CN104639540A

CN104639540A - Method, device and system for obtaining identity card information

Info

Publication number: CN104639540A
Application number: CN201510040809.1A
Authority: CN
Inventors: 李明
Original assignee: Individual
Current assignee: Individual
Priority date: 2015-01-27
Filing date: 2015-01-27
Publication date: 2015-05-20

Abstract

The invention provides a method, a device and a system for obtaining identity card information. The method comprises the following steps of enabling electronic signature equipment to obtain identity storage information, and storing the identify storage information, wherein the identity storage information comprises identity card information and signature information sent by a second front-end terminal, and the signature information is obtained after the identity card information is signed by a background server; receiving a reading instruction sent by the first front-end terminal, and sending reading information to the first front-end terminal, wherein the reading information at least comprises the identity card information or the identity storage information; before the reading information is sent to the first front-end terminal, at least determining that the reading instruction is a preset instruction, obtaining the determined sending instruction, encrypting the identity card information or the identity storage information, using the encrypted information as the reading information, signing the identity card information or the identity storage information, and using the identity card information or the identity storage information or the signed information as the reading information.

Description

ID card information acquisition methods, Apparatus and system

Technical field

The present invention relates to a kind of electronic technology field, particularly relate to a kind of ID card information acquisition methods, Apparatus and system.

Background technology

Now when handling every business, business handling people needs to hold resident identification card and handles, and often carries identity card, easily causes the loss of identity card, thus can not ensure confidentiality and the fail safe of the ID card information in identity card.

In addition, some information in identity card itself is stored in clear, is is easily intercepted and captured when being read out, and can not ensure confidentiality and the fail safe of ID card information.

Summary of the invention

The present invention is intended to one of solve the problem.

Main purpose of the present invention is to provide a kind of ID card information acquisition methods;

Another object of the present invention is to provide a kind of electronic signature equipment;

Another object of the present invention is to provide a kind of ID card information to obtain system.

For achieving the above object, technical scheme of the present invention is specifically achieved in that

One aspect of the present invention provides a kind of ID card information acquisition methods, comprise: electronic signature equipment obtains identity and stores information, preserve described identity and store information, wherein, described identity stores information and comprises the ID card information that stores in user's resident identification card and the described background server that sends via the be connected with background server second preposition terminal to be signed the signing messages obtained to described ID card information; The reading command that the first preposition terminal that reception is connected with described background server sends, reading information is sent to described first preposition terminal, wherein, described reading information at least comprises: described ID card information or described identity store information; Before described reading information is sent to described first preposition terminal, described method also comprise following one of at least: determine that described reading command is preset instructions, get the instruction confirming to send, store information to described ID card information or described identity to be encrypted and using the information after encryption as reading information, to described ID card information or described identity store information sign and the information after information and signature that described ID card information or described identity are stored as reading information.

In addition, before the described identity storage information of preservation, described method also comprises: carry out sign test to described signing messages and sign test is passed through.

In addition, described electronic signature equipment obtains identity and stores information and comprise one of following: receive described ID card information that the card reader of ID card be arranged in described electronic signature equipment reads and receive the described signing messages that described second preposition terminal sends; Receive the described identity storage information that described second preposition terminal sends; What receive described second preposition terminal transmission stores via described background server the enciphered data obtained after information is encrypted to described identity, be decrypted described enciphered data; With receive that described second preposition terminal sends via described background server, described ID card information is encrypted after the enciphered data that obtains and described signing messages, and described enciphered data to be decrypted.

In addition, get described in and confirm that the instruction sent comprises: receive the authorization message inputted, and verify that described authorization message is passed through.

In addition, described reading command comprises: single authentication information; Described reading information also comprises: described single authentication information; Described ID card information or described identity storage information are encrypted and comprise: described ID card information and described single authentication information are encrypted or described identity storage information and described single authentication information are encrypted; Carry out signature to described ID card information or described identity storage information to comprise: sign to described ID card information and described single authentication information or sign to described identity storage information and described single authentication information.

The present invention provides a kind of electronic signature equipment on the other hand, comprise: acquisition module, information is stored for obtaining identity, wherein, described identity stores information and comprises the ID card information that stores in user's resident identification card and the described background server that sends via the second preposition terminal be connected with described background server to be signed the signing messages obtained to described ID card information; Memory module, stores information for preserving described identity; Receiver module, for receiving the reading command that the first preposition terminal of being connected with described background server sends; Sending module, for reading information being sent to described first preposition terminal, wherein, described reading information at least comprises: described ID card information or described identity store information; Processing module, after performing following process one of at least, trigger described sending module and described reading information is sent to described first preposition terminal: determine that described reading command is preset instructions, get the instruction confirming to send, store information to described ID card information or described identity to be encrypted and using the information after encryption as reading information, to described ID card information or described identity store information sign and the information after information and signature that described ID card information or described identity are stored as reading information.

In addition, described processing module, also for sign test is carried out to described signing messages and sign test by the described memory module of rear triggering preserve described identity store information.

In addition, acquisition module, obtains one of in the following manner identity and stores information: receive described ID card information that the card reader of ID card be arranged in described electronic signature equipment reads and receive the described signing messages that the second preposition terminal of being connected with described background server sends; Receive the described identity storage information that described second preposition terminal sends; What receive described second preposition terminal transmission stores via described background server the enciphered data obtained after information is encrypted to described identity, be decrypted described enciphered data; With receive that described second preposition terminal sends via described background server, described ID card information is encrypted after the enciphered data that obtains and described signing messages, and described enciphered data to be decrypted.

In addition, described processing module gets in the following manner and confirms to send: the authorization message receiving input, and verifies that described authorization message is passed through.

In addition, described reading command comprises: single authentication information; Described reading information also comprises: described single authentication information; Described processing module, stores information to described ID card information or described identity in the following manner and is encrypted: be encrypted described ID card information and described single authentication information or be encrypted described identity storage information and described single authentication information; Described processing module, stores information to described ID card information or described identity in the following manner and signs: sign to described ID card information and described single authentication information or sign to described identity storage information and described single authentication information.

