CN106375302B - Method and system for reading resident certificate card information and resident certificate card reading device - Google Patents

Method and system for reading resident certificate card information and resident certificate card reading device Download PDF

Info

Publication number
CN106375302B
CN106375302B CN201610780394.6A CN201610780394A CN106375302B CN 106375302 B CN106375302 B CN 106375302B CN 201610780394 A CN201610780394 A CN 201610780394A CN 106375302 B CN106375302 B CN 106375302B
Authority
CN
China
Prior art keywords
card
resident
resident certificate
certificate card
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610780394.6A
Other languages
Chinese (zh)
Other versions
CN106375302A (en
Inventor
李明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Corp
Original Assignee
李明
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 李明 filed Critical 李明
Priority to CN201610780394.6A priority Critical patent/CN106375302B/en
Publication of CN106375302A publication Critical patent/CN106375302A/en
Application granted granted Critical
Publication of CN106375302B publication Critical patent/CN106375302B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides a method and a system for reading resident certificate card information and a resident certificate card information reading device, wherein the method comprises the following steps: after receiving an operation request of a terminal, a resident certificate card reading device sends a card searching request to first resident certificate card safety verification control equipment through a server, and starts a card searching process, a card selecting process and a card reading process; the resident certificate card reading device, the terminal and the server transmit interactive information between the first resident certificate card security verification control equipment and the resident certificate card in the process of reading the resident certificate card information by the first resident certificate card security verification control equipment; the resident certificate card reading device receives resident certificate card information sent by the first resident certificate card safety verification control device through the terminal and the server. The device has the advantages that a plurality of resident certificate card reading devices can share the same resident certificate card safety verification control equipment, and therefore the utilization rate of the resident certificate card safety verification control equipment can be improved.

Description

Method and system for reading resident certificate card information and resident certificate card reading device
Technical Field
The invention relates to the technical field of electronics, in particular to a method and a system for reading resident certificate card information and a resident certificate card reading device.
Background
The existing front-end resident certificate card reading device has at least two modules, including a reading module and an SAM (resident certificate card verification security control) module. Because each front-end resident certificate card reading device is provided with the SAM module, the manufacturing cost of the existing front-end resident certificate card reading device is high; moreover, the SAM module can only carry out identity verification on the resident certificate card information read by one reading module, so that the utilization rate of the existing front-end resident certificate card reading device is low.
Disclosure of Invention
The present invention is directed to solving one of the problems set forth above.
The invention mainly aims to provide a method for reading resident certificate card information;
still another object of the present invention is to provide a resident identification card reading apparatus;
another object of the present invention is to provide a system for reading resident identification card information.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
scheme 1, a method for reading resident certificate card information, including: step 1, a terminal sends a starting operation request to a resident certificate card reading device; step 2, after the resident certificate card reading device receives the starting operation request sent by the terminal, periodically broadcasting a card searching instruction; step 3, the resident certificate card reading device receives a response message returned by the resident certificate card; step 4, the resident certificate card reading device judges that the response message is card searching confirmation data aiming at the card searching instruction; step 5, the resident certificate card reading device stops broadcasting the card searching command and sends a card searching request to the terminal; step 6, the terminal receives the card searching request and sends the card searching request to a server through a network; step 7, the server receives the card searching request and sends the card searching request to first resident certificate card verification safety control equipment; step 8, the first resident certificate card verification security control equipment receives the card searching request and sends a card searching response to the server, wherein the card searching response carries card searching response data; step 9, the server receives the card searching response and sends the card searching response to the terminal through a network; step 10, the terminal receives the card searching response and sends the card searching response to the resident certificate card reading device; step 11, the resident certificate card reading device receives the card searching response sent by the terminal, and obtains the card searching response data; step 12, the resident certificate card reading device determines that the card searching response data is response data responding to the card searching request, and sends the card searching confirmation data to the terminal; step 13, the terminal receives the card searching confirmation data and sends the card searching confirmation data to the server; step 14, the server receives the card searching confirmation data and sends the card searching confirmation data to the first resident certificate card verification safety control equipment; step 15, the resident certificate card reading device sends a card selection instruction to the resident certificate card; step 16: the resident certificate card reading device receives card selection confirmation data sent by the resident certificate card, wherein the card selection confirmation data at least comprises unique identification information of the resident certificate card; and step 17: the resident certificate card reading device sends a card selection request to the terminal; step 18: the terminal receives the card selection request and sends the card selection request to the server; step 19: the server receives the card selection request and sends the card selection request to the first resident certificate card verification safety control equipment; step 20, the first resident certificate card verification security control equipment receives the card selection request; step 21, the first resident certificate card verification security control equipment sends a card selection request response to the server, wherein the card selection request response carries card selection request response data; step 22, the server receives the card selection request response and sends the card selection request response to the terminal; step 23, the terminal receives the card selection request response and sends the card selection request response to the resident certificate card reading device; step 24, the resident certificate card reading device receives a card selection request response sent by the terminal, and card selection request response data are obtained; step 25, the resident certificate card reading device determines that the card selection request response data is response data aiming at the card selection request, and sends the card selection confirmation data to the terminal; step 26, the terminal receives the card selection confirmation data and sends the card selection confirmation data to the server; step 27, the server receives the card selection confirmation data and sends the card selection confirmation data to the first resident certificate card verification safety control equipment; step 28, the resident certificate card reading device sends a card reading instruction to the resident certificate card; step 29, the resident certificate card reading device receives the card reading confirmation data returned by the resident certificate card; step 30, the resident certificate card reading device sends a card reading request to the terminal; step 31, the terminal receives the card reading request and sends the card reading request to the server; step 32, the server receives the card reading request and sends the card reading request to the first resident certificate card verification safety control device, wherein the card reading request is used for indicating the first resident certificate card verification safety control device to start a process of reading resident certificate card information; step 33, the first resident certificate card verification safety control device receives the card reading request and starts a process of reading resident certificate card information; step 34, the resident certificate card reading device, the terminal and the server transmit interactive information between the first resident certificate card verification safety control device and the resident certificate card in a process that the first resident certificate card verification safety control device reads resident certificate card information; step 35, the server receives the resident certificate card information sent by the first resident certificate card verification safety control device after the resident certificate card information stored in the resident certificate card is read; step 36, the server sends the resident certificate card information to the terminal; step 37, the terminal receives the resident certificate card information and sends the resident certificate card information to the resident certificate card reading device; and step 38, the resident identification card reading device receives the resident identification card information.
Scheme 2, according to the method of scheme 1, the card-searching request carries at least first identity authentication data; before the first resident identification card verification security control device sends the card searching response to the server, the method further comprises: and the first resident certificate card verification safety control equipment authenticates the identity of the resident certificate card reading device according to the first identity authentication data carried in the card searching request, and executes the step of sending the card searching response to the server under the condition that the identity is authenticated.
Scheme 3, according to the method of scheme 1 or 2, the card-searching response carries at least second identity authentication data; after the resident certificate card reading device receives the card searching response sent by the terminal and before the card searching response data is acquired, the method further comprises the following steps: and the resident certificate card reading device authenticates the identity of the first resident certificate card verification safety control device according to the second identity authentication data, and executes the step of acquiring the card searching response data under the condition that the authentication is passed.
Scheme 4, according to the method of any one of schemes 1 to 3, the card selection request carries third identity authentication data; before the first resident identification card verification security control device transmits the card selection request response to the server after receiving the card selection request, the method further includes: and the first resident certificate card verification safety control equipment authenticates the identity of the resident certificate card reading device according to third identity authentication data carried in the card selection request, and executes the step of sending the card selection request response to the server under the condition that the authentication is passed.
Scheme 5, according to the method of any one of schemes 1 to 4, the card selection request response carries at least fourth identity authentication data; after the resident certificate card reading device receives the card selection request response sent by the terminal, before the card selection request response data is acquired, the method further comprises the following steps: and authenticating the identity of the first resident certificate card verification safety control device according to the fourth identity authentication data, and under the condition that the authentication is passed, executing the step of acquiring the card selection request response data.
Scheme 6, according to the method of any one of schemes 1 to 5, the card reading request at least carries fifth identity authentication data; after the first resident identification card verification security control device receives the card reading request, before the first resident identification card verification security control device starts a process of reading resident identification card information, the method further includes: and the first resident certificate card verification safety control equipment authenticates the identity of the resident certificate card reading device according to the fifth identity authentication data, and executes the step of starting the process of reading the resident certificate card information under the condition that the authentication is passed.
Scheme 7, the method according to any one of the schemes 1 to 6, before the first resident certificate card authentication security control device starts a flow of reading resident certificate card information, the method further comprising: the resident certificate card reading device negotiates with the first resident certificate card verification safety control device through the terminal and the server, and the resident certificate card reading device and the first resident certificate card verification safety control device obtain a session key; after the resident certificate card reading device and the first resident certificate card verification security control device obtain the session key, the method further includes: in the subsequent communication process of the resident identification card reading device and the first resident identification card verification security control device, the resident identification card reading device and the first resident identification card verification security control device use the session key to encrypt the transmitted data and decrypt the received data.
Scheme 8, the method according to any one of schemes 1 to 7, wherein the sending, by the server, the card searching request to the first resident certificate card verification security control device includes: the server selects a first resident certificate card verification safety control device from a plurality of resident certificate card safety control devices; and the server sends the card searching request to the selected first resident certificate card verification safety control equipment.
Scheme 9, the method according to scheme 8, wherein the server selects the first resident certificate card verification security control device from a plurality of resident certificate card security control devices, and the method comprises: the server selects resident certificate card safety control equipment corresponding to the terminal from a pre-stored corresponding relation as the first resident certificate card verification safety control equipment, wherein one or more terminals corresponding to each resident certificate card safety control equipment in the plurality of resident certificate card safety control equipment are recorded in the corresponding relation; or the server selects resident certificate card security verification control equipment with the current working state being idle as the first resident certificate card security verification control equipment.
Claim 10, the method according to any one of claims 1 to 9, wherein after the resident identification card reading means receives the resident identification card information transmitted by the first resident identification card security verification control device, the method further comprises: sending the resident certificate card information to a storage device for storage; and/or sending the resident certificate card information to a display device for displaying.
Scheme 11, a resident's certificate card reading device includes:
the second transceiver module is used for triggering the first transceiver module to periodically broadcast a card searching instruction after receiving the starting operation request sent by the terminal;
the first transceiving module is used for periodically broadcasting a card searching instruction and receiving a response message returned by the resident certificate card;
the first processing module is used for judging whether the response message is card searching confirmation data aiming at the card searching instruction, and if yes, the first receiving and sending module is informed to stop broadcasting the card searching instruction, and the second receiving and sending module is triggered to send a card searching request to the first resident certificate card verification safety control device through the terminal and the server;
the second transceiver module is configured to send a card searching request to the first resident identification card verification security control device through the terminal and the server, and receive the card searching response sent by the first resident identification card verification security control device through the server and the terminal, where the card searching response carries card searching response data;
the first processing module is further configured to obtain the card-searching response data, determine that the card-searching response data is response data in response to the card-searching request, and trigger the second transceiver module to send the card-searching confirmation data to the first resident certificate card verification security control device through the terminal and the server;
the second transceiver module is further configured to send the card searching confirmation data to the first resident certificate card verification security control device through the terminal and the server;
the first transceiver module is further configured to send a card selection instruction to the resident certificate card, and receive card selection confirmation data sent by the resident certificate card, where the card selection confirmation data at least includes unique identification information of the resident certificate card;
the second transceiver module is further configured to send a card selection request to the first resident identification card verification security control device through the terminal and the server, and receive a card selection request response sent by the first resident identification card verification security control device through the server and the terminal, where the card selection request response carries card selection request response data;
the first processing module is further configured to obtain the card selection request response data, determine that the card selection request response data is response data for the card selection request, and trigger the second transceiver module to send the card selection confirmation data to the first resident certificate card verification security control device through the terminal and the server;
the second transceiver module is further configured to send the card selection confirmation data to the first resident certificate card verification security control device through the terminal and the server;
the first transceiver module is further configured to send a card reading instruction to the resident certificate card and receive card reading confirmation data returned by the resident certificate card;
the second transceiving module is further configured to send a card reading request to the first resident certificate card verification security control device through the terminal and the server, where the card reading request is used to instruct the first resident certificate card verification security control device to start a process of reading resident certificate card information;
the first transceiver module is further configured to receive first interaction information sent by the resident certificate card to the resident certificate card verification security control device in a process of reading resident certificate card information by the first resident certificate card verification security control device, and transmit second interaction information sent by the first resident certificate card verification security control device to the resident certificate card;
the second transceiver module is further configured to send the first interaction information to the first resident certificate card verification security control device through the terminal and the server, and receive the second interaction information sent by the first resident certificate card verification security control device through the server and the terminal;
the second transceiver module is also used for receiving the resident certificate card information which is sent by the first resident certificate card verification safety control equipment after the resident certificate card information stored by the resident certificate card is read through the server and the terminal.
