Business background

    Intensity of identity authentication problem: customs business system involving various types of customers (such as: logistics enterprises, production and trade enterprises, etc.) with the method of "account + password" login system, security level is not high, there are serious security hidden danger, extremely easy to be cracked and steal, and requires a higher authentication technology strength, improve the strength of certification to ensure the safety of business applications;
    Data confidentiality issue: the customs business system platform is based on the network to share and exchange data with logistics enterprises, production enterprises, trading enterprises, financial institutions, maritime departments and other government departments. How to guarantee the confidentiality and integrity of the exchanged data has become an important security issue facing the current customs system platform.
    Anti-repudiation and retroactive audit: related enterprises, financial institutions and government agencies frequently conduct business operations such as login, query and download in the customs business system. Therefore, how to counter repudiation and retroactive audit in the key operations, data generation and online payment process has become a top priority.
Solution

    Provide comprehensive certificate services to relevant user organizations of customs business by adopting a third-party authoritative CA system or building an industry PKI/CA certificate certification system;
    The scope of certificate issuance covers: logistics companies, manufacturing companies, trading companies, financial institutions, other information platforms and relevant government agencies, through the issuance of user/institution  certificates to identify relevant companies, and conduct full life cycle management of certificates.

    The user logs in to the customs business system through IE or a client program. The customs business system requires the user to present a digital certificate, complete the certificate validity verification through the identity authentication gateway, and verify that the user successfully accesses the business system;

    When the user performs key operations/data generation in the customs business system, the user terminal calls the API interface to sign/envelope and sends it to the system server. After the system server receives the information and data, it calls the digital signature server to perform signature verification and de-envelope;
    Through the identity authentication gateway and digital signature server, the authenticity and non-repudiation of user identity information, the integrity of data information, and the privacy of sensitive data are effectively guaranteed.
    The system of other institutions transmits sensitive data to the front-end processor, which calls the digital signature server through the API interface, signs the sensitive digital and makes an envelope and sends it to the customs business system;
    The front-end computer of the customs business system calls the digital signature server through the API interface to verify the signature and decrypt the envelope. After the verification is passed, the customs business system completes the subsequent logical operations;
    The digital signature server between institutions effectively guarantees the authenticity and non-repudiation of the identity information of the institutions, the integrity of data information, and the privacy of sensitive data.

Solution value

    Authentic user identity: Use PKI/CA digital certificate as user identity to enhance system user authentication strength, avoid unauthorized user access, and ensure the authenticity and credibility of various users/institutions in the customs business system;
    Data integrity and confidentiality: Through the application of digital signature/digital envelope technology, the data exchange information encryption and integrity protection between the user end and the customs business system server, the customs business system server and the service end of other institutions are realized to ensure the customs Business information will not be leaked, stolen or tampered with in the middle, providing security support for reliable data communication;
    Operational non-repudiation: When the customs business system completes related operations or data generation, digital signatures are used to implement digital signatures on key operations or data, which effectively guarantees that the operating parties cannot deny their own operations and provide technical guarantees for retrospection .