Another aspect of the invention provides a kind of ID card information and obtains system, comprising: above-mentioned electronic signature equipment, the first preposition terminal, the second preposition terminal and the background server be connected with described first preposition terminal and described second preposition terminal.

As seen from the above technical solution provided by the invention, the ID card information acquisition methods, system and the electronic signature equipment that utilize the embodiment of the present invention to provide, due to ID card information and background server are stored to electronic signature equipment to the ID card information signing messages obtained of signing, can only carry this electronic signature equipment, there is provided ID card information by electronic signature equipment, can prevent carrying with identity card and easily lose and the leakage of losing the ID card information caused; Because background server is signed to ID card information, ensure the non repudiation and the authenticity that are stored to the ID card information of electronic signature equipment.

Accompanying drawing explanation

In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.

The structural representation of the ID card information acquisition system that Fig. 1 provides for the embodiment of the present invention;

The structural representation of the electronic signature equipment that Fig. 2 provides for the embodiment of the present invention;

The flow chart of the ID card information acquisition methods that Fig. 3 provides for the embodiment of the present invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on embodiments of the invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to protection scope of the present invention.

In describing the invention, it will be appreciated that, term " " center ", " longitudinal direction ", " transverse direction ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of the instruction such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, instead of indicate or imply that the device of indication or element must have specific orientation, with specific azimuth configuration and operation, therefore limitation of the present invention can not be interpreted as.In addition, term " first ", " second " only for describing object, and can not be interpreted as instruction or hint relative importance or quantity or position.

In describing the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and such as, can be fixedly connected with, also can be removably connect, or connect integratedly; Can be mechanical connection, also can be electrical connection; Can be directly be connected, also indirectly can be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, concrete condition above-mentioned term concrete meaning in the present invention can be understood.

Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.

Embodiments provide a kind of ID card information and obtain system.

The structural representation of the ID card information acquisition system that Fig. 1 provides for the embodiment of the present invention, see Fig. 1, the ID card information that the embodiment of the present invention provides obtains system and comprises: electronic signature equipment 10, the first preposition terminal 30 of preposition terminal 20, second and the background server 40 be connected with the first preposition terminal 20 and the second preposition terminal 30.

In the technical scheme that the embodiment of the present invention provides, be understandable that, first preposition terminal 20 and the second preposition terminal 30 can be same preposition terminal, also can be different preposition terminals, in the ID card information acquisition system that the embodiment of the present invention provides, can comprise multiple preposition terminal, each preposition terminal is all connected with background server 40.The server that background server 40 can provide for bank, preposition terminal is then terminal that bank counter provides, such as PC etc., background server 40 also can need for other server carrying out ID card information acquisition, can also be believable third-party server (such as Cloud Server) etc.The key equipment (the U shield of such as industrial and commercial bank, the K of agricultural bank are precious) that electronic signature equipment 10 can provide for bank, also can for having other equipment of signature function.This electronic signature equipment 10 can be connected with arbitrary preposition terminal.

As an Alternate embodiments of the embodiment of the present invention, the identity that electronic signature equipment 10 stores stores information can comprise the ID card information that stores in user's resident identification card and the background server that sends via the be connected with background server second preposition terminal to be signed the signing messages obtained to ID card information.Concrete, user can hold resident identification card and carry out ID card information to the location of the second preposition terminal 30 connecting background server 40 and examine, the ID card information stored in second preposition terminal 30 reading identity card, examining after ID card information passes through, background server 40 can carry out signature calculation to ID card information and obtain signing messages, afterwards, identity stored information via the second preposition terminal 30 to be sent to electronic signature equipment 10 and to store.Concrete, identity can be stored one of in the following way information and be sent to electronic signature equipment 30 and store by the second preposition terminal 30:

Mode one: receive the identity storage information that the second preposition terminal 30 sends.Concrete, the ID card information of reading is sent to background server 40 by the second preposition terminal 30, background server 40 pairs of ID card informations carry out signature and obtain signing messages, and ID card information and signing messages are sent to electronic signature equipment 10 by the second preposition terminal 30 and store by background server 40; Or signing messages is sent to electronic signature equipment 10 by the second preposition terminal 30 by background server 40, the ID card information read is sent to electronic signature equipment 10 by the second preposition terminal 30.Thus, electronic signature equipment 10 saves identity and stores information.Certainly, as an Alternate embodiments of the embodiment of the present invention, second preposition terminal 30 can also show the ID card information read, after errorless via confirmation ID card information, ID card information is sent to background server 40 and/or electronic signature equipment 10 by the second preposition terminal 30, ensure that the authenticity of ID card information thus.

Mode two: what receive the second preposition terminal 30 transmission stores via background server 40 pairs of identity the enciphered data obtained after information are encrypted, and is decrypted enciphered data.Concrete, the ID card information of reading is sent to background server 40 by the second preposition terminal 30, background server 40 pairs of ID card informations carry out signature and obtain signing messages, background server 40 obtains enciphered data after being encrypted ID card information and signing messages again, enciphered data is sent to electronic signature equipment 10 by the second preposition terminal 30 by background server 40, and electronic signature equipment 10 is decrypted rear storage to the enciphered data received.Even if ensure that identity stores in the process of information transmission thus to be intercepted and captured, do not have decruption key cannot obtain identity yet and store information, ensure that identity stores information privacy and fail safe.Certainly, as an Alternate embodiments of the embodiment of the present invention, second preposition terminal 30 can also show the ID card information read, after errorless via confirmation ID card information, ID card information is sent to background server 40 and/or electronic signature equipment 10 by the second preposition terminal 30, ensure that the authenticity of ID card information thus.

