Electronic tax filing is an integral part of e-government construction. In the electronic tax filing system, the tax authorities use their own information management systems to use modern information technology, especially Internet technology, to exchange data on remote tax-related information with taxpayers, and to network with banks and treasury to provide taxpayers. Comprehensive, convenient, fast and efficient electronic filing and taxation services. Since the tax authorities electronically deduct the tax based on the tax returns transmitted by the taxpayer through the electronic filing system, it is especially important to authenticate the taxpayer and encrypt and transmit the tax information.
In order to solve the security problem of the tax filing system, security technologies such as data encryption and digital signature have been applied to the electronic tax filing system. Although these technologies ensure that tax filing information is based on ciphertext during transmission and storage, the security issues used to encrypt tax information and digital signature keys are not solved: keys are often stored in the receiving and receiving terminals of the tax filing system or On the CA server of the tax authorities, with the development of cyberattack technology, the current method of preserving keys poses a serious threat to the security of the electronic filing system. Moreover, the problem of taxpayer identity authentication in the system is only solved by means of user name and password. This method can not only provide two-way authentication, but also causes significant losses to taxpayers and tax authorities once the username and password are leaked. In order to solve the security problems in the identity authentication and key management of the electronic tax filing system, this paper proposes a security solution based on fingerprint identification and smart card technology.
1 Related work
1.1.1 PKI-based electronic tax filing system security program
(1) Registration stage
During the registration phase, the taxpayer's relevant information is stored in the client. The information stored includes taxpayer basic information, digital certificate, private key, server-side public key, MD5 digest algorithm, and RSA encryption algorithm. The server on the tax side performs key management. The key management server runs the key management service software to implement management of backup keys, registration keys and archive keys, authentication and authorization of key issuance, invalidation and recovery applications, generation, issuance, registration, and cancellation of keys. Archiving and recovery, key administrator, RA administrator and device registration and management, key management log recording, key management center management and maintenance. After the key is generated and distributed, in order to ensure the security of the key, the taxpayer's key can be directly destroyed, and only the taxpayer's public key information is saved. On the server, the security mechanism of the operating system and the database itself can be used to secure the security of keys and certificates.
(2) Certification stage
Each taxpayer using the electronic tax filing system holds a pair of public and private keys to complete operations such as encrypting, decrypting, signing, verifying signatures, and the like. If using Pubi (i = c, s), the public key of the taxpayer (subscript denoted by c) and the tax authority (subscript denoted by s); Prii (i = c, s) indicates the private taxpayer and tax authority key;
Pube i ( x) ( i = c, s) indicates that the content x is encrypted with the public key; Pubdi ( x) ( i = c, s)
Indicates that the content x is decrypted with a public key; Priei ( x) ( i = c, s) indicates that the content x is encrypted with a private key; Prid i ( x) ( i = c, s) indicates that the content x is decrypted with the private key; MD5 (x) indicates MD5 digest processing on content; DESe (k, x) indicates DES encryption of content x with key k; DESd (k, x) indicates DES decryption of content x with key k [3] .
The taxpayer's process of generating identity authentication information is shown on the left side of Figure 1. 1 The taxpayer enters the username and password information p and randomly generates the DES encryption key k; 2 combines p and k into a; 3 uses the public key Pubs of the tax authority to encrypt a to obtain ea; 4 performs MD5 digest processing on ea As a result of m, the taxpayer's private key Pric encrypts m to obtain em; 5 connects the contents ea and em together to form authentication information sm, and directly sends sm to the tax authority's tax filing server.
The process of the tax authority's identity authentication for taxpayers is shown in Figure 1.
1 Divide the received authentication information sm into two segments ea and em; 2 decrypt the em with the taxpayer's public key Pubc to obtain m, and use the MD5 algorithm to summarize the ea to obtain mn; 3 compare the contents of mn and m, if Different, it proves that the authentication information has changed during the transmission process, discarding the authentication information, and notifying the taxpayer; if the same, using the private key Pris of the tax authority to decrypt ea, and separating ea into p and k, p Compare with the username and password in the server. If it matches, use k as the DES key of the transaction, otherwise notify the taxpayer that the password is incorrect.
.jpg)
(3) Transmission phase
The taxpayer generates tax return information as shown on the left side of Figure 2. 1 The taxpayer sender writes the tax information c; 2 uses KE as the key to perform DES encryption on the tax information, and obtains the tax information ec in the form of cipher text; 3 performs MD5 digest processing on ec to obtain the result m, with the taxpayer's private key Pric Encrypting m to get em; 4 linking the contents ec and em together to form the tax return information sm, and sending the sm to the tax authority's tax filing server.
