Solution of single login system for three-stage Golden Tax Project

Solution of single login system for three-stage Golden Tax Project

This project establishes the application security supporting platform of the network, supporting unified management, unified ID authentication, single login and ID authentication and digital signature based on digital certification of network users and authority, ensuring the correction of system information.

The establishment of application security supporting platform for the special business network support the unified management of network users and authority, unified ID authentication, single login and ID authentication and digital signature based on digital certification.

Establish application security supporting platform for the external network to support ID authentication and digital signature based on digital certification.

1.1.1 总体架构


1.1.2Main functions

1)Unified user management service. Unified users management provides services of centralized user information management, user account maintenance, password strategy management, and authorization management for applications of many businesses, which ensures the synchronization of the only ID account information and the account information of multi-application system within the unified users management system. Unified users management is the foundation for the realization of user’s ID sharing, unified ID authentication and multi-applications’ single login. Unified users management can get internal users and external users’ basic information through the tax human resource system and comprehensive collection and management system.

2)Unified ID storage service. Unified ID storage uses LDAP and supports relational database pattern, which is the major data storage resource of tax users’ ID information. It provides users’ ID information storage, application users’ accounts, authentication methods and authorized information storage for the unified users’ management. It also offers unified synchronization of users’ information for all application systems, provides authentication data of authorized users and ID authentication for the unified ID authentication service. It also is responsible for the synchronization and maintenance of users’ ID information for all levels’ storage systems.

3)Unified ID authentication. Unified ID authentication provides unified user ID authentication service and approves data based on the users’ ID information in the unified ID storage. Unified ID authentication service supports multiple authentication patterns, which include static password, digital certificate, dynamic password and SMS, to meet the needs of multi-security. After passing the ID authentication, users can access authorized application systems through single login service, realizing the ID authentication sharing among different application systems.

4)Single login. Single login service solves the multi-identified issues when accessing the multiple application system. Single login provides the users the access of all application systems’ service within the right of authorization through one time of authentication, which supports the crossing area authentication between central department and province department (“roaming”). Single login should support the working doors of the central department’s business.

5)Digital authentication application service. Digital authentication application service is based on the public key infrastructure (PKI), which supports the digital certificates signed by the three stage golden tax project’s authentication system and other digital certificates signed by other authorities which fit the requirements of the nation and taxing, providing the services of digital signature authentication, digital certification’s ID authentication, data coding and decoding, secure accessing and coding of distribution channels for the application system.

1.1.3 Logical arrangement picture


Product Recommendation

Tiankuo I620-G30, developed by Sugon based on Intel ® xeon ® extensible processor platform, has extensive uses as a two-way server. I620-G30, which is fully self-developed, possesses superior computing performance and powerful IO expanding capacity, realizing high performance and high expansibility to the maximum extent, so it can meet the needs of all industries. I620-G30 server is very suitable for finance, securities, transportation, post, telecommunication, energy, Internet and other industries with data centers and remote business environment which is demanding on the server performance, extensibility and reliability.
More info >
TC4600T G3
The ideal choice for cloud computing, big data.
More info >
10U up to 14 nodes 2-socket or 4-socket, converged-architecture blade server with Outstanding performance and efficiency
More info >

Dawning Information Industry Co.,Ltd. Sugon Building, No.36 Zhongguancun Software Park, No.8 Dongbeiwang West Road, Haidian District, Beijing 100193

Tel:+86 400-810-0466

Fax:+86 10-56308222