Mode three: receive that the second preposition terminal 30 sends be encrypted via background server 40 pairs of ID card informations after the enciphered data that obtains and signing messages, and enciphered data to be decrypted.Concrete, the ID card information of reading is sent to background server 40 by the second preposition terminal 30, background server 40 pairs of ID card informations carry out signature and obtain signing messages, background server 40 obtains enciphered data after being encrypted ID card information again, enciphered data and signing messages are sent to electronic signature equipment 10 by the second preposition terminal 30 by background server 40, and electronic signature equipment 10 is decrypted rear storage to the enciphered data received.Even if ensure thus to be intercepted and captured in the process that ID card information sends, do not have decruption key cannot obtain ID card information yet, ensure that ID card information confidentiality and fail safe.Certainly, as an Alternate embodiments of the embodiment of the present invention, second preposition terminal 30 can also show the ID card information read, after errorless via confirmation ID card information, ID card information is sent to background server 40 and/or electronic signature equipment 10 by the second preposition terminal 30, ensure that the authenticity of ID card information thus.

Thus, the ID card information achieved in resident identification card can be safely stored.

The plaintext ID card information that ID card information in the embodiment of the present invention can read from user's resident identification card for card reader of ID card, also can for the ciphertext ID card information stored in user's resident identification card.Certainly, ID card information can be whole ID card informations of the storage in user's resident identification card, also can for the part identity card information intercepted according to different demand.

Identity stored information by the second preposition terminal 30 and be sent to based on above-mentioned the mode that electronic signature equipment 10 carries out storing, background server 40 can utilize the PKI of electronic signature equipment 10 to be encrypted information, also the key consulted with electronic signature equipment 10 can be utilized to be encrypted, the preset symmetric key identical with electronic signature equipment 10 can also be utilized to be encrypted.Corresponding, information after electronic signature equipment 10 can utilize private key pair encryption is decrypted rear preservation, also the information after the key pair encryption consulted with background server 40 can be utilized to be decrypted rear preservation, the preset symmetric key identical with background server 40 can also be utilized to be decrypted rear preservation to the information after encrypting.

As an Alternate embodiments of the embodiment of the present invention, electronic signature equipment 10, before preservation identity storage information, can also carry out sign test to signing messages and sign test is passed through.Only true at confirmation ID card information and completely just to store afterwards, the authenticity and integrity of the ID card information stored can be ensured thus.Concrete, background server 40 can utilize the private key of background server 40 to sign to ID card information, and electronic signature equipment 10 utilizes the PKI of background server 40 to carry out sign test to signing messages.

As an Alternate embodiments of the embodiment of the present invention, the second preposition terminal 30 in the following way one or a combination set of can obtain the ID card information stored in user's resident identification card:

The preposition terminal 30 of mode one: the second reads the ID card information stored in resident identification card by equipment such as card reader of ID cards;

Mode two: the ID card information of resident identification card is inputed in the second preposition terminal 30 by input equipment etc.;

The preposition terminal 30 of mode three: the second is by the ID card information of the scanning resident identification cards such as scanning device.

As an Alternate embodiments of the embodiment of the present invention, in the following way one or a combination set of ID card information can be examined:

Mode one: ID card information is examined by the personnel of handling;

The ID card information got is sent to background server 40 by the preposition terminal 30 of mode two: the second, is sent to ID card verification mechanism carries out checking and examine via background server 40 by the mode of safety.

After only examining the authenticity of resident identification card information, just ID card information is processed, thus the authenticity of ID card information can be ensured.

As a kind of Alternate embodiments of the embodiment of the present invention, electronic signature equipment 10 can also obtain in the following way identity and store information: in electronic signature equipment 10, arrange card reader of ID card, electronic signature equipment 10 receives and is arranged on ID card information that card reader of ID card in electronic signature equipment reads and receives the signing messages that the second preposition terminal of being connected with background server sends.Concrete, after electronic signature equipment 10 receives the ID card information of the card reader of ID card reading be arranged in electronic signature equipment, this ID card information is sent to background server 40 by the second preposition terminal 30, background server 40 pairs of ID card informations carry out signature and obtain signing messages, via the second preposition terminal 30, signing messages are sent to electronic signature equipment 10; Or ID card information and signing messages are sent to electronic signature equipment 10 via the second preposition terminal 30 by background server 40.Thus, electronic signature equipment 10 gets identity and stores information.Certainly, as an Alternate embodiments of the present invention, background server 40 also can encrypted transmission signing messages, or ID card information and signing messages, with the fail safe of guarantee information transmission.

As an Alternate embodiments of the embodiment of the present invention, ID card information at least comprises following one or its combination in any: name, ID card No., the term of validity and biometric information.Certainly, ID card information can also comprise: sex, nationality, date of birth and/or address etc.Certainly, biometric information can comprise following one or its combination in any: photo, fingerprint and iris etc.

As an Alternate embodiments of the embodiment of the present invention, identity can be stored information by special interface and be sent to electronic signature equipment 10 by the second preposition terminal 30, this interface can be wireline interface, such as USB, audio frequency, serial ports etc., also can be wave point, such as: NFC, bluetooth, WIFI, RFID etc.With the electronic signature equipment 10 making the second preposition terminal 30 can adapt to number of different types.Certainly, the second preposition terminal 30 can adopt safe link to connect background server 40.Certainly, the first preposition terminal 20 can adopt the interface of identical type with the second preposition terminal 30, also can adopt dissimilar interface.As long as the interface that electronic signature equipment 10 is supported, each preposition terminal all can be arranged according to different demand.