In the apparatus according to claim 12 and 11, the first processing module is further configured to obtain first identity authentication data, and carry the first identity authentication data in the card searching request.
In scheme 13, according to the apparatus in scheme 11 or 12, the card-searching response at least carries second identity authentication data; the first processing module obtains the card searching response data in the following way: and authenticating the identity of the first resident certificate card verification safety control equipment according to the second identity authentication data, and acquiring the card searching response data under the condition that the authentication is passed.
The apparatus according to any one of claims 14 and 11 to 13, wherein the first processing module is further configured to obtain third authentication data before the second transceiver module sends the card selection request to the first resident certificate card verification security control device through the terminal and the server, and carry the third authentication data in the card selection request.
In scheme 15, according to the apparatus in any one of schemes 11 to 14, the card selection request response at least carries fourth identity authentication data; the first processing module obtains the card selection request response data in the following mode: and authenticating the identity of the first resident certificate card verification safety control equipment according to the fourth identity authentication data, and acquiring the card selection request response data under the condition that the authentication is passed.
The apparatus according to any one of the claims 16 and 11 to 15, wherein the first processing module is further configured to, before the second transceiver module sends a card reading request to the first resident certificate card verification security control device through the terminal and the server, acquire fifth authentication data, and carry the fifth authentication data in the card reading request.
The apparatus of claim 17, the apparatus of any of claims 11 to 16, further comprising: the key negotiation module is used for negotiating with the first resident certificate card verification security control device through the terminal and the server to obtain a session key before the second transceiver module sends a card reading request to the first resident certificate card verification security control device through the terminal and the server; the second transceiver module sends the first interactive information to the first resident certificate card verification security control device through the terminal and the server in the following way: the second transceiving module encrypts the first interaction information by adopting the session key to obtain a first interaction information ciphertext, and sends the first interaction information ciphertext to the first resident certificate card verification safety control equipment through the terminal and the server; the second transceiver module passes through the server with the terminal is received first resident's certificate card verifies that the safety control equipment sends the second mutual information and pass through the server with the terminal is received first resident's certificate card verifies that the safety control equipment is reading resident's certificate card information that resident's certificate card storage sent after the resident's certificate card information: the second transceiving module receives a second interactive information ciphertext sent by the first resident certificate card verification safety control device through the server and the terminal, and decrypts the second interactive information ciphertext by adopting the session key to obtain second interactive information; and the second transceiving module receives a resident certificate card information ciphertext sent by the first resident certificate card verification safety control device through the server and the terminal, and decrypts the resident certificate card information ciphertext by adopting the session key to obtain the resident certificate card information.
Scheme 18 the apparatus of any of schemes 11 to 17, further comprising: the storage module is used for storing the resident certificate card information; and/or the display module is used for displaying the resident certificate card information.
Scheme 19, a system for reading resident certificate card information, comprising: terminal, server, resident's certificate card reading device and first resident's certificate card verify safety control equipment: the resident certificate card reading device comprises the device of any one of the above aspects 11 to 18; the terminal is connected between the resident certificate card reading device and the server, and is used for sending a starting operation request to the resident certificate card reading device and transmitting interactive information between the resident certificate card reading device and the first resident certificate card verification safety control equipment with the server; the server is connected between the terminal and the first resident certificate card verification safety control device and is used for transmitting information interacted between the resident certificate card reading device and the first resident certificate card verification safety control device with the terminal; and the first resident certificate card verification safety control equipment is used for receiving a request sent by the resident certificate card reading device through the terminal and the server and executing operation corresponding to the request.
Scheme 20, the system according to scheme 19, wherein the server is further configured to select the first resident certificate card verification security control device from a plurality of resident certificate card security control devices when the request sent by the resident certificate card reading means for the first time is received through the terminal.
Scheme 21, the system according to scheme 20, wherein the server selects the first resident certificate card verification security control device from a plurality of resident certificate card security control devices by one of: selecting resident certificate card safety control equipment corresponding to the terminal from a pre-stored corresponding relationship as the first resident certificate card verification safety control equipment, wherein one or more terminals corresponding to each resident certificate card safety control equipment in the plurality of resident certificate card safety control equipment are recorded in the corresponding relationship; or, selecting the resident certificate card safety control equipment with the current working state being idle as the first resident certificate card verification safety control equipment.
Scheme 22 the system of any of schemes 19 to 21, further comprising: a storage device and/or a display device; the resident certificate card reading device is also used for sending the resident certificate card information to the display device; the display device is also used for displaying the resident certificate card information; the resident certificate card reading device is also used for sending the resident certificate card information to the storage device; and the storage device is used for storing the resident certificate card information.
According to the technical scheme provided by the invention, the resident certificate card reading device with the card reading and/or writing functions is arranged independently from the first resident certificate card safety verification control device, the resident certificate card reading device can perform information interaction with the first resident certificate card safety verification control device through the terminal and the server, the resident certificate card reading device can be connected with the resident certificate card, and the resident certificate card reading device, the terminal and the server are used as a bridge for performing information interaction between the resident certificate card and the first resident certificate card safety verification control device, so that the first resident certificate card safety verification control device can acquire resident certificate card information. In practical application, a plurality of terminals and corresponding resident certificate card reading devices with card reading and/or writing functions can be arranged, each resident certificate card reading device can be connected to the first resident certificate card safety verification control equipment through a server, so that the plurality of resident certificate card reading devices can share the same resident certificate card safety verification control equipment, and the utilization rate of the resident certificate card safety verification control equipment can be improved; in addition, each terminal only needs to be connected with a resident certificate card reading device only having a card reading and/or writing function, and corresponding resident certificate card safety verification control equipment does not need to be configured for each resident certificate card reading device, so that the cost is saved. In addition, when a plurality of resident certificate card safety verification control devices exist, the server can be connected to the resident certificate card safety verification control devices through a network, and the most appropriate resident certificate card safety verification control device is selected by the server at the moment, so that the optimized overall configuration of the resident certificate card safety verification control devices is realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a system for reading information of a resident certificate card according to embodiment 1 of the present invention;
fig. 2 is a schematic structural diagram of a terminal according to embodiment 2 of the present invention;
fig. 3 is a schematic structural diagram of another terminal provided in embodiment 2 of the present invention;
fig. 4 is a flowchart of a method for reading resident identification card information according to embodiment 3 of the present invention;
fig. 5 is a flowchart of an alternative method for reading the information of the resident identification card according to embodiment 4 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
Fig. 1 is a schematic structural diagram of a system for reading information of a resident identification card according to embodiment 1 of the present invention, and the system for reading information of a resident identification card according to the embodiment of the present invention mainly includes: the system comprises one or more resident certificate card reading devices 10 and one or more terminals 40, wherein each resident certificate card reading device is correspondingly provided with one terminal, a server 30 and one or more first resident certificate card verification safety control devices 20, as shown in fig. 1, the resident certificate card reading device 10 is connected with the corresponding terminal 40, the server 30 is connected between the terminal 40 and the first resident certificate card verification safety control device 20, each terminal 40 can be provided with two communication interfaces (wired interfaces, such as a USB interface, a serial port, an earphone interface and the like, or wireless interfaces, such as Bluetooth, WIFI and the like), and can be respectively connected to the resident certificate card reading devices 10 and the server 30. Each resident identification card reading device 10 can communicate with the resident identification card, for example, the resident identification card is communicated with the resident identification card by radio frequency, the server 30 can also be provided with at least two communication interfaces (wired interface or wireless interface) which are respectively connected to the terminal 40 and the first resident identification card security verification control device 20, and the communication data of the resident identification card and the first resident identification card security verification control device 20 is transmitted through the terminal 40 and the server 30. In this embodiment, the resident identification card reading device 10 may include an SAM (resident identification card authentication security control) module, and the description of the specific structure is given with reference to the description of embodiment 2. In this embodiment, the terminal 40 is a device capable of communicating and sending instructions, such as a PC, a PAD (PAD), a smart phone, a smart wearable device, and an electronic signature device (e.g., a U shield of a work bank, a K bank of a farming bank, etc.).
In the system, a first resident certificate card verification safety control device can be connected with a plurality of terminals and corresponding resident certificate card reading devices through a server so as to improve the utilization rate of the first resident certificate card verification safety control device; meanwhile, a plurality of resident certificate card verification safety control devices can be provided, the utilization rate of the first resident certificate card verification safety control device is improved, the reading speed of each resident certificate card reading device can be guaranteed, and the phenomenon that when a plurality of resident certificate card reading devices wait to be connected to the first resident certificate card verification safety control device, the waiting time of each resident certificate card reading device is too long is avoided.
The first resident identification card security verification control device 20 is used for receiving the request sent by the resident identification card reading device 10 through the terminal 40 through the server 30 and executing the operation corresponding to the request sent by the resident identification card reading device 10.
The server 30 is configured to transmit (the transmission may be transparent transmission or transmission after processing) the mutual information between the resident certificate card reading apparatus 10 and the first resident certificate card security verification control device 20, and the server 30 may be an independent hardware device (e.g., a PC, a router, etc.), or may be a virtual module. Of course, the server 30 may also be a cluster server or a distributed server. The present invention is not limited to the server 30, and the server 30 may perform the functions of the server 30 in the embodiments of the present invention.
A terminal 40, configured to send a start operation request to the resident identification card reading device 10, and transmit (the transmission may be transparent transmission or transmission after processing, etc.) information interacted between the resident identification card reading device and the first resident identification card verification security control device with the server;
in the embodiment of the present invention, the resident identification card reading apparatus 10 may periodically broadcast the card searching command, stop broadcasting the card searching command after receiving the response message returned by the resident identification card, send the card searching request to the first resident identification card security verification control device 20 through the terminal 40 and the server 30, trigger the card searching process, send the card searching confirmation data to the first resident identification card security verification control device 20 through the terminal 40 and the server 30 after receiving the card searching response returned by the first resident identification card security verification control device 20 through the terminal 40 and the server 30, then enter the card selecting process, send the card selecting command to the resident identification card, send the card selecting request to the first resident identification card security verification control device 20 through the terminal 40 and the server 30 after receiving the card selecting confirmation data returned by the resident identification card, and receive the card selecting response returned by the first resident identification card security verification control device 20 through the terminal 40 and the server 30 Then, the card selection confirmation data is sent to the first resident identification card security verification control device 20 through the terminal 40 and the server 30, then the card reading process is entered, a card reading instruction is sent to the resident identification card, after receiving the card reading confirmation data returned by the resident certificate card, sending a card reading request to the first resident certificate card security verification control device 20 through the terminal 40 and the server 30, instructing the first resident certificate card security verification control device 20 to start a process of reading the resident certificate card information, wherein the resident certificate card reading device 10 and the server 30 are in the process of reading the resident certificate card information by the first resident certificate card security verification control device 20, and finally, the resident certificate card information sent by the first resident certificate card security verification control device 20 after the resident certificate card information stored in the resident certificate card is read is received through the terminal 40 and the server 30.
In the card searching process, the card selecting process and the card reading process, the resident identification card reading device 10 performs mutual authentication with the first resident identification card verification security control device 20 through the terminal 40 and the server 30, and after the authentication is completed, the subsequent processes can be performed. After the first resident certificate card verification safety control device 20 reads resident certificate card information stored in the resident certificate card, the resident certificate card information can be decrypted, the decrypted resident certificate card information is sent to the resident certificate card reading device 10 through the terminal 40 and the server 30, and the resident certificate card reading device 10 receives the resident certificate card information sent after the first resident certificate card verification safety control device 20 reads the resident certificate card information stored in the resident certificate card through the terminal 40 and the server 30. Through the card searching process, the resident certificate card can be ensured to exist in the reading range of the resident certificate card reading device 10 before the resident certificate card information reading process is executed, and the condition that the resident certificate card information cannot be acquired in the subsequent resident certificate card information reading process is avoided. Through the card selecting process, the first resident identification card verification safety control device can determine which resident identification card is specifically connected.
