fa صورت حساب الکترونیکی امن و حافظ حریم خصوصی مبتنی بر زنجیره قالبی رمز و امنیت اطلاعات Cryptology and Information Security پژوهشی Research Article <div style="text-align: justify;">ﺻﺪﻭﺭ ﺻﻮﺭﺕﺣﺴﺎﺏ ﺍﻟکترﻭﻧﯿکی ﺩﺭ ﺳﺎﻣﺎﻧﻪ ﻣﺎﻟﯿﺎتی، ﺍگرچه ﻣﻮﺿﻮﻉ ﺟﺪیدی ﺍﺳﺖ، ﺍﻣﺎ همچناﻥ ﻧﺘﻮﺍﻧﺴﺘﻪ ﺳﺎﻣﺎﻧﻪ ﻣﺎﻟﯿﺎتی ﺑﻬﯿﻨﻪﺍی ﺭﺍ ﺑﻪ ﻃﻮﺭ کاﻣﻞ ﻓﺮﺍﻫﻢ کند. ﻫﺪﻑ ﻣﻘﺎﻟﻪ ﺣﺎﺿﺮ، ﺑﻬﺒﻮﺩ ﺻﻮﺭﺕﺣﺴﺎﺏﻫﺎی ﺍﻟکترﻭﻧﯿکی ﺍﺯ ﺟﻨﺒﻪﻫﺎی ﻣﺨﺘﻠﻒ، ﺍﺯ ﺟﻤﻠﻪ ﺍﻣﻨﯿﺖ ﻭ ﺣﺮیم ﺧﺼﻮصی ﺑﺎ ﺑﻪکاﺭگیری ﻓﻨﺎﻭﺭی ﺯﻧﺠﯿﺮﺓ ﻗﺎلبی ﺍﺳﺖ. ﺑﻪ ﺍین ﻣﻨﻈﻮﺭ، ﻣﺪلی ﺑﺮﺍی ﺻﻮﺭﺕﺣﺴﺎﺏﻫﺎی ﺍﻟکترﻭﻧﯿکی ﺑﺮ ﻣﺒﻨﺎی ﻣﻌﻤﺎﺭی ﺯﻧﺠﯿﺮﺓ ﻗﺎلبی ﺳﺎﺯﻣﺎنی ﻫﺎیپرﻟﺠﺮ ﻓﺒﺮیک ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ. ﺩﺭ ﺍین ﻣﺪﻝ، ﺗﻮﺯیع ﺷﺪگی ﺯﻧﺠﯿﺮﻩ ﻗﺎلبی ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍلگوﺭیتم ﺍﺟﻤﺎﻉ ﻧﺎﻣﺘﻤﺮکز ﺑﺎﻋﺚ ﺷﺪﻩ ﺍﺳﺖ ﺍﺯ ﻟﺤﺎﻅ ﺍﻣﻨﯿﺖ، ﺩﺳﺘﺮﺱپذیﺮی ﻭ ﻣﻘﺎﻭﻣﺖ ﻧﺴﺒﺖ ﺑﻪ ﺩستکاﺭی ﺑﺎﻻیی ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ. همچنین ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻻیهﺑﻨﺪی ﻣﻨﺎﺳﺐ، کاﻧﺎﻝﻫﺎی ﺧﺼﻮصی ﻭ کنترﻝ ﺩﺳﺘﺮسی ﻣﺘﻨﺎﺳﺐ ﺗﻮﺍﻧﺴﺘﻪ ﻣﺤﺮﻣﺎنگی ﻭ ﺣﺮیم ﺧﺼﻮصی ﺭﺍ ﺣﻔﻆ کند ﻭ ﺟﻠﻮی ﺍﻓﺸﺎی ﺍﺳﺮﺍﺭ ﺗﺠﺎﺭی ﺭﺍ ﺩﺭ ﻋﯿﻦ ﺷﻔﺎﻓﯿﺖ ﻭ ﺧﻮﺩکاﺭﺳﺎﺯی گرﻓﺘﻪ ﺷﻮﺩ. ﺍﺭﺯیابی ﻣﺪﻝ ﺍﺯ ﻧﻈﺮ کیفی، ﺍﻣﻨﯿﺖ، کارایی، ﻣﻘﺎیسه ﺑﺎ کاﺭﻫﺎی ﻣﺮﺗﺒﻂ ﻭ ﻧﻈﺮسنجی ﺍﺯ ﺧﺒﺮگاﻥ ﺍﻧﺠﺎﻡ گرﻓﺘﻪ ﻭ ﻣﻨﺎﺳﺐ ﺑﻮﺩﻥ ﺁﻥ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ.</div> <div style="text-align: justify;"><br> The issuance of electronic invoices in the tax system, although a new topic, has not yet been able to fully provide an optimized tax system. Some of the challenges in the tax system include transaction data forgery, the complexity of the invoicing process, and the risks associated with storing data in centralized databases. Blockchain technology, with features such as transparency, resistance to tampering, and decentralization, can be a suitable solution. Ensuring the privacy and security of tax data and maintaining a balance between transparency and confidentiality in tax systems is of utmost importance. In this paper, a tax system model has been proposed base on a permissioned private blockchain. In this type of blockchain, only validating nodes have access to the information, and data access is restricted. This approach prevents the exposure of confidential information. Our proposed model consists of several processing nodes that are part of the blockchain network. These nodes are responsible for validating transactions and verifying information. In this model, various organizations, including the tax. All rights reserved. administration, banks, and other entities, connect to the blockchain network via nodes, but the network is not organizationally part of any single entity. Each organization interacts with the network through its own specific processing nodes. The model includes six layers, explained as follows: 1) Network Layer: This layer consists of processing nodes that represent various organizations (e.g., the tax administration, banks, tax payers, chambers of commerce, and official accountants). These nodes are responsible for validating transactions and maintaining the distributed ledger. The network generally includes organizations, processing nodes, and users. 2) Protocol Layer: This layer manages transaction processes, consensus, and data storage. Here, sales transactions are recorded, and the global state is maintained in the distributed ledger. Consensus in this model is achieved through the Raft algorithm, which is resistant to potential failures. 3) Privacy Layer: Private data is isolated and stored in different channels to prevent unauthorized access. For each transaction, data related to goods and services, exemptions, and liabilities are stored in private datasets. These data are only accessible by authorized processing nodes. 