As an Alternate embodiments of the embodiment of the present invention, after electronic signature equipment 10 saves identity storage information, when removing the first preposition terminal 20 transacting business, if need to show ID card information, then identity card can be carried, only need to carry electronic signature equipment 10 and namely can provide ID card information, be user-friendly to, can prevent identity card from losing and the ID card information that causes is revealed simultaneously.Now, electronic signature equipment 10 receives the reading command that the first preposition terminal 20 of being connected with background server 40 sends, and reading information is sent to the first preposition terminal 20, wherein, reading information at least comprises: ID card information or identity store information; Before reading information being sent to the first preposition terminal 20, electronic signature equipment 10 can also carry out following process one of at least in advance: determine that reading command is preset instructions, get the instruction confirming to send, store information to identity to be encrypted and using the information after encryption as reading information, and to identity store information sign and the information after information and signature that ID card information or identity are stored as reading information.

As an Alternate embodiments of the embodiment of the present invention, determine that reading command be preset instructions i.e. this reading command is the instruction of preset format and/or preset content, the reading command only received is default special instruction, ID card information or identity just can be stored information and carry out outgoing by electronic signature equipment 10, otherwise this ID card information or identity will not be stored information outgoing, ensure the fail safe that ID card information or identity storage information read from electronic signature equipment 10.

As an Alternate embodiments of the embodiment of the present invention, get the instruction confirming to send and for receiving the authorization message of input, and can verify that namely authorization message gets the instruction confirming to send, such as can by any one or a combination set of as follows:

Mode one: electronic signature equipment 10 is arranged input unit (such as keyboard and/or dummy keyboard etc.), user is by passwords such as input unit input PIN code, only after the passwords such as checking PIN code pass through, ID card information or identity just can be stored information and carry out outgoing by electronic signature equipment 10, ensure the fail safe that ID card information or identity storage information read from electronic signature equipment 10.Certainly, in order to ensure fail safe further, electronic signature equipment 10 can also be arranged display unit (such as display screen etc.), for the information pointing out the password authentifications such as user's PIN code to pass through, and can inquire whether confirm to send, user can press confirmation button (such as OK key etc.) that input unit is arranged to confirm to send, now, only input the passwords such as PIN code user and be electronically signed equipment 10 and be verified, press after confirming button, ID card information or identity just can be stored information and carry out outgoing by electronic signature equipment 10, further ensure ID card information or identity and store the fail safe that information reads from electronic signature equipment 10.

Mode two: the manner two is electronic signature equipment 10 can arrange fingerprint acquisition device with the difference of aforesaid way one, user needs finger print information to input to electronic signature equipment 10, and verify via electronic signature equipment 10, after being verified, ID card information or identity can be stored information and carry out outgoing by electronic signature equipment 10, certainly, in the present embodiment, electronic signature equipment 10 also can arrange display unit and operates to point out user.

Mode three: with the difference of aforesaid way one, the manner three is that electronic signature equipment 10 can also arrange iris collection device etc., user needs iris information to input to electronic signature equipment 10, and verify via electronic signature equipment 10, after being verified, ID card information or identity can be stored information and carry out outgoing by electronic signature equipment 10, certainly, in the present embodiment, electronic signature equipment 10 also can arrange display unit and operates to point out user.

As an Alternate embodiments of the embodiment of the present invention, store information to ID card information or identity to be encrypted and using the information after encryption as reading information, namely electronic signature equipment 10 can store information to ID card information or identity and be encrypted rear outgoing, ensures that ID card information or identity store the fail safe of message transmitting procedure.Now, electronic signature equipment 10 can utilize the PKI of background server 40 to store information to ID card information or identity and be encrypted, also the key consulted with background server 40 can be utilized to be encrypted, the preset symmetric key identical with background server 40 can also be utilized to be encrypted.Corresponding, information after background server 40 can utilize private key pair encryption is decrypted, also the information after the key pair encryption consulted with electronic signature equipment 10 can be utilized to be decrypted, the preset symmetric key identical with electronic signature equipment 10 can also be utilized to be decrypted the information after encrypting.Do not limit in embodiments of the present invention and adopt above-mentioned encryption method, as long as the ciphertext that can realize ID card information or identity storage information sends, all should protection scope of the present invention be belonged to.Certainly, as an Alternate embodiments of the embodiment of the present invention, before sending the ID card information after encrypting or identity storage information, can also determine that reading command is send after preset instructions, can send after getting the instruction confirming to send, can also both determine that reading command is preset instructions, send after getting again the instruction confirming to send, all can ensure that ID card information or identity store the fail safe of information reading further, not repeat them here.

As an Alternate embodiments of the embodiment of the present invention, to ID card information or identity store information sign and the information after information and signature that ID card information or identity are stored as reading information, namely electronic signature equipment 10 can store after information is signed ID card information or identity and ID card information or identity are stored the information after information and signature as reading information outgoing, ensure that ID card information or identity store the source authenticity of information, integrality and non repudiation, because electronic signature equipment 10 is except sending signing messages, also ID card information or identity are stored information and carry out outgoing, ensure the follow-up checking that can realize signing messages.Now, electronic signature equipment 10 can utilize the private key of electronic signature equipment 10 to sign to information, corresponding, background server 40 can utilize the PKI of electronic signature equipment 10 to carry out sign test to signed data.Certainly, as an Alternate embodiments of the embodiment of the present invention, electronic signature equipment 10 before sending the information, can also determine that reading command is send after preset instructions, can send after getting the instruction confirming to send, can also both determine that reading command is preset instructions, send after getting again the instruction confirming to send, also can determine that storing the information after storing information and signature together with ID card information or identity after information is encrypted after reading command is preset instructions and to ID card information or identity sends, can also store after information is encrypted after getting the instruction confirming to send and to ID card information or identity and send together with the information after ID card information or identity storage information and signature, can also both determine that reading command is preset instructions, get again the instruction confirming to send, and send together with the information after ID card information or identity storage information and signature after ID card information or identity storage information are encrypted, all can ensure that identity stores the fail safe of information outgoing further, do not repeat them here.