The resident certificate card reading device 10 provided based on the embodiment of the present invention is equivalent to a reading module in the existing resident certificate card reading device, has only an information interaction function, and does not have other functions such as SAM authentication of the existing resident certificate card reading device, and is independent of the first resident certificate card verification security control device, and the reading module in the resident certificate card reading device is structurally separated from the SAM module, and the resident certificate card reading device 10 can perform information interaction with the first resident certificate card verification security control device through the server 30, and can be used as a bridge for performing information interaction with the first resident certificate card verification security control device and the terminal 40 and the server 30.
In addition, the resident certificate card information stored in the resident certificate card is encrypted and transmitted, and due to the particularity of the resident certificate card, only the resident certificate card verification safety control device (SAM module) can decrypt the resident certificate card information stored in the resident certificate card. In a specific implementation process, when the resident identification card reading apparatus 10 sends a first request (card search request) to the first resident identification card verification security control device 20 through the terminal 40 and the server 30, the content that needs to be decrypted by the first resident identification card verification security control device 20 may be set, for example, the first resident identification card verification security control device 20 may be set to read only the basic information (for example, name, gender, month of birth, and the like) stored in the resident identification card, the first resident identification card verification security control device 20 may also be set to read the basic information + the photo + the fingerprint information and the like stored in the resident identification card, and the setting may be specifically performed as needed.
In an optional implementation of the embodiment of the present invention, the system for reading the resident identification card information may further include: a storage device 50 and a display device 60; at this time, the resident identification card reading device 10 can also be used for sending the resident identification card information to the storage device 50 and/or the display device 60; a storage device 50 for storing resident certificate card information; and the display device 60 is used for displaying the resident certificate card information. In the specific implementation process, after receiving the resident certificate card information sent by the first resident certificate card verification security control device 20, the resident certificate card reading device 10 can display the resident certificate card information, and also can store the resident certificate card information, and at this time, the resident certificate card reading device 10 can send the resident certificate card information to the storage device for storage, so that when the resident certificate card is used again later, the user can not carry the resident certificate card, and only the storage device can be carried. In order to ensure the security of storage, the resident identification card reading device 10 may transmit the resident identification card information to the storage device to be encrypted and stored.
In a specific implementation, the storage device 50 can be disposed in the resident identification card reading device 10, as a part of the resident identification card reading device 10, or can be disposed outside the resident identification card reading device 10. The storage device may be a single storage device or a device integrated with other functions, for example, in an application scenario of bank transaction, the storage device may be an electronic signature device (e.g., a work unit U shield, a farm unit K bank, etc.). In addition, the resident identification card information may be stored in the storage device 50 in a plaintext form, or may be stored in the storage device 50 in an encrypted form, and the embodiment is not limited in this embodiment. Likewise, the display device 60 may be provided in the resident identification card reading device 10 as a part of the resident identification card reading device 10, or may be provided outside the resident identification card reading device 10. The display device can be a single display device or a device integrated with other functions.
The system provided by the embodiment can be applied to a banking system, wherein the resident identification card reading device 10 can be the front end of a bank counter, one or more resident identification card reading devices 10 can be arranged at each business place, the terminal 40 can be a front terminal connected with the resident identification card reading device 10, and the resident identification card verification safety control device can also be arranged at each business place.
As an optional implementation manner in the present embodiment, in the case where there are a plurality of resident certificate card authentication security control devices, the server 30 is further configured to select a first resident certificate card security authentication control device from the plurality of resident certificate card security authentication control devices upon receiving a request (card search request) transmitted by the resident certificate card reading apparatus 10 for the first time through the terminal 40. Through the above optional implementation manner, a plurality of resident certificate card verification safety control devices can be set during specific implementation, the server 30 selects the first resident certificate card verification safety control device 20 first, and then connects with the first resident certificate card verification safety control device 20, and transmits data between the resident certificate card reading device 10 and the first resident certificate card verification safety control device 20 with the terminal 40, thereby ensuring that the utilization rate of the first resident certificate card verification safety control device 20 is improved, and simultaneously ensuring the reading speed of each resident certificate card reading device, so that when a plurality of resident certificate card reading devices wait to be connected to the first resident certificate card verification safety control device 20, the waiting time of each resident certificate card reading device is not too long.
Specifically, the server 30 may select the first resident certificate card security verification control device from the plurality of resident certificate card security verification control devices by one of the following manners:
the first method is as follows: selecting the resident certificate card security verification control device 20 corresponding to the terminal 40 from a pre-stored corresponding relationship as a first resident certificate card security verification control device, wherein the corresponding relationship records one or more terminals corresponding to each resident certificate card security verification control device in the plurality of resident certificate card security verification control devices;
in practical application, as an optional embodiment, the server 30 may be connected to a plurality of terminals 40, and may store in advance the correspondence between the terminals 40 and the respective first resident certificate card verification security control devices 20; as a preferable scheme, when a request (card searching request) sent from the resident identification card reading device through the terminal 40 is received for the first time, the server 30 may select the first resident identification card verification security control device 20 corresponding thereto from the plurality of resident identification card verification security control devices according to the correspondence, and accordingly, initiate a card searching request to the first resident identification card verification security control device 20 to establish a connection with the first resident identification card verification security control device 20. With this alternative embodiment, the step of selecting the first resident certificate card verification security control device is performed only when the resident certificate card reading device first receives a card search request sent by the terminal 40, and the step of selecting the first resident certificate card verification security control device is not performed when the operation request of the resident certificate card reading device is subsequently received, so that the connection speed between the server 30 and the terminal 40 can be greatly increased. Of course, the above-described step of selecting the first resident certificate card authentication security control device 20 may be performed each time an operation request transmitted from the resident certificate card reading apparatus through the terminal 40 is received. With this alternative embodiment, in a scenario where there are a plurality of resident certificate card authentication security control devices, the server 30 can self-select the first resident certificate card authentication security control device 20, improving system manageability.
The second method comprises the following steps: and selecting the resident certificate card safety verification control equipment with the current working state being idle as first resident certificate card safety verification control equipment.
In practical application, as an optional embodiment, the server 30 may further record the operating status of each resident certificate card verification security control device in the plurality of resident certificate card verification security control devices connected thereto, and after sending and receiving the card searching request sent by the resident certificate card reading apparatus 10, the server 30 may select, according to the operating status of each resident certificate card verification security control device, the resident certificate card verification security control device whose current operating status is idle as the first resident certificate card verification security control device 20, send the card searching request to the first resident certificate card verification security control device 20, and mark the operating status of the first resident certificate card verification security control device 20 as non-idle. With this alternative embodiment, it is possible to avoid a situation where one resident certificate card authentication security control apparatus receives information of a plurality of resident certificate card reading devices 10 at the same time, resulting in a decrease in efficiency.
In an optional implementation of the embodiment of the present invention, in order to quickly release the unused resident identification card verification security control device, the server 30 may further mark the operating state of the first resident identification card verification security control device 20 as idle after the resident identification card reading means 10 finishes communicating with the first resident identification card verification security control device 20.
Based on the system for reading the resident identification card information provided by the embodiment of the present invention, the resident identification card reading device 10 is provided independently from the first resident identification card verification security control device 20(SAM module), the resident identification card reading device 10 can be connected to the terminal 40 in a wired manner (e.g. wired network manner such as internet, local area network, etc.) or in a wireless manner (e.g. wireless network manner such as WIFI, 3G, 4G, etc.), the terminal 40 can be connected to the server 30 in a wired or wireless manner, the server 30 can be connected to the first resident identification card verification security control device 20 in a wired or wireless manner, the resident identification card reading device 10 can perform information interaction with the first resident identification card verification security control device 20 through the terminal 40 and the server 30, and the terminal 40 and the server 30 are used as a bridge for performing information interaction with the first resident identification card verification security control device 20 through the resident identification card, in practical application, a plurality of resident identification card reading devices 10 can be provided, and each resident identification card reading device 10 is connected with the first resident identification card verification safety control device 20 through the terminal 40 and the server 30, so that the utilization rate of the first resident identification card verification safety control device 20 can be improved. Also can set up a plurality of resident's certificate card and verify the safety control equipment, server 30 selects first resident's certificate card from a plurality of resident's certificate card verification safety control equipment earlier and verifies the safety control equipment, then with resident's certificate card reading device 10 through the information transmission that terminal 40 sent to this first resident's certificate card verification safety control equipment, when guaranteeing to improve the utilization ratio that first resident's certificate card verified the safety control equipment, also can guarantee every resident's certificate card reading device's reading speed, be unlikely to when a plurality of resident's certificate card reading devices wait to be connected to first resident's certificate card verification safety control equipment, every resident's certificate card reading device's latency overlength.
Example 2
Fig. 2 is a schematic structural diagram of a resident identification card reading device 10 in a system for reading information of a resident identification card according to embodiment 1 of the present invention, and as shown in fig. 2, the resident identification card reading device 10 according to embodiment 1 of the present invention mainly includes: a first transceiver module 101, a first processing module 102, and a second transceiver module 103.
In the embodiment of the present invention, the first transceiver module 101 interacts with (sends a request to and receives information from) the resident identification card to transmit interaction information between the first resident identification card verification security control device 20 and the resident identification card, which may be specifically an identification card such as a resident identification card, a driver's license, a student's license, and the like in this embodiment. The second transceiving module 103 interacts with the terminal 40 (sends a request and receives information) to transmit information between the first resident certificate card authentication security control device 20 and the resident certificate card through the terminal 40 and the server 30, and in this embodiment, the first resident certificate card authentication security control device 20 includes an SAM module. Wherein: the second transceiver module 103 is configured to trigger the first transceiver module 101 to periodically broadcast a card-searching instruction after receiving a start operation request sent by the terminal 40; the first transceiving module 101 is configured to periodically broadcast a card searching instruction and receive a response message returned by the resident certificate card; the first processing module 102 is configured to determine whether the response message is card searching confirmation data for the card searching instruction, and if yes, notify the first transceiver module to stop broadcasting the card searching instruction, and trigger the second transceiver module 103 to send a card searching request to the first resident certificate card verification security control device 20 through the terminal 40 and the server 30; the second transceiving module 103 is used for sending a card searching request to the first resident identification card verification security control device 20 through the terminal 40 and the server 30, and receiving a card searching response sent by the first resident identification card verification security control device 20 through the terminal 40 and the server 30; the first processing module 102 is further configured to obtain card-searching response data, determine that the card-searching response data is response data in response to the card-searching request, and trigger the second transceiver module 103 to send card-searching confirmation data to the first resident certificate card verification security control device 20 through the terminal 40 and the server 30; the second transceiving module 103 is further configured to send card searching confirmation data to the first resident certificate card verification security control device 20 through the terminal 40 and the server 30; the first transceiving module 101 is further configured to send a card selection instruction to the resident identification card, and receive card selection confirmation data sent by the resident identification card, where the card selection confirmation data at least includes unique identification information of the resident identification card; the second transceiving module 103 is further configured to send a card selection request to the first resident identification card verification security control device 20 through the terminal 40 and the server 30, and receive a card selection request response sent by the first resident identification card verification security control device 20 through the terminal 40 and the server 30; the first processing module 102 is further configured to determine that the card selection request response is response data for the card selection request, and trigger the second transceiver module 103 to send card selection confirmation data to the first resident identification card verification security control device 20 through the terminal 40 and the server 30; the second transceiving module 103 is further configured to send the card selection confirmation data to the first resident certificate card verification security control device 20 through the terminal 40 and the server 30; the first transceiver module 101 is further configured to send a card reading instruction to the resident certificate card and receive card reading confirmation data returned by the resident certificate card; the second transceiving module 103 is further configured to send a card reading request to the first resident certificate card verification security control device 20 through the terminal 40 and the server 30, where the card reading request is used to instruct the first resident certificate card verification security control device 20 to start a process of reading resident certificate card information; the first transceiving module 101 is further configured to, in a process that the first resident identification card verification security control device 20 reads the resident identification card information, receive first interaction information that the resident identification card sends to the first resident identification card verification security control device 20, and transmit second interaction information that the first resident identification card verification security control device 20 sends to the resident identification card; the second transceiver module 103 is further configured to send the first interaction information to the first resident certificate card verification security control device 20 through the terminal 40 and the server 30, and receive the second interaction information sent by the first resident certificate card verification security control device 20 through the terminal 40 and the server 30; the second transceiving module 103 is further configured to receive, through the terminal 40 and the server 30, the resident identification card information sent by the first resident identification card verification security control device 20 after reading the resident identification card information stored in the resident identification card.
