invention is:
The present invention adopts notary organization's notarization stamp technology to solve the proof and the discriminating problem of the true legal identity of user.The present invention makes full use of the mode of notary organization by the state's laws mandate and obtains and exercise this proof power, item through its certification by a notary has preferential evidential effect in accordance with the law and executes special status and the function that this law of effectiveness is authorized accordingly, and covers distribution service mechanism in all parts of the country.Smooth implementation " legal identity notarization " work immediately on the original functional basis of notary organization.Substitute present ca authentication mechanic mode thus, can be country and save the huge expensive of thousands of and even trillions of ca authentication organizational constructions, and can be put to immediately implement in full, effectively overcome simultaneously the authority of technical standard disunity that existing PKI system causes, authentication and fairness is not high and significantly region and professional cause the not high drawback of versatility.Digital certificate of the present invention can be widely used in NSLOOKUP, network information issue, online game, Internet chat, web blog, the safe electronic seal application/safe electronic signature of trade contract signature in the network electronic commerce is used, circulation of official document link in the E-Government, license application to get in the administrative affair, examine, issue flow process and window service, the dedicated service system of all kinds of enterprises and institutions, and bank, telecommunications, the operation of windows such as insurance is professional, stays in the hotel, aviation is boarded, customs's authenticating user identification under the internet real-name of field such as be open to the custom.
Four. description of drawings
Fig. 1 is the logical process schematic flow sheet that the present invention is based on the digital certificate method of notarial information.
Five. embodiment
Embodiment 1
Present embodiment explanation the present invention is based in the digital certificate method of notarial information the reflect preservation of information such as mark information, user key, notary organization's notarization stamp of subscriber identity information, user under the conventional applicable cases.In the present embodiment, storage subscriber identity information, the user dedicated storage means employing USB-KEY of information such as mark information, key information, notary organization's notarization stamps that reflects.Every use possesses the application scenario of the PC of USB interface, comprise that the license in common online application, e-commerce and e-government, the administrative affair applies to get, examines, issues flow process and window service, the special business system of all kinds of enterprises and institutions, and window operation such as bank, telecommunications, insurance are professional, and the authenticating user identification occasion under the field systems of real name such as hotel lodging, aviation, customs all can adopt this scheme.
Embodiment 2
Present embodiment explanation the present invention is based in the digital certificate method of notarial information the reflect preservation of information such as mark information, key information, notary organization's notarization stamp of subscriber identity information, user under the special cases.In the present embodiment, storage subscriber identity information, user reflects the dedicated storage means employing of information such as mark information, key information, notary organization's notarization stamps through custom-designed isolated plant.This scheme can be adopted in some special application scenarios.
Embodiment 3
Present embodiment explanation the present invention is based in the digital certificate method of notarial information the reflect preservation of information such as mark information, key information, notary organization's notarization stamp of subscriber identity information, user under bank's IC-card applicable cases.Need provide the notarization and the notarization of notary organization to stab when in the present embodiment, the user opens the books the family.Subscriber identity information, the user information such as mark information, key information, notary organization's notarization stamp of reflecting will directly store in the IC-card.The user carries out storage/access money when transaction on electric terminals such as bank ATM, the true and false of differentiating user identity is stabbed in the notarization of directly reading in the IC-card, and keeps subscriber identity information, the user information such as mark information, user key of reflecting in Flow Record.