As an Alternate embodiments of the embodiment of the present invention, when user holds electronic signature equipment 10 to the first preposition terminal 20 place, when showing ID card information, the reading command at least comprising single authentication information can be sent to electronic signature equipment 10 by the first preposition terminal 20; Electronic signature equipment 10 receives the reading command that the first preposition terminal 20 sends, and ID card information or identity is stored information and single authentication information is sent to the first preposition terminal 20 as reading information.Concrete, if electronic signature equipment 10 pairs of ID card informations or identity store information and are encrypted, now, electronic signature equipment 10 needs to be encrypted ID card information and single authentication information or to be encrypted identity storage information and single authentication information; Sign if electronic signature equipment 10 pairs of ID card informations or identity store information, now, electronic signature equipment 10 needs to sign to ID card information and single authentication information or sign to identity storage information and single authentication information.

As an Alternate embodiments of the embodiment of the present invention, single authentication information can be that background server 40 generates, first preposition terminal 20 is before transmission reading command, first get single authentication information from background server 40, again single authentication information is carried in reading command and is sent to electronic signature equipment 10, after electronic signature equipment 10 receives reading command, get this single authentication information, store after information processes (encryption and/or signature) to single authentication information and ID card information or identity, information after process is sent to the second preposition terminal 20 as reading information, reading information is sent to background server 40 by the second preposition terminal 20, the single authentication information that background server 40 can utilize generation and the reading information received are compared checking (deciphering and/or sign test).Ensure that the information that electronic signature equipment 10 sends is the information that this needs thus, prevent Replay Attack.

As an Alternate embodiments of the embodiment of the present invention, single authentication information can comprise following one or its combination: random factor, time factor and event factor.

Concrete, random factor can be following one or its combination: random number, random character and random Chinese character.Time factor can be time at that time.Event factor can be that the accumulative numerical value of start-stop counter often occurs, at every turn different.

Owing to including single authentication information when the first preposition terminal 20 sends reading command at every turn, what when can ensure to read identity storage information from electronic signature equipment 10, electronic signature equipment 10 sent at every turn is all different information, even if intercepted and captured, also second time cannot use in the first preposition terminal 20, prevent Replay Attack.

As an Alternate embodiments of the embodiment of the present invention, after first preposition terminal 20 also receives the information of electronic signature equipment 10 transmission, this information is sent to background server 40, so that the information that background server 40 pairs of electronic signature equipment 10 send is verified.Concrete, the information that background server 40 pairs of electronic signature equipment 10 send can one of in the following way or its combination in any:

Mode one: the signing messages carried in the information that background server 40 pairs of electronic signature equipment 10 send carries out sign test.Can ensure that identity stores information is thus that background server 40 is sent to electronic signature equipment 10 really.

Mode two: if electronic signature equipment 10 pairs of ID card informations or identity store after information is signed be sent to background server 40, the signing messages so carried in the information of background server 40 also to electronic signature equipment 10 transmission carries out sign test.Can ensure that identity stores information is thus that real electronic signature equipment 10 sends really.

Mode three: if electronic signature equipment 10 pairs of ID card informations or identity store after information is encrypted be sent to background server 40, the cipher-text information of carrying in the information that background server 40 pairs of electronic signature equipment 10 send is decrypted.Can ensure that the ID card information obtained is accurately thus.

Mode four: ID card information is examined by the personnel of handling.Accuracy and the authenticity of ID card information can be ensured thus.

Mode five: the ID card information got is sent to ID card verification mechanism by the mode of safety by background server 40 to carry out checking and examine.Accuracy and the authenticity of ID card information can be ensured thus.

As can be seen here, the ID card information utilizing the embodiment of the present invention to provide obtains system, can prevent carrying with identity card and easily lose and the problem of losing the leakage of the ID card information caused; Due to background server 40 can also sign to ID card information after through being sent to electronic signature equipment 10 by the second preposition terminal 30, ensure the non repudiation and the authenticity that are stored to the ID card information of electronic signature equipment 10; The single authentication information receive first preposition terminal 20 sent due to electronic signature equipment 10 and the ID card information of storage or identity store information and are encrypted and/or sign, and the basis preventing repeat attack can also ensure identity stores authenticity and the non repudiation of information.

Below, respectively the structure of the electronic signature equipment 10 in ID card information acquisition system is described:

As an Alternate embodiments of the embodiment of the present invention, Fig. 2 shows the structural representation of the electronic signature equipment that the embodiment of the present invention provides, see Fig. 2, the electronic signature equipment 10 that the embodiment of the present invention provides comprises: acquisition module 101, memory module 102, receiver module 103, sending module 104 and processing module 105; Wherein,

Acquisition module 101, information is stored for obtaining identity, wherein, identity stores information and comprises the ID card information that stores in user's resident identification card and background server 40 and to sign the signing messages obtained via background server 40 pairs of ID card informations that the be connected with background server second preposition terminal 30 sends;

Memory module 102, stores information for preserving identity;

Receiver module 103, for receiving the reading command that the first preposition terminal 20 of being connected with background server 40 sends;

Sending module 104, for reading information being sent to the first preposition terminal 20, wherein, reading information at least comprises: ID card information or identity store information;

Processing module 105, after performing following process one of at least, trigger sending module 104 and reading information is sent to the first preposition terminal 20: determine that reading command is preset instructions, get the instruction confirming to send, store information to ID card information or identity to be encrypted and using the information after encryption as reading information, to ID card information or identity store information sign and the information after information and signature that ID card information or identity are stored as reading information.

As can be seen here, utilize the electronic signature equipment that the embodiment of the present invention provides, due to ID card information and background server are stored to electronic signature equipment to the ID card information signing messages obtained of signing, can only carry this electronic signature equipment, there is provided ID card information by electronic signature equipment, can prevent carrying with identity card and easily lose and the leakage of losing the ID card information caused; Because background server is signed to ID card information, ensure the non repudiation and the authenticity that are stored to the ID card information of electronic signature equipment 10.