In a specific implementation process, the resident identification card reading device 10 transmits a request and data between the resident identification card and the first resident identification card verification security control device 20 through the first transceiver module 101 and the second transceiver module 103, and after the card searching process and the card selecting process are finished, enters a process (card reading process) in which the first resident identification card verification security control device 20 reads the information of the resident identification card. In the process of reading the resident certificate card information by the first resident certificate card verification security control device 20, the interactive information between the resident certificate card and the first resident certificate card verification security control device 20 is transmitted through the first transceiving module 101 and the second transceiving module 103, in the process of information interaction between the first resident certificate card verification security control device 20 and the resident certificate card, the first transceiving module 101 sends an instruction to the resident certificate card and receives information returned by the resident certificate card, the second transceiving module 103 sends a request to the first resident certificate card verification security control device 20 through the terminal 40 and the server 30 and receives a response and information returned by the first resident certificate card verification security control device 20, and sends the read resident certificate card information to the second transceiving module 103 through the server 30 and the terminal 40 until the first resident certificate card verification security control device 20 reads the resident certificate card information stored by the resident card, so that the resident identification card reading device 10 acquires the resident identification card information.
In specific implementation, in order to ensure that the resident identification card information can be safely read from the resident identification card, in the card searching process and the card selecting process, identity authentication is performed for a plurality of times between the resident identification card reading device 10 and the first resident identification card verification safety control device 20. Specifically, in an optional implementation of the embodiment of the present invention, the first processing module 102 is further configured to obtain first authentication data, and carry the first authentication data in the card searching request, so that the first residential quarter card verification security control device 20 performs identity authentication on the residential quarter card reading device 10 by using the first authentication data, after the identity authentication passes, the first residential quarter card verification security control device 20 will return a card searching response to the residential quarter card reading device 10, that is, the second transceiving module 103 can receive the card searching response, so that the first residential quarter card verification security control device 20 confirms that the identity of the residential quarter card reading device 10 is legal in the card searching process.
In an optional implementation of the embodiment of the present invention, the card-searching response at least carries second identity authentication data; the first processing module 101 obtains the card-searching response data by: and authenticating the identity of the first resident certificate card verification safety control device 20 according to the second identity authentication data, and acquiring the card searching response data under the condition that the authentication is passed, so as to trigger the second transceiver module 103 to send the card searching confirmation data to the first resident certificate card verification safety control device 20 through the terminal 40 and the server 30, so that the resident certificate card reading device 10 confirms that the identity of the first resident certificate card verification safety control device 20 is legal in the card searching process.
In an optional implementation of the embodiment of the present invention, the first processing module 102 is further configured to, before the second transceiver module 103 sends the card selection request to the first residential certificate card verifying security control device 20 through the terminal 40 and the server 30, obtain third authentication data, carry the third authentication data in the card selection request, so that the first resident certificate card authentication security control device 20 authenticates the resident certificate card reading device 10 using the third authentication data, after the authentication is passed, the first resident identification card verification security control device 20 returns a card selection response to the resident identification card reading means 10, that is, the second transceiving module 103 can receive the card selection response, so that the first resident identification card verification security control device 20 confirms that the identity of the resident identification card reading apparatus 10 is legal in the card selection process.
In an optional implementation of the embodiment of the present invention, the card selection request response at least carries fourth identity authentication data; the first processing module 102 obtains the card selection request response data by: and authenticating the identity of the first resident certificate card verification safety control device 20 according to the fourth identity authentication data, acquiring the card selection request response data when the identity is authenticated, and further triggering the second transceiver module 103 to send the card selection confirmation data to the first resident certificate card verification safety control device 20 through the terminal 40 and the server 30, so that the resident certificate card reading device 10 confirms that the identity of the first resident certificate card verification safety control device 20 is legal in the card selection process.
In an optional implementation of the embodiment of the present invention, the first processing module 102 is further configured to, before the second transceiver module 103 sends the card reading request to the first resident certificate card verifying security control device 20 through the terminal 40 and the server 30, acquire fifth authentication data, and carry the fifth authentication data in the card reading request, so that the first resident certificate card verifying security control device 20 confirms that the identity of the certificate resident card reading apparatus 10 is legal in the card reading process.
In the embodiment, the identity of the first resident identification card verification security control device 20 and the identity of the resident identification card reading device 10 are both legal through authentication in the card searching process and the card selecting process, so that the information stored in the resident identification card can be safely read.
In this embodiment, in order to ensure the transmission security, in the process of reading the resident identification card information by the first resident identification card verification security control device, the resident identification card reading apparatus 10 and the first resident identification card verification security control device 20 may encrypt and decrypt the transmitted and received data, and in an alternative embodiment, as shown in fig. 3, the resident identification card reading apparatus 10 further includes: the key negotiation module 105 is configured to negotiate with the first resident certificate card authentication security control device 20 to obtain a session key before the second transceiver module 103 sends the card reading request to the first resident certificate card authentication security control device 20 through the terminal 40 and the server 30; specifically, the second transceiving module 103 transmits the first interaction information to the first resident identification card verification security control device 20 by: the second transceiving module 103 encrypts the first interaction information by using the session key to obtain a first interaction information ciphertext, and sends the first interaction information ciphertext to the first resident certificate card verification security control device 20 through the terminal 40 and the server 30; the second transceiving module 103 receives the second interaction information sent by the first resident identification card verification security control device 20 and the resident identification card information sent by the first resident identification card verification security control device 20 after reading the resident identification card information stored in the resident identification card: the second transceiving module 103 decrypts a second interaction information ciphertext, which is received through the terminal 40 and the server 30 and sent by the first resident certificate card verification security control device 20, by using the session key to obtain second interaction information; and the second transceiving module 103 decrypts the resident certificate card information ciphertext sent by the first resident certificate card verification security control device 20 received through the terminal 40 and the server 30 by using the session key to obtain the resident certificate card information. Therefore, the safety of information transmission in the process of reading the resident certificate card information by the first resident certificate card verification safety control device can be ensured.
In an alternative embodiment of the present invention, as shown in fig. 3, the resident identification card reading device 10 may further include: and the storage module 106 is connected with the second transceiver module 103 and is used for storing the resident certificate card information received by the second transceiver module 103. The resident identification card reading device 10 can also store the received resident identification card information, so that the resident identification card information can be directly acquired from the resident identification card reading device when the resident identification card information needs to be presented later, and a user does not need to carry the resident identification card, thereby providing great convenience for the user.
In a specific implementation process, the resident identification card reading apparatus 10 may further include a prompting module 104, where the prompting module 104 is configured to prompt a user to know information (for example, prompt received resident identification card information) in the process of acquiring the resident identification card information, and specifically may be a display screen or a voice playing device.
The resident certificate card reading device provided by the embodiment of the invention is independent of the first resident certificate card verification safety control device 20, can perform information interaction with the first resident certificate card verification safety control device 20, can also be used as a bridge for performing information interaction with the first resident certificate card verification safety control device 20 by using a terminal and a server, and is structurally separated from the first resident certificate card verification safety control device (SAM module). In practical application, a plurality of resident certificate card reading devices can be arranged, and each resident certificate card reading device can be connected with the first resident certificate card verification safety control device 20 through a server and a terminal, so that the utilization rate of the first resident certificate card verification safety control device 20 can be improved. In practical application, a plurality of resident certificate card verification safety control devices can be set, the server 30 selects the first resident certificate card verification safety control device 20 first, and then is connected with the first resident certificate card verification safety control device 20 through the terminal, the server and the terminal transmit data between the resident certificate card reading device 10 and the first resident certificate card verification safety control device 20, the reading speed of each resident certificate card reading device can be ensured while the utilization rate of the first resident certificate card verification safety control device 20 is ensured to be improved, and the waiting time of each resident certificate card reading device is not too long when a plurality of resident certificate card reading devices wait to be connected to the first resident certificate card verification safety control device 20.
Example 3
The embodiment provides a method for reading information of a resident identification card corresponding to the system and the resident identification card reading device provided in the embodiments 1 and 2. Fig. 4 is a flowchart of a method for reading information of a resident identification card according to embodiment 3 of the present invention, as shown in fig. 4, including the following steps S101 to S137:
s101, the terminal sends an operation request to a resident certificate card reading device;
the terminal in this embodiment is a device capable of communicating and sending an instruction, such as a PC, a PAD (tablet computer), a smart phone, a smart wearable device, and an electronic signature device (e.g., a U shield of a work bank, a K bank of a farming bank, etc.).
In the specific implementation process, the terminal and the resident certificate card reading device can be connected through a wired connection (for example, a USB interface, a serial port, an audio interface and the like) or a wireless connection (for example, WIFI, Bluetooth, infrared, NFC and the like).
In this embodiment, the resident identification card may include identification cards such as a resident identification card, a driver's license, and a student's license, when a user needs to read the resident identification card information stored in the resident identification card, an operation request is sent to the resident identification card reading device through the terminal, and the resident identification card reading device is awakened, for example, the resident identification card reading device is turned on from shutdown, or enters a working state from a sleep state, so that the resident identification card reading device starts a periodic broadcast card searching instruction, and then a process of detecting the resident identification card (searching and selecting the card) is started, so as to further read the resident identification card information stored in the resident identification card. For example, a user can input an operation instruction to the terminal through a certain key in the terminal, and the terminal responds to the operation instruction input by the user and sends an operation request to the resident certificate card reading device.
S102, periodically broadcasting a card searching instruction by the resident certificate card reading device;
the resident certificate card reading device can search nearby cards by broadcasting a card searching command outwards, and when a plurality of cards exist nearby the resident certificate card reading device, the resident certificate card reading device can search the cards.
S103, the resident certificate card reading device receives a response message returned by the resident certificate card;
after the resident certificate card detects the card searching command, a response message is returned to the resident certificate card reading device, so that the resident certificate card reading device can identify and detect the resident certificate card. In this embodiment, the resident certificate card may include a resident identification card, a driver's license, a student's license, and the like.
S104, the resident certificate card reading device judges that the response message is card searching confirmation data aiming at the card searching instruction;
s105, the resident certificate card reading device stops broadcasting the card searching command and sends a card searching request to the terminal;
s106, the terminal receives the card searching request and sends the card searching request to the server through the network;
s107, the server receives the card searching request and sends the card searching request to the first resident certificate card verification safety control device;
in this embodiment, the resident identification card reading device sends a card searching command to the outside at intervals, after receiving the card searching command, the resident identification card sends card searching confirmation data to the resident identification card reading device, and after receiving the card searching confirmation data sent by the resident identification card, the resident identification card reading device sends a card searching request to the first resident identification card verification security control device through the terminal and the server.
After confirming that the response message returned by the resident certificate card is the confirmation data aiming at the card searching instruction, the resident certificate card reading device indicates that the card searching of the resident certificate card reading device is successful, the card searching instruction does not need to be broadcasted, the subsequent process can be carried out aiming at the searched card, namely, the card searching request is sent to the first resident certificate card verification safety control device through the terminal and the server, and therefore, the card searching process of the first resident certificate card verification safety control device is triggered. The resident identification card reading device 10 may be connected to the terminal in a wired manner (e.g., wired network manner such as internet, lan) or a wireless manner (e.g., wireless network manner such as WIFI, 3G, 4G), the terminal may also be connected to the server in a wired or wireless manner, and the server may also be connected to the first resident identification card security verification control device in a wired or wireless manner.
In this embodiment, in order to ensure that the information of the resident identification card is read out safely, in the card searching process, mutual authentication can be performed between the resident identification card reading device and the first resident identification card verification safety control device, the authentication is passed, as an optional implementation manner in this embodiment, the card-searching request at least carries the first identity authentication data, so that after the first resident identification card verification security control device receives the card-searching request, the first identity authentication data can be used for authenticating the identity of the resident certificate card reading device, and only after the identity authentication is passed, the first resident identification card authentication security control device returns a card search response to the resident identification card reading means (i.e. step S108), so that the first resident certificate card verification safety control equipment confirms that the identity of the resident certificate card reading device is legal in the card searching process.