The process of receiving tax returns from the tax authorities is shown on the right side of Figure 2. 1 Divide the tax return information sm into two segments: ec and em; 2 decrypt the em with the taxpayer's public key Pubc to obtain m, and use the MD5 algorithm to summarize the ea to obtain mn; 3 compare the contents of mn and m, if Different, it proves that the tax return information has changed during the transmission process, discarding the tax return information and notifying the taxpayer; if the same, the DES is decrypted by es with k as the key, and the tax return information c is obtained.
.jpg)
The existing scheme has the following defects: sensitive information such as private keys is stored on the taxpayer's side and is easily cracked; if the taxpayer's private key is obtained by others, the entire system has no security at all; because the username is leaked, the attacker can Impersonating another person to log in; the user's confidentiality awareness is not strong, the password is easy to leak; the password is easy to be guessed, and because there is no locking mechanism, the attacker can take a strong attack to make password guessing; once the attacker obtains the user in the server database / Password table, you get the password of all users.
1.1.2 Smart Card Technology
A smart card is a device consisting of one or more integrated circuit chips (including software that is solidified in the chip) that can securely store sensitive information such as keys, certificates, and user data to prevent hardware-level tampering. In many applications, smart card chips can independently perform security-sensitive computing tasks such as encryption, decryption, identity authentication, and digital signature, thereby improving application system anti-virus attacks and preventing leakage of sensitive information.
According to the composition of the smart card, it can be divided into three categories:
(1) General memory card. The embedded chip is equivalent to the ordinary serial E2 PROM, and it does not have the information security function itself, and can only be used in applications with low confidentiality requirements.
(2) Encrypt the memory card. Its embedded chip adds control logic outside the memory area. Passwords need to be checked before accessing the storage area, and are generally used in applications that require simple privacy requirements.
(3) CPU card. The embedded chip is equivalent to a special type of single-chip microcomputer. In addition to the controller, memory, timing control logic, etc., it also has an algorithm unit and an operating system, which is widely used in applications where information security requirements are particularly high.
Using a smart card has the following advantages: 1 The private key is not readable. The software and hardware design of the smart card strictly controls the use rights of the user's private key, and can only be used when the conditions are met, thus protecting the security of the private key. 2 card signature, verification. The signature and verification functions of the private key are implemented in the card, and there is no possibility of leakage of the private key during transmission. Since smart cards have the above characteristics, the introduction of smart card technology in the electronic tax filing system can greatly improve the security of the system.
1.1.3 Fingerprint Identification Technology
Due to the high stability, uniqueness, acceptability and easy accessibility of human fingerprint features, and the continuous maturity of fingerprint recognition technology, fingerprint features can be used for identity authentication. A popular feature in fingerprint recognition algorithms is fingerprint recognition based on Minutiae, the details of which are the branches and ends of the ridges in the fingerprint image.
Fingerprint recognition technology mainly includes reading fingerprint images, fingerprint image preprocessing, fingerprint image feature extraction, saving and comparison. 1 After reading the image of the human fingerprint through the fingerprint and obtaining the fingerprint image, the original image is subjected to preliminary processing to reduce the noise and make it clearer. 2 Extract feature data, which is a one-way conversion, which can be converted from fingerprint to feature data, but cannot be converted from fingerprint data to fingerprint, and two different fingerprints will not produce the same feature data. 3 Compare the feature data of the two fingerprints by computer fuzzy comparison method, calculate their similarity degree, and finally get the matching result of the two fingerprints. The fingerprint feature template can be saved on the server, and when the user logs in, the newly collected fingerprint information is compared with the fingerprint feature template stored in the computer to authenticate the identity of the user.
2 Electronic tax filing system security scheme based on fingerprint identification and smart card technology
This small plastic trash can is mainly made by Eco-friendly plastic PP or ABS. The living room garbage bin with press lid will easily replace the top open Wastepaper Basket in your home. Living room garbage bin with press lid can protect your room environment away from the bacterium and virus. Small plastic trash bin won't take up too much space of your room and easy to clean.
Room press type trash bin, Small plastic trash can, Living room garbage bin with press lid
ZHEJIANG ERHUI TECHNOLOGY CO.,LTD , https://www.jahhome.com