As an Alternate embodiments of the embodiment of the present invention, processing module 105 determines that reading command be preset instructions i.e. this reading command is the instruction of preset format and/or preset content, the reading command only received is default special instruction, ID card information or identity just can be stored information and carry out outgoing by processing module 105, otherwise this ID card information or identity will not be stored information outgoing, ensure the fail safe that ID card information or identity storage information read from electronic signature equipment 10.

Mode one: electronic signature equipment 10 is arranged input unit (such as keyboard and/or dummy keyboard etc.), user is by passwords such as input unit input PIN code, only after the passwords such as checking PIN code pass through, processing module 105 just can trigger sending module 104 and ID card information or identity storage information are carried out outgoing, ensures the fail safe that ID card information or identity storage information read from electronic signature equipment 10.Certainly, in order to ensure fail safe further, electronic signature equipment 10 can also be arranged display unit (such as display screen etc.), for the information pointing out the password authentifications such as user's PIN code to pass through, and can inquire whether confirm to send, user can press confirmation button (such as OK key etc.) that input unit is arranged to confirm to send, now, only input the passwords such as PIN code user and processed module 105 is verified, press after confirming button, processing module 105 just can trigger sending module 104 and ID card information or identity storage information are carried out outgoing, further ensure ID card information or identity and store the fail safe that information reads from electronic signature equipment 10.

Mode two: the manner two is electronic signature equipment 10 can arrange fingerprint acquisition device with the difference of aforesaid way one, user needs finger print information to input to electronic signature equipment 10, and verify via processing module 105, after being verified, electronic signature equipment 10 can trigger sending module 104 and ID card information or identity storage information are carried out outgoing, certainly, in the present embodiment, electronic signature equipment 10 also can arrange display unit and operates to point out user.

Mode three: with the difference of aforesaid way one, the manner three is that electronic signature equipment 10 can also arrange iris collection device etc., user needs iris information to input to electronic signature equipment 10, and verify via processing module 105, after being verified, processing module 105 can trigger sending module 104 and ID card information or identity storage information are carried out outgoing, certainly, in the present embodiment, electronic signature equipment 10 also can arrange display unit and operates to point out user.

As an Alternate embodiments of the embodiment of the present invention, store information to ID card information or identity to be encrypted and using the information after encryption as reading information, namely processing module 105 can store information to ID card information or identity and be encrypted rear triggering sending module 104 outgoing, ensures that ID card information or identity store the fail safe of message transmitting procedure.Now, processing module 105 can utilize the PKI of background server 40 to store information to ID card information or identity and be encrypted, also the key consulted with background server 40 can be utilized to be encrypted, the preset symmetric key identical with background server 40 can also be utilized to be encrypted.Do not limit in embodiments of the present invention and adopt above-mentioned encryption method, as long as the ciphertext that can realize ID card information or identity storage information sends, all should protection scope of the present invention be belonged to.Certainly, as an Alternate embodiments of the embodiment of the present invention, processing module 105 is before sending the ID card information after encrypting or identity storage information, can also determine that reading command is trigger sending module 104 after preset instructions to send, sending module 104 can be triggered after getting the instruction confirming to send to send, can also both determine that reading command is preset instructions, trigger sending module 104 after getting again the instruction confirming to send to send, all can ensure that ID card information or identity store the fail safe of information reading further, not repeat them here.

As an Alternate embodiments of the embodiment of the present invention, to ID card information or identity store information sign and the information after information and signature that ID card information or identity are stored as reading information, namely processing module 105 can store after information is signed ID card information or identity and trigger sending module 104 using the information after ID card information or identity storage information and signature as reading information outgoing, ensure that ID card information or identity store the source authenticity of information, integrality and non repudiation, because electronic signature equipment 10 is except sending signing messages, also ID card information or identity are stored information and carry out outgoing, ensure the follow-up checking that can realize signing messages.Now, processing module 105 can utilize the private key of electronic signature equipment 10 to sign to information.Certainly, as an Alternate embodiments of the embodiment of the present invention, processing module 105 is before triggering sending module 104 transmission information, can also determine that reading command is trigger sending module 104 after preset instructions to send, sending module 104 can be triggered after getting the instruction confirming to send to send, can also both determine that reading command is preset instructions, trigger sending module 104 after getting again the instruction confirming to send to send, also can determine to store after reading command is preset instructions and to ID card information or identity to trigger after information is encrypted sending module store information and signature together with ID card information or identity after information 104 send, can also store after getting the instruction confirming to send and to ID card information or identity and to trigger sending module 104 after information is encrypted and send together with the information after ID card information or identity store information and signature, can also both determine that reading command is preset instructions, get again the instruction confirming to send, and information is stored to ID card information or identity be encrypted rear triggering sending module 104 and send together with the information after ID card information or identity store information and signature, all can ensure that identity stores the fail safe of information outgoing further, do not repeat them here.

As an Alternate embodiments of the embodiment of the present invention, processing module 105, also for sign test is carried out to signing messages and sign test by rear triggering memory module 102 preserve identity store information.The authenticity of identity storage information source, integrality and non repudiation can be ensured thus.

As an Alternate embodiments of the embodiment of the present invention, acquisition module 101, can one of in the following manner obtain identity and store information:

Mode one: receive and be arranged on ID card information that card reader of ID card in electronic signature equipment reads and receive the signing messages that the second preposition terminal of being connected with background server sends;

Mode two: receive the identity storage information that the second preposition terminal sends;

Mode three: what receive the second preposition terminal transmission stores via background server the enciphered data obtained after information is encrypted to identity, be decrypted enciphered data; With

Mode four: receive that the second preposition terminal sends via background server, ID card information is encrypted after the enciphered data that obtains and signing messages, and enciphered data to be decrypted.

Thus, electronic signature equipment 10 can store information according to the different acquisition identity that needs, and improves the flexibility of electronic signature equipment 10.In addition, can also ensure that identity stores the fail safe of information transmission.