For example, after receiving card-searching confirmation data sent by the resident certificate card, the resident certificate card reading device encrypts the card-searching request data by using the first authentication encryption key to obtain a card-searching request data ciphertext, and signs the card-searching request data ciphertext by using a private key of the resident certificate card reading device to obtain a card-searching request signature value; the first identity authentication data can comprise a card searching request data ciphertext, a card searching request signature value and a certificate of the resident certificate card reading device, so that the first resident certificate card authentication security control device can conveniently perform authentication. The first authentication encryption key is used for encrypting the card searching request data and then transmitting the encrypted data to the first resident certificate card verification safety control equipment, so that the safety of the card searching request data in network transmission can be ensured.
As an optional implementation manner of this embodiment, the card-searching request data may include a timestamp and/or single authentication data, and the card-searching request may further include an identifier of the resident certificate card reading device. Wherein the single authentication data includes a count value and/or a random factor generated by a counter in the resident certificate card reading device. When the single authentication data is the count value generated by the counter, the counter generates a count value for counting the sent first data packet each time the resident certificate card reading device performs the resident certificate card information reading operation, for example, when the resident certificate card reading device reads the resident certificate card a, the counter generates a count value 1, and when the resident certificate card B is read next time, the counter generates a count value 2, and so on, although the specific count value form is not limited thereto; when the single authentication data is a random factor, the random factor may be one or a string of random numbers, or may be one or a string of random characters, or any combination of a string of random numbers and random characters; the identification of the resident identification card reading device can be a serial number of the resident identification card reading device, and of course, the identification of the resident identification card reading device is not limited to the serial number of the resident identification card reading device as long as the identification can uniquely represent the resident identification card reading device.
As an optional implementation manner of this embodiment, the certificate of the resident certificate card reading device at least includes a public key of the resident certificate card reading device. The private key of the resident certificate card reading device used in this step and the public key in the certificate of the resident certificate card reading device used in steps S108 and S113 are a pair of asymmetric key pairs, and are respectively used for signing and verifying the data transmitted from the resident certificate card reading device to the first resident certificate card verification security control device.
In addition, the resident certificate card information stored in the resident certificate card is encrypted and transmitted, and due to the particularity of the resident certificate card, the resident certificate card information stored in the resident certificate card can be decrypted only by the resident certificate card verification safety control device. In a specific implementation process, the resident certificate card reading device may set, in the card searching request, a content to be decrypted by the first resident certificate card verification security control device, for example, the first resident certificate card verification security control device may be set to read only basic information (for example, name, gender, birth year and month, and the like) stored in the resident certificate card, the first resident certificate card verification security control device may also be set to read basic information + photo stored in the resident certificate card, the first resident card verification security control device may also be set to read basic information + photo + fingerprint information and the like stored in the resident certificate card, and the setting may be specifically performed as required. In a specific implementation process, the setting can be performed by a user on the resident certificate card reading device, after the setting is completed, the setting is sent to the resident certificate card reading device through an operation request, and according to the setting of the user, the resident certificate card reading device sends the setting information to the first resident certificate card verification safety control device when sending the card searching request, or the card searching request can carry the setting information.
Furthermore, in an optional implementation of the embodiment of the present invention, the resident identification card reading apparatus may be connected to the plurality of resident identification card verification security control devices through the terminal and the server, and in step S107, the sending, by the server, the card searching request to the first resident identification card verification security control device includes: the server selects a first resident certificate card verification safety control device from the plurality of resident certificate card verification safety control devices, and sends a card searching request to the selected first resident certificate card verification safety control device. Therefore, in the subsequent communication process, the server directly sends the related request and the interactive information to the selected first resident certificate card verification safety control equipment.
In practical application, also can set up a plurality of resident's certificate card and verify safety control device, the first resident's certificate card of server electing earlier verifies safety control device, then verify safety control device with first resident's certificate card and be connected, the terminal transmits the mutual data between resident's certificate card reading device and the first resident's certificate card verification safety control device with the server, when guaranteeing to improve the utilization ratio that first resident's certificate card verified safety control device, also can guarantee every resident's certificate card reading device's reading speed, be unlikely to when a plurality of resident's certificate card reading device wait to be connected to first resident's card verification safety control device, the latency overlength of every resident's certificate card reading device.
In this alternative embodiment, the way in which the server selects the first resident certificate card verification security control device from the plurality of resident certificate card verification security control devices includes, but is not limited to, one of:
selecting resident certificate card safety verification control equipment corresponding to the resident certificate card reading device from a prestored corresponding relation as first resident certificate card safety verification control equipment, wherein one or more resident certificate card reading devices corresponding to each resident certificate card safety verification control equipment in a plurality of resident certificate card safety verification control equipment are recorded in the corresponding relation;
in practical application, as an optional implementation scheme, the server is connected with a plurality of resident certificate card verification safety control devices, and can pre-store the corresponding relation between the resident certificate card reading device and each resident certificate card verification safety control device; as a preferred scheme, when receiving an operation request sent by a resident certificate card reading device for the first time, the server may select, according to the correspondence, a first resident certificate card verification security control device corresponding to the resident certificate card reading device from among the plurality of resident certificate card verification security control devices, and correspondingly, initiate a card search request to the first resident certificate card verification security control device, and establish a connection with the first resident certificate card verification security control device. Through the optional implementation scheme, the step of selecting the first resident certificate card verification safety control device is only carried out when the operation request (card searching request) sent by the resident certificate card reading device is received for the first time, and the step of selecting the first resident certificate card verification safety control device is not carried out when the operation request is received subsequently, so that the connection speed of the resident certificate card reading device and the first resident certificate card verification safety control device can be greatly improved. Of course, the above-described step of selecting the first resident certificate card verification security control device may be performed each time an operation request (a card search request, a card selection request, a card reading request) transmitted from the resident certificate card reading apparatus is received. Through the optional implementation scheme, under the scene that a plurality of resident certificate card verification safety control devices exist, the server can self-select the first resident certificate card verification safety control device, and the system manageability is improved.
And selecting the resident certificate card verification safety control equipment with the idle current working state as the first resident certificate card verification safety control equipment.
In practical application, as an optional implementation scheme, the server may further record a working state of each resident certificate card verification safety control device in the plurality of resident certificate card verification safety control devices connected thereto, before sending the card reading request or the card detection request, the server may select, according to the working state of each resident certificate card verification safety control device, the resident certificate card verification safety control device whose current working state is idle as the first resident certificate card verification safety control device, and mark the working state of the first resident certificate card verification safety control device as non-idle. Through the optional implementation scheme, the situation that one resident certificate card verification safety control device receives information of a plurality of resident certificate card reading devices at the same time to cause efficiency reduction can be avoided.
In an optional implementation of the embodiment of the present invention, in order to quickly release the unused resident identification card verification security control device, the server may further mark the operating state of the first resident identification card verification security control device as idle after the communication between the resident identification card reading device and the first resident identification card verification security control device is ended.
S108, the first resident certificate card verification safety control device receives the card searching request and sends a card searching response to the server, wherein the card searching response carries card searching response data;
based on the first identity authentication data carried in the card search request in step S107, in this step, as an optional implementation manner, before the first residential certificate card verification security control device sends the card search response to the server, the method provided in this embodiment further includes: and the first resident certificate card verification safety control equipment authenticates the identity of the resident certificate card reading device according to the first identity authentication data carried in the card searching request, and executes the step of sending the card searching response to the resident certificate card reading device under the condition that the authentication is passed.
In step S107, for example, the first resident identification card verification security control device authenticates the identity of the resident identification card reading device, which may be as follows: the first resident certificate card verification safety control device receives the card searching request, utilizes a public key in a certificate of the resident certificate card reading device to perform signature verification on the card searching request signature value, and utilizes a first authentication decryption key to decrypt the card searching request data ciphertext after the signature verification on the card searching request signature value is passed, so that the card searching request data are obtained. Therefore, when the signature verification is passed, the first resident certificate card verification safety control device confirms that the identity of the resident certificate card reading device is legal, and the first resident certificate card verification safety control device executes the step of sending the card searching response to the server.
As an optional implementation manner of this embodiment, after receiving the card searching request, the first device for controlling verification of the resident identification card verifies the received certificate of the resident identification card reading device by using the root certificate, so as to prevent an illegal party from tampering with the public key in the certificate of the resident identification card reading device, thereby implementing security authentication on the resident identification card reading device, and improving the security of interaction between the two parties.
In this embodiment, the first authentication decryption key is the same key as the first authentication encryption key in step 107, that is, a symmetric key, and is pre-embedded in the first resident certificate card verification security control device and the resident certificate card reading device, the resident certificate card reading device encrypts, by using the symmetric key, data that is first sent to the first resident certificate card verification security control device by the resident certificate card reading device, and the first resident certificate card verification security control device decrypts, by using the symmetric key, data that is first received by the first resident certificate card verification security control device and sent by the resident certificate card reading device, thereby ensuring security of data first transmission between the resident certificate card reading device and the first resident certificate card verification security control device. Optionally, the first authentication encryption key and the first authentication decryption key are stored in a key database, and the first resident identification card verification security control device may read the first authentication decryption key from the key database and store the first authentication encryption key and the first authentication decryption key locally in the first resident identification card verification security control device. The resident identification card reading device can also read the first authentication encryption key from the key database and store the first authentication encryption key locally in the resident identification card reading device.
In order to realize the identity authentication of the resident certificate card reading device on the first resident certificate card verification safety control device in the card searching process, as an optional implementation manner, the card searching response at least carries second identity authentication data, so that the resident certificate card reading device can authenticate the identity of the first resident certificate card verification safety control device by using the second identity authentication data after receiving the card searching response, and only after the authentication is passed, the resident certificate card reading device can obtain the card searching response data, and then returns the card searching confirmation data to the first resident certificate card verification safety control device through the terminal and the server (i.e., steps S112-S114), so that the resident card reading device confirms that the identity of the first resident certificate card verification safety control device is legal in the card searching process.
For example, after the first resident certificate card verification security control device receives a card searching request sent by the resident certificate card reading device and passes the identity authentication of the resident certificate card reading device, the first authentication encryption key is used for encrypting the card searching response data to obtain a card searching response data ciphertext, and a private key of the first resident certificate card verification security control device is used for signing the card searching response data ciphertext to obtain a card searching response signature value; the second identity authentication data can comprise a card searching response data ciphertext, a card searching response signature value and a certificate of the first resident certificate card verification security control device. The first authentication encryption key is used for encrypting the card searching response data and then transmitting the encrypted card searching response data to the resident certificate card reading device, so that the safety of the card searching response data in network transmission can be ensured, and the first resident certificate card verification safety control equipment uses a private key stored by the first resident certificate card verification safety control equipment to sign the card searching request response ciphertext, so that illegal molecules can be prevented from tampering the card searching response ciphertext. As an optional implementation manner of this embodiment, the card-seeking response data may include a timestamp and/or single-time authentication data, and the specific description of the single-time authentication data may refer to the description of the single-time authentication data in the card-seeking request data in step S105, which is not described herein again. The certificate of the first resident certificate card verification safety control device comprises a public key of the first resident certificate card verification safety control device, and a private key of the first resident certificate card verification safety control device and the public key of the first resident certificate card verification safety control device are a pair of asymmetric key pairs which are used for signing and verifying data transmitted from the first resident certificate card verification safety control device to the resident certificate card reading device.
S109, the server receives the card searching response and sends the card searching response to the terminal through the network;
s110, the terminal receives the card searching response and sends the card searching response to the resident certificate card reading device;
s111, the resident certificate card reading device receives a card searching response sent by the first resident certificate card verification safety control device through the server, and card searching response data are obtained;
based on the second identity authentication data carried in the card search response in step S108, in this step, as an optional implementation manner, before the resident certificate card reading device receives, through the terminal and the server, the card search response sent by the first resident certificate card verification security control device, and acquires the card search response data, the method provided in this embodiment further includes: and the resident certificate card reading device authenticates the identity of the first resident certificate card verification safety control device according to the second identity authentication data, and executes the step of acquiring the card searching response data under the condition that the authentication is passed.
In step S108, for example, the identity of the first resident identification card verification security control device is authenticated by the resident identification card reading device, which may be as follows: and the resident certificate card reading device receives the card searching response, verifies the signature of the card searching response signature value by using a certificate of the first resident certificate card verification safety control device, and decrypts the card searching response data ciphertext by using the first authentication decryption key after the card searching response signature value is verified to pass, so that the card searching response data is obtained. Therefore, if the signature verification is passed, the resident identification card reading device confirms that the identity of the first resident identification card verification safety control device is legal, the resident identification card reading device executes the operation of acquiring the card searching response data, and further executes the steps of sending the card searching confirmation data to the first resident identification card verification safety control device through the terminal and the server (S112-S114).