4) Governance Layer: This layer is responsible for managing electronic certificates and network security. Security is ensured through a certificate authority, public and private keys, and access control mechanisms. Additionally, identity management and member access control within the network are handled in this layer. 5) Integration Layer: This layer uses tools like gRPC and Oracles to communicate with external systems. Events are recorded and sent to other network members, and the necessary data for completing transactions is supplied through Oracles. 6) Application Layer: This layer consists of applications that provide a user interface for interacting with the blockchain. These applications connect to smart contracts and other blockchain components through a Software Development Kit (SDK). The model has been evaluated from four perspectives: (1) Qualitative Evaluation: Experts in various fields have reviewed the model. (2) Technical perspective: the model ensures data security through consensus protocols and digital certificates. It also offers better scalability due to the use of a private blockchain. (3) Organizational Perspective: The model is compatible with traditional systems and can be easily implemented on existing infrastructures. (4) Environmental Perspective: Some challenges, such as coordination with tax laws and processes, require attention. From a security perspective, three main aspects have been examined: (1) Confidentiality: This is ensured by storing data in the private blockchain, identity verification through digital certificates, and appropriate access control. (2) Data Integrity: This is guaranteed through the consensus protocol and the recording of transactions via smart contracts. (3) Availability: This is maintained by designing a distributed network that is resilient to node failures. Regarding the efficiency of the proposed model, it is suitable for large-scale and national implementations. The system continuously records transactions and, compared to traditional systems, places less strain on the infrastructure. Tests have shown that the Raft consensus protocol has low latency and good performance. Our comparison with previous systems that use public or centralized blockchains shows that our proposed model has more advantages. The most significant benefits are its transparency, security, and scalability. In comparison to other models, this system has successfully addressed challenges related to data forgery and the complexity of the invoicing process.</div> صورت‌حساب الکترونیکی , زنجیره قالبی , هایپرلجر فبریک Electronic invoice, Blockchain technology, Hyperledger fabric 45 63 http://monadi.isc.org.ir/browse.php?a_code=A-10-455-1&slc_lang=fa&sid=1 Vahideh Ghanooni Shishavan وحیده قانونی شیشوان vahideh.ghanooni@ modares.ac.ir 10031947532846002137 10031947532846002137 No Department of Information Technology Management, Faculty of Management and Economics, Tarbiat Modares University, Tehran, Iran دانشکده مدیریت و اقتصاد، دانشگاه تربیت مدرس، تهران، ایران Shaban Elahi شعبان الهی elahi@ vru.ac.ir 10031947532846002138 10031947532846002138 Yes Department of Management, Faculty of Administrative Science and Economics, Vali-e-Asr University, Kerman, Iran دانشکده علوم اداری و اقتصاد، دانشگاه ولی عصر (عج)، کرمان، ایران Sadegh Dorri Nogoorani صادق دری نوگورانی dorri@modares.ac.ir 10031947532846002139 10031947532846002139 No Department of Computer System Architecture, Faculty of Electrical and Computer Engineering, Tarbiat Modares University, Tehran, Iran گروه معماری سیستم های کامپیوتری، دانشکده مهندسی برق و کامپیوتر، دانشگاه تربیت مدرس، تهران، ایران Ali Yazdian Varjani علی یزدیان ورجانی yazdian@ modares.ac.ir 10031947532846002140 10031947532846002140 No Department of Power, Faculty of Electrical and Computer Engineering, Tarbiat Modares University, Tehran, Iran گروه قدرت، دانشکده مهندسی برق و کامپیوتر، دانشگاه تربیت مدرس، تهران، ایران