As an Alternate embodiments of the embodiment of the present invention, reading command can comprise: single authentication information; Reading information also comprises: single authentication information;

Processing module 105, stores information to ID card information or identity in the following manner and is encrypted: be encrypted ID card information and single authentication information or be encrypted identity storage information and single authentication information;

Processing module 105, stores information to ID card information or identity in the following manner and signs: sign to ID card information and single authentication information or sign to identity storage information and single authentication information.

Thus, can also ensure on the basis preventing repeat attack that identity stores authenticity and the non repudiation of information outgoing.

As an Alternate embodiments of the embodiment of the present invention, ID card information at least comprises following one or its combination in any: name, ID card No., the term of validity and biometric information etc., certainly, ID card information can also comprise: sex, nationality, date of birth and/or address etc.Wherein, biometric information comprises following one or its combination in any: photo, fingerprint and iris.

The embodiment of the present invention additionally provides a kind of ID card information acquisition methods, and the method is applied to said system, is the method that electronic signature equipment performs.

Fig. 3 shows the flow chart of the ID card information acquisition methods that the embodiment of the present invention provides, and see Fig. 3, the ID card information acquisition methods that the embodiment of the present invention provides comprises the steps S301 to S302.

S301, electronic signature equipment obtains identity and stores information, preserve identity and store information, wherein, identity stores information and comprises background server that the ID card information that stores in user's resident identification card and background server send via the be connected with background server second preposition terminal and to sign the signing messages obtained to ID card information.

As an Alternate embodiments of the embodiment of the present invention, before preservation identity storage information, electronic signature equipment also carries out sign test to signing messages and sign test is passed through.The authenticity of identity storage information source, integrality and non repudiation can be ensured thus.

As an Alternate embodiments of the embodiment of the present invention, electronic signature equipment obtains identity and stores information and comprise one of following:

Receive the ID card information that the card reader of ID card be arranged in electronic signature equipment reads and the signing messages receiving the second preposition terminal transmission;

Receive the identity storage information that the second preposition terminal sends;

What receive the second preposition terminal transmission stores via background server the enciphered data obtained after information is encrypted to identity, be decrypted enciphered data; With

Receive that the second preposition terminal sends via background server, ID card information is encrypted after the enciphered data that obtains and signing messages, and enciphered data to be decrypted.

Thus, electronic signature equipment can store information according to the different acquisition identity that needs, and improves the flexibility of electronic signature equipment.In addition, can also ensure that identity stores the fail safe of information transmission.

S302, the reading command that the first preposition terminal that reception is connected with background server sends, reading information is sent to the first preposition terminal, wherein, reading information at least comprises: ID card information or identity store information; Before reading information being sent to the first preposition terminal, method also comprise following one of at least: determine that reading command is preset instructions, get the instruction confirming to send, store information to ID card information or identity to be encrypted and using the information after encryption as reading information, to ID card information or identity store information sign and the information after information and signature that ID card information or identity are stored as reading information.

As an Alternate embodiments of the embodiment of the present invention, store information to ID card information or identity to be encrypted and using the information after encryption as reading information, namely electronic signature equipment can store information to ID card information or identity and be encrypted rear outgoing, ensures that ID card information or identity store the fail safe of message transmitting procedure.Now, electronic signature equipment can utilize the PKI of background server to store information to ID card information or identity and be encrypted, also the key consulted with background server can be utilized to be encrypted, the preset symmetric key identical with background server 40 can also be utilized to be encrypted.Corresponding, information after background server can utilize private key pair encryption is decrypted, also the information after the key pair encryption consulted with electronic signature equipment can be utilized to be decrypted, the preset symmetric key identical with electronic signature equipment can also be utilized to be decrypted the information after encryption.Do not limit in embodiments of the present invention and adopt above-mentioned encryption method, as long as the ciphertext that can realize ID card information or identity storage information sends, all should protection scope of the present invention be belonged to.Certainly, as an Alternate embodiments of the embodiment of the present invention, before sending the ID card information after encrypting or identity storage information, can also determine that reading command is send after preset instructions, can send after getting the instruction confirming to send, can also both determine that reading command is preset instructions, send after getting again the instruction confirming to send, all can ensure that ID card information or identity store the fail safe of information reading further, not repeat them here.

As an Alternate embodiments of the embodiment of the present invention, to ID card information or identity store information sign and the information after information and signature that ID card information or identity are stored as reading information, namely electronic signature equipment can store after information is signed ID card information or identity and ID card information or identity are stored the information after information and signature as reading information outgoing, ensure that ID card information or identity store the source authenticity of information, integrality and non repudiation, because electronic signature equipment is except sending signing messages, also ID card information or identity are stored information and carry out outgoing, ensure the follow-up checking that can realize signing messages.Now, electronic signature equipment can utilize the private key of electronic signature equipment to sign to information, corresponding, background server can utilize the PKI of electronic signature equipment to carry out sign test to signed data.Certainly, as an Alternate embodiments of the embodiment of the present invention, electronic signature equipment before sending the information, can also determine that reading command is send after preset instructions, can send after getting the instruction confirming to send, can also both determine that reading command is preset instructions, send after getting again the instruction confirming to send, also can determine that storing the information after storing information and signature together with ID card information or identity after information is encrypted after reading command is preset instructions and to ID card information or identity sends, can also store after information is encrypted after getting the instruction confirming to send and to ID card information or identity and send together with the information after ID card information or identity storage information and signature, can also both determine that reading command is preset instructions, get again the instruction confirming to send, and send together with the information after ID card information or identity storage information and signature after ID card information or identity storage information are encrypted, all can ensure that identity stores the fail safe of information outgoing further, do not repeat them here.

As can be seen here, the ID card information acquisition methods utilizing the embodiment of the present invention to provide, due to ID card information and background server are stored to electronic signature equipment to the ID card information signing messages obtained of signing, can only carry this electronic signature equipment, there is provided ID card information by electronic signature equipment, can prevent carrying with identity card and easily lose and the leakage of losing the ID card information caused; Because background server is signed to ID card information, ensure the non repudiation and the authenticity that are stored to the ID card information of electronic signature equipment 10.