As an optional implementation manner of this embodiment, after receiving the card-seeking response, the resident certificate card reading device verifies the received certificate of the first resident certificate card verification security control device by using the root certificate, so as to prevent an illegal party from tampering with the public key in the certificate of the first resident certificate card verification security control device, implement security authentication on the first resident certificate card verification security control device, and improve the security of interaction between the two parties.
In this step, the first authentication decryption key is the same key as the first authentication encryption key in step S108, that is, a symmetric key, and is previously built in the first resident identification card verification security control device and the resident identification card reading device, the same key as the symmetric key in step S107 and step S108 may be used, or a symmetric key separately provided may be used, and may be stored locally in both devices, or may be stored in a key database, and is acquired from the key database when necessary.
S112, the resident certificate card reading device determines the card searching response data as response data responding to the card searching request, and sends the card searching confirmation data to the terminal;
s113, the terminal receives the card searching confirmation data and sends the card searching confirmation data to a server;
s114, the server receives the card searching confirmation data and sends the card searching confirmation data to first resident certificate card safety verification control equipment;
therefore, the resident certificate card reading device completes the card searching process (steps S101-S114), mutual authentication between the resident certificate card reading device and the first resident certificate card verification safety control device is completed in the card searching process, the two devices in the card searching process are guaranteed to be legal devices, the subsequent process can be entered only after the authentication of the two devices is passed, and the resident certificate card can be identified by the first resident certificate card verification safety control device in the card searching process. And entering a card selecting process after the card searching process is finished, and confirming which resident certificate card is read by the first resident certificate card verification safety control equipment in the card selecting process. As an optional implementation manner of this embodiment, after step S114, the following implementation steps of the card selection process are further included (steps S115 to S126):
s115, the resident certificate card reading device sends a card selection instruction to the resident certificate card;
s116: the resident certificate card reading device receives card selection confirmation data sent by the resident certificate card, wherein the card selection confirmation data at least comprises unique identification information of the resident certificate card;
the unique identification information of the resident certificate card can uniquely identify the identity of the resident, for example, the unique identification information can be a resident certificate card number, a driver's license number, a student number and the like, and can also be a resident photo, a fingerprint and the like. The card selection confirmation data resident certificate card reading device confirms that only the communication with the resident certificate card is carried out, namely, only the resident certificate card is selected, and the communication with other nearby cards is not carried out.
S117: the resident certificate card reading device sends a card selection request to the terminal;
s118: the terminal receives the card selection request and sends the card selection request to the server through the network;
s119: the server receives the card selection request and sends the card selection request to the first resident certificate card security verification control equipment;
in this embodiment, in order to ensure that the information of the resident identification card is read out safely, in the card selecting process, mutual authentication can be performed again between the resident identification card reading device and the first resident identification card verification security control device, and if the authentication is passed, it indicates that the identity is legal, and the subsequent process is allowed to be performed. As an optional implementation manner in this embodiment, the card selection request carries third identity authentication data, so that after the first residential certificate card verification security control device receives the card selection request, the third identity authentication data can be used to authenticate the identity of the residential certificate card reading device, and only after the authentication is passed, the first residential certificate card verification security control device returns a card selection request response to the residential certificate card reading device (i.e., steps S121 to S123), so that the first residential certificate card verification security control device confirms that the identity of the residential certificate card reading device is legal in the card selection process.
For example, the resident certificate card reading device may encrypt the card selection request data by using the second authentication encryption key after receiving the card selection confirmation data sent by the resident certificate card to obtain a card selection request data cipher text, and sign the card selection request data cipher text by using a private key of the resident certificate card reading device to obtain a card selection request signature value; the third identity authentication data may include a card selection request data cipher text and a card selection request signature value so as to facilitate the verification of the first resident certificate card verification security control device. The second authentication encryption key in this step may be the same key as the first authentication encryption key in step S107, or may be a different key, and the security of the card selection request data in network transmission may be ensured by encrypting the card selection request data with the second authentication encryption key and transmitting the encrypted card selection request data to the first resident certificate card verification security control device. As an optional implementation manner of this embodiment, the card selection request data may include a timestamp and/or single authentication data, which is similar to the content of the card searching request data in step S107, and is not described herein again.
S120, the first resident certificate card verification safety control equipment receives a card selection request and sends a card selection request response to the server, wherein the card selection request response carries card selection request response data;
based on the third authentication data carried in the card selection request in step S119, in this step, as an optional implementation manner, after the first residential certificate card verification security control device receives the card selection request, before sending a card selection request response to the server, the method provided in this embodiment further includes: and the first resident certificate card verification safety control equipment authenticates the identity of the resident certificate card reading device according to third identity authentication data carried in the card selection request, and under the condition that the identity passes the authentication, the step of sending a card selection request response to the resident certificate card reading device through the terminal and the server is executed.
In step S119, for example, the first resident identification card verification security control device authenticates the identity of the resident identification card reading device, which may be as follows: the first resident certificate card verification safety control device receives the card selection request, utilizes the certificate of the resident certificate card reading device to perform signature verification on the card selection request signature value, and utilizes the second authentication decryption key to decrypt the card selection request data ciphertext after the signature verification on the card selection request signature value is passed, so that the card selection request data are obtained. Therefore, the first resident certificate card verification safety control device confirms that the identity of the resident certificate card reading device is legal after the signature verification is passed, and the first resident certificate card verification safety control device executes the step of sending a card selection response to the server.
In this embodiment, the second authentication decryption key is the same key as the second authentication encryption key in step S119, that is, a symmetric key, and the second authentication encryption key and the second authentication decryption key may be embedded in the first resident identification card verification security control device and the resident identification card reading apparatus in advance, or may be stored in the key database and acquired from the key database when necessary.
In order to realize the identity authentication of the resident certificate card reading device on the first resident certificate card verification security control device in the card selection process, as an optional implementation manner, the card selection request response at least carries fourth identity authentication data, so that the resident certificate card reading device can authenticate the identity of the first resident certificate card verification security control device by using the fourth identity authentication data after receiving the card selection request response, and only after the authentication is passed, the certificate card reading device can return card selection confirmation data to the first resident certificate card verification security control device (i.e., steps S124-S126), so that the resident certificate card reading device confirms that the identity of the first resident certificate card verification security control device is legal in the card selection process.
For example, after the first resident certificate card verification security control device receives a card selection request sent by the resident certificate card reading device through the terminal and the server and passes the identity authentication of the resident certificate card reading device, the first resident certificate card verification security control device encrypts the card selection request response data by using the second authentication encryption key to obtain a card selection request response data cipher text, and signs the card selection request response data cipher text by using the private key of the first resident certificate card verification security control device to obtain a card selection request response signature value; the fourth authentication data may include: the card selection request response data ciphertext and the card selection request response signature value; the first resident certificate card verification security control equipment signs the card selection request response ciphertext by using a private key stored by the first resident certificate card verification security control equipment, so that the card selection response ciphertext can be prevented from being tampered by illegal molecules. As an optional implementation manner of this embodiment, the card-selection response data may include a timestamp and/or single-time authentication data, and the specific description of the single-time authentication data may refer to the description of the single-time authentication data in the card-searching request data in step S107, which is not described herein again.
S121, the server receives the card selection request response and sends the card selection request response to the terminal;
s122, the terminal receives the card selection request response and sends the card selection request response to the resident certificate card reading device;
s123, the resident certificate card reading device receives a card selection request response sent by the server, and card selection request response data are obtained;
based on the fourth authentication data carried in the card request response in step S120, in this step, as an optional implementation manner, after the resident identification card reading device receives the card selection request response sent by the first resident identification card verification security control device through the server, before acquiring the card selection request response data, the method provided in this embodiment further includes: and the resident certificate card reading device authenticates the identity of the first resident certificate card verification safety control device according to the fourth identity authentication data, and executes the step of acquiring card selection request response data under the condition that the authentication is passed.
In step S120, for example, the identity of the first resident identification card verification security control device is authenticated by the resident identification card reading device, which may be as follows: the resident certificate card reading device verifies the received card selection request response signature value by using a certificate of the first resident certificate card verification safety control device, and decrypts the received card selection request response data cipher text by using a second authentication decryption password after the verification of the card selection request response signature value is passed, so as to obtain card selection request response data. Therefore, if the signature verification is passed, the resident identification card reading device confirms that the identity of the first resident identification card verification security control device is legal, and the resident identification card reading device performs the operation of acquiring card selection response data, and further performs the steps of sending the card selection confirmation data to the first resident identification card verification security control device through the terminal and the server (S124-S126).
In this step, the second authentication decryption key is the same key as the second authentication encryption key in step S120, that is, a symmetric key, and is previously built in the first resident identification card verification security control device and the resident identification card reading device, the same key as the symmetric key in step S119 and step S120 may be used, or a symmetric key separately provided may be used, and may be stored locally in both devices, or may be stored in a key database, and is acquired from the key database when necessary.
S124, the resident certificate card reading device determines that the card selection request response data is response data aiming at the card selection request, and sends the card selection confirmation data to the terminal;
s125, the terminal receives the card selection confirmation data and sends the card selection confirmation data to a server;
s126, the server receives the card selection confirmation data and sends the card selection confirmation data to the first resident certificate card safety verification control device;
therefore, the resident certificate card reading device completes the card selecting process, mutual authentication between the resident certificate card reading device and the first resident certificate card verification safety control device is completed in the card selecting process, two devices in the card selecting process are legal devices, and only after the authentication of both sides is passed, the subsequent process can be entered. And entering a card reading process after the card selecting process is finished, and reading the plaintext of the resident certificate card information from the resident certificate card by the first resident certificate card verification safety control device in the card reading process. After step S126, the card reading process is started, specifically including the following steps (steps S127 to S128):
s127, the resident certificate card reading device sends a card reading instruction to the resident certificate card;
s128, the resident certificate card reading device receives card reading confirmation data returned by the resident certificate card;
s129, the resident certificate card reading device sends a card reading request to the terminal, and the card reading request is used for indicating the first resident certificate card verification safety control device to start a process of reading resident certificate card information;
in this embodiment, in order to ensure that the information of the resident certificate card is read out safely, in the card reading process, the first resident certificate card verification safety control device may further perform identity authentication on the resident certificate card reading device again, and if the authentication passes, it indicates that the identity is legal, the card reading request sent by the resident certificate card reading device may be responded, and the certificate card information read out from the resident certificate card is sent to the resident certificate card reading device through the server. As an optional implementation manner in this embodiment, the card reading request at least carries fifth identity authentication data; after the first resident certificate card verification safety control device receives the card reading request, the identity of the resident certificate card reading device can be authenticated by using the fifth identity authentication data, and only after the authentication is passed, the first resident certificate card verification safety control device starts a process of reading the resident certificate card information (namely step S132), so that the first resident certificate card verification safety control device confirms that the identity of the resident certificate card reading device is legal in the card reading process, and the certificate card information in the resident certificate card is ensured to be read out safely.
For example, after receiving the card reading confirmation data sent by the resident certificate card, the resident certificate card reading device encrypts the card reading request data by using the third authentication encryption key to obtain a card reading request data ciphertext, and signs the card reading request data ciphertext by using a private key of the resident certificate card reading device to obtain a card reading request signature value; the fifth identity authentication data can comprise a card reading request data ciphertext and a card reading request signature value so as to facilitate the verification of the first resident certificate card verification security control device. The third authentication encryption key in this step may be the same key as the first authentication encryption key and the second authentication encryption key in step S107 and step S119, or may be a different key, and the card selection request data is encrypted by using the third authentication encryption key and then transmitted to the first resident certificate card verification security control device, so that the security of the card reading request data in network transmission can be ensured. As an optional implementation manner of this embodiment, the card reading request data may include a timestamp and/or single authentication data, which is similar to the content of the card searching request data in step S107, and is not described herein again.
S130, the terminal receives the card reading request and sends the card reading request to the server;
s131, the server receives the card reading request and sends the card reading request to the first resident certificate card verification safety control device;
s132, the first resident certificate card verification safety control equipment receives the card reading request and starts a process of reading resident certificate card information;
based on the fifth authentication data carried in the card reading request in step S130, in this step, as an optional implementation manner, after the first resident certificate card verification security control device receives the card reading request, before starting a process of reading information of the resident certificate card, the method provided in this embodiment further includes: and the first resident certificate card verification safety control equipment authenticates the identity of the resident certificate card reading device according to fifth identity authentication data carried in the card selection request, and starts a flow for reading the resident certificate card information under the condition that the authentication is passed.
In step S130, for example, the first resident identification card verification security control device authenticates the identity of the resident identification card reading device, which may be as follows: the first resident certificate card verification safety control device receives the card reading request, utilizes the certificate of the resident certificate card reading device to perform signature verification on the card reading request signature value, and utilizes the third authentication decryption key to decrypt the card reading request data ciphertext after the card reading request signature value passes the signature verification, so that the card reading request data is obtained. Therefore, if the signature verification is passed, the first resident certificate card verification safety control device confirms that the identity of the resident certificate card reading device is legal, and the first resident certificate card verification safety control device starts to read the resident certificate card information.
In this embodiment, the third authentication decryption key is the same key as the third authentication encryption key in step S130, that is, a symmetric key, and the third authentication encryption key and the third authentication decryption key may be embedded in the first resident identification card verification security control device and the resident identification card reading apparatus in advance, or may be stored in the key database and acquired from the key database when necessary.
S133, the resident certificate card reading device, the terminal and the server transmit interactive information between the first resident certificate card verification safety control device and the resident certificate card in the process that the first resident certificate card verification safety control device reads the resident certificate card information;
s134, the server receives resident certificate card information sent by the first resident certificate card security verification control device after the resident certificate card information stored in the resident certificate card is read;
s135, the server sends the resident certificate card information to the terminal;
s136, the terminal receives the resident certificate card information and sends the resident certificate card information to the resident certificate card reading device;
and S137, the resident certificate card reading device receives the resident certificate card information.
Therefore, the resident certificate card reading device completes the card reading process, and finally obtains resident certificate card information stored in the resident certificate card through interaction with the first resident certificate card verification safety control device.
As an alternative implementation manner, in step S131, before the first resident identification card verification security control device starts the process of reading the resident identification card information, the method provided by this embodiment further includes: the resident certificate card reading device negotiates with first resident certificate card verification safety control equipment through the terminal and the server, and the two parties obtain a session key; the session key may be one or a string of random numbers, or may be one or a string of random characters, or any combination of a string of random numbers and random characters. After the resident identification card reading device and the first resident identification card verification security control device obtain the session key, the method provided by the embodiment further includes: in the subsequent communication process of the resident identification card reading device and the first resident identification card verification safety control device, the resident identification card reading device and the first resident identification card verification safety control device respectively encrypt and decrypt the transmitted and received data by using the session key. Data are encrypted or decrypted through the session key, and the safety of data transmission in the card reading process can be guaranteed. In addition, the session key is used as a randomly generated key and is not easy to be stolen by illegal molecules. Because the session key adopts the form of random numbers, the random numbers adopted by the data transmitted every time are different, and the security of data transmission between the resident certificate card reading device and the first resident certificate card verification security control device can be further improved.
In the specific implementation process, after the first resident certificate card verification safety control device reads resident certificate card information stored in the resident certificate card, the read resident certificate card information is sent to the resident certificate card reading device through the server. At this moment, in order to be convenient for look over resident's certificate card information, can also set up display device on resident's certificate card reading device to show resident's certificate card information, perhaps resident's certificate card reading device can show resident's certificate card information with the help of the display screen of other equipment, if send to resident's certificate card reading device, show by resident's certificate card reading device, perhaps send to display device, show by display device. In addition, when resident's certificate card information is shown for the convenience of follow-up needs, can directly acquire from resident's certificate card reading device, resident's certificate card reading device can also with resident's certificate card information send to behind resident's certificate card reading device and/or the storage device, resident's certificate card reading device and/or storage device save resident's certificate card information, and/or resident's certificate card reading device sends resident's certificate card information to storage device and saves. In addition, the resident certificate card reading device can also store the received resident certificate card information, and certainly, in order to ensure the safety of the resident certificate card information storage, the resident certificate card reading device can also encrypt and store the resident certificate card information.
Therefore, in the method for reading the resident certificate card provided by the embodiment of the invention, the SAM module is removed from the resident certificate card reading device, the resident certificate card reading device can only communicate with the resident certificate card, and the resident certificate card information needs to be read by the resident certificate card verification safety control device which is arranged at the far end and connected with the server, so that the cost of the resident certificate card reading device can be reduced, and when a plurality of resident certificate card reading devices are arranged, the server is only connected with the first resident certificate card verification safety control device, so that the utilization rate of the first resident certificate card verification safety control device can be improved.
Example 4
Taking a resident identification card as an example, the embodiment of the invention provides an optional method for reading the information of the resident identification card. Fig. 5 is a flowchart of a method for reading information of a resident identification card according to the embodiment, and as shown in fig. 5, the method includes the following steps S301 to S336:
s301: the terminal sends an operation request to the resident identification card reading device;
s302: the resident certificate card reading device sends a card searching instruction to the resident identification card;
s303: the resident identification card receives the card searching command and sends card searching confirmation data to the resident identification card reading device;
s304: the resident certificate card reading device encrypts the card searching request data D1 by using the session key to obtain a card searching request data ciphertext D1, and signs the card searching request data ciphertext D1 by using a private key of the resident certificate card reading device to obtain a card searching request signature value SD 1;
s305: the resident certificate card reading device terminal sends a card searching request, the terminal sends the card searching request to the server, and the card searching request comprises a card searching request data ciphertext D1, a card searching request signature value SD1 and a certificate of the resident certificate card reading device;
s306: the server receives a card searching request and sends the card searching request to first resident certificate card verification safety control equipment;
s307: the first resident certificate card verification security control device receives the card searching request, utilizes the certificate of the resident certificate card reading device to perform signature verification on the card searching request signature value SD1, and utilizes the session key to decrypt the card searching request data ciphertext D1 after the card searching request signature value passes the signature verification, so as to obtain card searching request data D1 and generate card searching response data rd 1;
s308: the first resident certificate card verification security control device encrypts the card searching request response data RD1 by using the session key to obtain a card searching request response data ciphertext RD1, and signs the card searching request response data ciphertext RD1 by using a private key of the first resident certificate card verification security control device to obtain a card searching request response signature value SRD 1;
s309: the first resident certificate card verification security control device sends a card searching request response to the server, wherein the card searching request response comprises: the card searching request response data ciphertext RD1, the card searching request response signature value SRD1 and the certificate of the first resident certificate card verification security control device;
s310: the server receives the card searching request response and sends the card searching request response to the terminal, and the terminal sends the card searching request response to the resident certificate card reading device;
and S311, the resident certificate card reading device verifies the received card-searching request response signature value SRD1 by using the certificate of the first resident certificate card verification security control device, decrypts the received card-searching request response data ciphertext RD1 by using the session key after the card-searching request response signature value is verified, and obtains card-searching request response data RD 1.
S312: the resident certificate card reading device sends card searching confirmation data to the terminal, and the terminal sends the card searching confirmation data to the server;
s313: and the server receives the card searching confirmation data and sends the card searching confirmation data to the first resident certificate card verification safety control equipment.
S301-S313, the card searching process is completed, the card selecting process is also included after the card searching process is completed, and the first resident certificate card verification safety control device can confirm which resident certificate card is read through the card selecting process. As an optional implementation manner of this embodiment, after the step S313, the following implementation steps (S314 to S326) of the card selection process are further included:
s314: after the resident certificate card reading device obtains the card searching request response data, a card selecting instruction is sent to the resident identification card;
s315: the resident identification card receives the card selecting instruction and sends card selecting confirmation data to the resident identification card reading device, wherein the card selecting confirmation data at least comprises a serial number of the resident identification card;
s316: the resident certificate card reading device receives the card selection confirmation data, encrypts the card selection request data D2 by using the session key to obtain a card selection request data ciphertext D2, and signs the card selection request data ciphertext by using a private key of the resident certificate card reading device to obtain a card selection request signature value SD 2;
s317: the resident certificate card reading device terminal sends a card selection request, the terminal sends the card selection request to the server, and the card selection request comprises a card selection request data ciphertext D2 and a card selection request signature value SD 2;
s318: the server receives the card selection request and sends the card selection request to first resident certificate card verification safety control equipment;
s319: the first resident certificate card verification security control device receives the card selection request, utilizes the certificate of the resident certificate card reading device to perform signature verification on the card selection request signature value SD2, and utilizes the session key to decrypt the card selection request data ciphertext D2 after the card selection request signature value is subjected to signature verification, so that card selection request data D2 is obtained, and card selection response data rd2 is generated;
s320: the first resident certificate card verification security control device encrypts the card selection request response data RD2 by using the session key to obtain a card selection request response data ciphertext RD2, and signs the card selection request response data ciphertext RD2 by using a private key of the first resident certificate card verification security control device to obtain a card selection request response signature value SRD 2;
s321: the first resident identification card verification security control device sends a card selection request response to the server, wherein the card selection request response comprises: the card selection request response data ciphertext RD2 and the card selection request response signature value SRD 2;
s322: the server receives the card selection request response and sends the card selection request response to the terminal, and the terminal sends the card selection request response to the resident certificate card reading device;
s323: the resident certificate card reading device verifies the received card selection request response signature value SRD2 by using a certificate of the first resident certificate card verification security control device, and decrypts the received card selection request response data ciphertext RD2 by using the session key after the card selection request response signature value is verified, so as to obtain card selection request response data RD 2;
s324: after obtaining the card selection request response data, the resident certificate card reading device encrypts the card selection confirmation data D3 by using the session key to obtain a card selection confirmation data ciphertext D3, signs the card selection confirmation data ciphertext D3 by using a private key of the resident certificate card reading device to obtain a card selection confirmation data signature value SD3, and sends the card selection confirmation data ciphertext D3 and the card selection confirmation data signature value SD3 to the server;
s325: the server receives the card selection confirmation data ciphertext D3 and the card selection confirmation data signature value SD3 and sends the card selection confirmation data ciphertext D3 and the card selection confirmation data signature value SD3 to the terminal, and the terminal sends the card selection confirmation data ciphertext D3 and the card selection confirmation data signature value SD3 to the first resident certificate card verification safety control device;
s326: and after the first resident certificate card verification security control device receives the card selection confirmation data ciphertext D3 and the card selection confirmation data signature value SD3, the certificate of the resident certificate card reading device is used for performing signature verification on the card selection data signature value SD3, and after the card selection data signature value is subjected to signature verification, the session key is used for decrypting the card selection confirmation data ciphertext D3 to obtain card selection confirmation data D3.
In this embodiment, a resident identification card has a security key, different resident identification cards, the corresponding security keys are different, the first resident identification card verifies that the security control device stores the security keys of a plurality of resident identification cards, through S324, the first resident identification card verifies that the security control device obtains card selection confirmation data, wherein the card selection confirmation data includes the serial number of the resident identification card, after the first resident identification card verifies that the security control device obtains the serial number of the resident identification card, the security key corresponding to the resident identification card can be searched according to the serial number of the resident identification card, so that the bidirectional authentication between the resident identification card and the first resident identification card verification security control device can be realized by using the security key subsequently.
After the card selecting process is finished, the card reading process is started, and the card reading process of the resident certificate card reading device comprises the following steps (S327-S336):
s327: the resident certificate card reading device sends a card reading instruction to the resident identification card;
s328: the resident identification card receives the card reading instruction and sends card reading confirmation data to the resident identification card reading device;
s329: the resident certificate card reading device encrypts the card reading request data D4 by using a session key to obtain a card reading request data ciphertext D4, and signs the card reading request data ciphertext D4 by using a private key of the resident certificate card reading device to obtain a card reading request signature value SD4, wherein the card reading request data D4 comprises a ciphertext E1 of identity card information;
s330: the resident certificate card reading device sends a card reading request to the terminal, and the terminal sends the card reading request to the server, wherein the card reading request comprises a card reading request data ciphertext D4 and a card reading request signature value SD 4;
s331: the server receives the card reading request and sends the card reading request to the first resident certificate card verification safety control equipment;
s332: the first resident certificate card verification security control equipment receives the card reading request, utilizes the certificate of the resident certificate card reading device to sign and verify the card reading request signature value SD4, and utilizes the session key to decrypt the card reading request data ciphertext D4 after the card reading request signature value passes the signature verification, so as to obtain the card reading request data D4;
s333: the first resident certificate card verification security control equipment decrypts the identity card information ciphertext E1 in the card reading request data d4 to obtain the plaintext E1 of the identity card information, and encrypts the plaintext E1 of the identity card information by using the session key to obtain a second identity card information ciphertext E2;
s334: the first resident certificate card verification security control device sends a card reading request response to the server, wherein the card reading request response comprises: second identification card information ciphertext E2;
s335: the server receives the card reading request response and sends the card reading request response to the terminal, and the terminal sends the card reading request response to the resident certificate card reading device;
s336: the resident certificate card reading device receives the card reading request response, and decrypts the second identity card information ciphertext E2 by using the session key to obtain the plaintext E1 of the identity card information.