As an Alternate embodiments of the embodiment of the present invention, when user holds the preposition end of electronic signature equipment to the first, when showing ID card information, the reading command at least comprising single authentication information can be sent to electronic signature equipment by the first preposition terminal; ID card information or identity are stored information to electronic signature equipment and single authentication information is sent to the first preposition terminal as reading information; ID card information or identity storage information are encrypted and comprise: ID card information and single authentication information are encrypted or identity storage information and single authentication information are encrypted; Carry out signature to ID card information or identity storage information to comprise: sign to ID card information and single authentication information or sign to identity storage information and single authentication information.

Owing to including single authentication information when the first preposition terminal sends reading command at every turn, what when can ensure to read identity storage information from electronic signature equipment, electronic signature equipment sent at every turn is all different information, even if intercepted and captured, also second time cannot use in the first preposition terminal, prevent Replay Attack.

Describe and can be understood in flow chart or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.

Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.

Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.

In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, also can be that the independent physics of unit exists, also can be integrated in a module by two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.

The above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.

In the description of this specification, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, identical embodiment or example are not necessarily referred to the schematic representation of above-mentioned term.And the specific features of description, structure, material or feature can combine in an appropriate manner in any one or more embodiment or example.

Although illustrate and describe embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention when not departing from principle of the present invention and aim, revising, replacing and modification.Scope of the present invention is by claims and equivalency thereof.

Claims

1. an ID card information acquisition methods, is characterized in that, comprising:

Electronic signature equipment obtains identity and stores information, preserve described identity and store information, wherein, described identity stores information and comprises the ID card information that stores in user's resident identification card and the described background server that sends via the be connected with background server second preposition terminal to be signed the signing messages obtained to described ID card information;

The reading command that the first preposition terminal that reception is connected with described background server sends, reading information is sent to described first preposition terminal, wherein, described reading information at least comprises: described ID card information or described identity store information; Before described reading information is sent to described first preposition terminal, described method also comprise following one of at least:

Determine that described reading command is preset instructions, get the instruction confirming to send, store information to described ID card information or described identity to be encrypted and using the information after encryption as reading information, to described ID card information or described identity store information sign and the information after information and signature that described ID card information or described identity are stored as reading information.

2. method according to claim 1, is characterized in that, before the described identity storage information of preservation, described method also comprises:

Sign test is carried out to described signing messages and sign test is passed through.

3. method according to claim 1 and 2, is characterized in that, described electronic signature equipment obtains identity and stores information and comprise one of following:

Receive the described ID card information that the card reader of ID card be arranged in described electronic signature equipment reads and the described signing messages receiving described second preposition terminal transmission;

Receive the described identity storage information that described second preposition terminal sends;

What receive described second preposition terminal transmission stores via described background server the enciphered data obtained after information is encrypted to described identity, be decrypted described enciphered data; With

Receive that described second preposition terminal sends via described background server, described ID card information is encrypted after the enciphered data that obtains and described signing messages, and described enciphered data to be decrypted.

4. the method according to any one of claims 1 to 3, is characterized in that, described in get confirm send instruction comprise:

Receive the authorization message of input, and verify that described authorization message is passed through.

5. the method according to any one of Claims 1-4, is characterized in that,

Described reading command comprises: single authentication information;

Described reading information also comprises: described single authentication information;

Described ID card information or described identity storage information are encrypted and comprise:

Described ID card information and described single authentication information are encrypted or described identity storage information and described single authentication information are encrypted;

Carry out signature to described ID card information or described identity storage information to comprise:

Described ID card information and described single authentication information are signed or described identity storage information and described single authentication information are signed.

6. an electronic signature equipment, is characterized in that, comprising:

Acquisition module, information is stored for obtaining identity, wherein, described identity stores information and comprises the ID card information that stores in user's resident identification card and the described background server that sends via the second preposition terminal be connected with described background server to be signed the signing messages obtained to described ID card information;

Memory module, stores information for preserving described identity;

Receiver module, for receiving the reading command that the first preposition terminal of being connected with described background server sends;

Sending module, for reading information being sent to described first preposition terminal, wherein, described reading information at least comprises: described ID card information or described identity store information;

Processing module, after performing following process one of at least, trigger described sending module and described reading information is sent to described first preposition terminal: determine that described reading command is preset instructions, get the instruction confirming to send, store information to described ID card information or described identity to be encrypted and using the information after encryption as reading information, to described ID card information or described identity store information sign and the information after information and signature that described ID card information or described identity are stored as reading information.

7. electronic signature equipment according to claim 6, is characterized in that,

Described processing module, also for sign test is carried out to described signing messages and sign test by the described memory module of rear triggering preserve described identity store information.

8. the electronic signature equipment according to claim 6 or 7, is characterized in that, acquisition module, obtains one of in the following manner identity and stores information:

Receive and be arranged on described ID card information that card reader of ID card in described electronic signature equipment reads and receive the described signing messages that the second preposition terminal of being connected with described background server sends;

9. the electronic signature equipment according to any one of claim 6 to 8, is characterized in that, described processing module gets in the following manner and confirms to send:

10. the electronic signature equipment according to any one of claim 6 to 9, is characterized in that,

Described reading command comprises: single authentication information;

Described processing module, stores information to described ID card information or described identity in the following manner and is encrypted: be encrypted described ID card information and described single authentication information or be encrypted described identity storage information and described single authentication information;

Described processing module, stores information to described ID card information or described identity in the following manner and signs: sign to described ID card information and described single authentication information or sign to described identity storage information and described single authentication information.

11. 1 kinds of ID card informations obtain system, it is characterized in that, comprising: the electronic signature equipment as described in any one of claim 6 to 10, the first preposition terminal, the second preposition terminal and with as described in the first preposition terminal and as described in the background server that is connected of the second preposition terminal.