In this embodiment, the resident certificate card reading device is not provided with the verification security control module, the first resident certificate card verification security control device is arranged at a far end, the first resident certificate card verification security control device can decrypt ciphertext data read from the resident certificate card, any user can access the first resident certificate card verification security control device at the far end through a wireless network to read the resident certificate card, the realization cost of the user is greatly reduced, particularly in the industries of banks, stations, insurance and the like needing to execute resident certificate card information reading operation, and only a corresponding number of resident certificate card reading devices without the SAM module need to be deployed.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (22)

1. A method for reading resident certificate card information, comprising:
step 1, a terminal sends a starting operation request to a resident certificate card reading device;
step 2, after the resident certificate card reading device receives the starting operation request sent by the terminal, periodically broadcasting a card searching instruction;
step 3, the resident certificate card reading device receives a response message returned by the resident certificate card;
step 4, the resident certificate card reading device judges that the response message is card searching confirmation data aiming at the card searching instruction;
step 5, the resident certificate card reading device stops broadcasting the card searching instruction, and sends a card searching request to the terminal, wherein the card searching request comprises an identifier, a timestamp and/or single authentication data of the resident certificate card reading device, the single authentication data comprises a count value and/or a random factor generated by a counter of the resident certificate card reading device, if the single authentication data is the count value, the resident certificate card reading device generates a count value every time the resident certificate card reading operation is executed, the card searching request is counted, if the single authentication data is the random factor, the random factor is one or a string of random numbers or random characters, and the identifier of the resident certificate card reading device is the serial number of the terminal; step 6, the terminal receives the card searching request and sends the card searching request to a server through a network;
step 7, the server receives the card searching request and sends the card searching request to first resident certificate card verification safety control equipment;
step 8, the first resident certificate card verification security control equipment receives the card searching request and sends a card searching response to the server, wherein the card searching response carries card searching response data;
step 9, the server receives the card searching response and sends the card searching response to the terminal through a network;
step 10, the terminal receives the card searching response and sends the card searching response to the resident certificate card reading device;
step 11, the resident certificate card reading device receives the card searching response sent by the terminal, and obtains the card searching response data;
step 12, the resident certificate card reading device determines that the card searching response data is response data responding to the card searching request, and sends the card searching confirmation data to the terminal;
step 13, the terminal receives the card searching confirmation data and sends the card searching confirmation data to the server;
step 14, the server receives the card searching confirmation data and sends the card searching confirmation data to the first resident certificate card verification safety control equipment;
step 15, the resident certificate card reading device sends a card selection instruction to the resident certificate card;
step 16, the resident certificate card reading device receives card selection confirmation data sent by the resident certificate card, wherein the card selection confirmation data at least comprises unique identification information of the resident certificate card;
step 17, the resident certificate card reading device sends a card selection request to the terminal;
step 18, the terminal receives the card selection request and sends the card selection request to the server;
step 19, the server receives the card selection request and sends the card selection request to the first resident certificate card verification safety control device;
step 20, the first resident certificate card verification security control equipment receives the card selection request and sends a card selection request response to the server, wherein the card selection request response carries card selection request response data;
step 21, the server receives the card selection request response and sends the card selection request response to the terminal;
step 22, the terminal receives the card selection request response and sends the card selection request response to the resident certificate card reading device;
step 23, the resident certificate card reading device receives a card selection request response sent by the terminal, and obtains card selection request response data;
step 24, the resident certificate card reading device determines that the card selection request response data is response data aiming at the card selection request, and sends the card selection confirmation data to the terminal;
step 25, the terminal receives the card selection confirmation data and sends the card selection confirmation data to the server;
step 26, the server receives the card selection confirmation data and sends the card selection confirmation data to the first resident certificate card verification safety control device;
step 27, the resident certificate card reading device sends a card reading instruction to the resident certificate card;
step 28, the resident certificate card reading device receives the card reading confirmation data returned by the resident certificate card;
step 29, the resident certificate card reading device sends a card reading request to the terminal, wherein the card reading request is used for indicating the first resident certificate card verification safety control equipment to start a process of reading resident certificate card information;
step 30, the terminal receives the card reading request and sends the card reading request to the server;
step 31, the server receives the card reading request and sends the card reading request to the first resident certificate card verification safety control device;
step 32, the first resident certificate card verification safety control equipment receives the card reading request and starts a process of reading resident certificate card information;
step 33, the resident certificate card reading device, the terminal and the server transmit interactive information between the first resident certificate card verification safety control device and the resident certificate card in the process that the first resident certificate card verification safety control device reads the resident certificate card information;
step 34, the server receives the resident certificate card information sent by the first resident certificate card verification security control device after the resident certificate card information stored in the resident certificate card is read;
step 35, the server sends the resident certificate card information to the terminal;
step 36, the terminal receives the resident certificate card information and sends the resident certificate card information to the resident certificate card reading device;
and step 37, the resident identification card reading device receives the resident identification card information.
2. The method according to claim 1, wherein the card-searching request carries at least first identity authentication data;
before the first resident identification card verification security control device sends the card searching response to the server, the method further comprises: and the first resident certificate card verification safety control equipment authenticates the identity of the resident certificate card reading device according to the first identity authentication data carried in the card searching request, and executes the step of sending the card searching response to the server under the condition that the identity is authenticated.
3. The method according to claim 1 or 2, wherein the card-searching response carries at least second identity authentication data;
after the resident certificate card reading device receives the card searching response sent by the terminal and before the card searching response data is acquired, the method further comprises the following steps: and the resident certificate card reading device authenticates the identity of the first resident certificate card verification safety control device according to the second identity authentication data, and executes the step of acquiring the card searching response data under the condition that the authentication is passed.
4. The method according to claim 1 or 2, wherein the card selection request carries third identity authentication data;
before the first resident identification card verification security control device transmits the card selection request response to the server after receiving the card selection request, the method further includes: and the first resident certificate card verification safety control equipment authenticates the identity of the resident certificate card reading device according to third identity authentication data carried in the card selection request, and executes the step of sending the card selection request response to the server under the condition that the authentication is passed.
5. The method according to claim 1 or 2, wherein the card selection request response carries at least fourth identity authentication data;
after the resident certificate card reading device receives the card selection request response sent by the terminal, before the card selection request response data is acquired, the method further comprises the following steps: and authenticating the identity of the first resident certificate card verification safety control device according to the fourth identity authentication data, and under the condition that the authentication is passed, executing the step of acquiring the card selection request response data.
6. The method according to claim 1 or 2, wherein at least fifth identity authentication data is carried in the card reading request;
after the first resident identification card verification security control device receives the card reading request, before the first resident identification card verification security control device starts a process of reading resident identification card information, the method further includes: and the first resident certificate card verification safety control equipment authenticates the identity of the resident certificate card reading device according to the fifth identity authentication data, and executes the step of starting the process of reading the resident certificate card information under the condition that the authentication is passed.
7. The method according to claim 1 or 2,
before the first resident identification card verification security control device starts a process of reading resident identification card information, the method further comprises: the resident certificate card reading device negotiates with the first resident certificate card verification safety control device through the terminal and the server, and the resident certificate card reading device and the first resident certificate card verification safety control device obtain a session key;
after the resident certificate card reading device and the first resident certificate card verification security control device obtain the session key, the method further includes: in the subsequent communication process of the resident identification card reading device and the first resident identification card verification security control device, the resident identification card reading device and the first resident identification card verification security control device use the session key to encrypt the transmitted data and decrypt the received data.
8. The method according to claim 1 or 2, wherein the server sends the card-searching request to the first resident certificate card verification security control device, and comprises the following steps: the server selects a first resident certificate card verification safety control device from a plurality of resident certificate card safety control devices; and the server sends the card searching request to the selected first resident certificate card verification safety control equipment.
9. The method according to claim 8, wherein the server selects the first resident certificate card authentication security control device from a plurality of resident certificate card security control devices, comprising: the server selects resident certificate card safety control equipment corresponding to the terminal from a pre-stored corresponding relation as the first resident certificate card verification safety control equipment, wherein one or more terminals corresponding to each resident certificate card safety control equipment in the plurality of resident certificate card safety control equipment are recorded in the corresponding relation; or the server selects resident certificate card security verification control equipment with the current working state being idle as the first resident certificate card security verification control equipment.
10. The method according to claim 1 or 2, wherein after the resident certificate card reading means receives the resident certificate card information transmitted by the first resident certificate card security verification control device, the method further comprises: sending the resident certificate card information to a storage device for storage; and/or sending the resident certificate card information to a display device for displaying.
11. A resident identification card reading device comprising:
the second transceiver module is used for triggering the first transceiver module to periodically broadcast a card searching instruction after receiving the starting operation request sent by the terminal;
the first transceiving module is used for periodically broadcasting a card searching instruction and receiving a response message returned by the resident certificate card;
a first processing module, configured to determine whether the response message is card-searching confirmation data for the card-searching instruction, and if yes, notify the first transceiver module to stop broadcasting the card-searching instruction, and trigger the second transceiver module to send a card-searching request to the first resident certificate card verification security control device through the terminal and the server, where the card-searching request includes an identifier, a timestamp, and/or single authentication data of the resident certificate card reading device, the single authentication data includes a count value and/or a random factor generated by a counter of the certificate resident card reading device, and if the single authentication data is the count value, the resident card reading device performs an information reading operation of the resident card each time, the counter generates a count value to count the card-searching request, if the single authentication data is the random factor, the random factor is one or a string of random numbers or random characters, and the identification of the resident certificate card reading device is the serial number of the terminal;
the second transceiver module is configured to send a card searching request to the first resident identification card verification security control device through the terminal and the server, and receive a card searching response sent by the first resident identification card verification security control device through the server and the terminal, where the card searching response carries card searching response data;
the first processing module is further configured to obtain the card-searching response data, determine that the card-searching response data is response data in response to the card-searching request, and trigger the second transceiver module to send the card-searching confirmation data to the first resident certificate card verification security control device through the terminal and the server;
the second transceiver module is further configured to send the card searching confirmation data to the first resident certificate card verification security control device through the terminal and the server;
the first transceiver module is further configured to send a card selection instruction to the resident certificate card, and receive card selection confirmation data sent by the resident certificate card, where the card selection confirmation data at least includes unique identification information of the resident certificate card;
the second transceiver module is further configured to send a card selection request to the first resident identification card verification security control device through the terminal and the server, and receive a card selection request response sent by the first resident identification card verification security control device through the server and the terminal, where the card selection request response carries card selection request response data;
the first processing module is further configured to obtain the card selection request response data, determine that the card selection request response data is response data for the card selection request, and trigger the second transceiver module to send the card selection confirmation data to the first resident certificate card verification security control device through the terminal and the server;
the second transceiver module is further configured to send the card selection confirmation data to the first resident certificate card verification security control device through the terminal and the server;
the first transceiver module is further configured to send a card reading instruction to the resident certificate card and receive card reading confirmation data returned by the resident certificate card;
the second transceiving module is further configured to send a card reading request to the first resident certificate card verification security control device through the terminal and the server, where the card reading request is used to instruct the first resident certificate card verification security control device to start a process of reading resident certificate card information;
the first transceiver module is further configured to receive first interaction information sent by the resident certificate card to the resident certificate card verification security control device in a process of reading resident certificate card information by the first resident certificate card verification security control device, and transmit second interaction information sent by the first resident certificate card verification security control device to the resident certificate card;
the second transceiver module is further configured to send the first interaction information to the first resident certificate card verification security control device through the terminal and the server, and receive the second interaction information sent by the first resident certificate card verification security control device through the server and the terminal;
the second transceiver module is also used for receiving the resident certificate card information which is sent by the first resident certificate card verification safety control equipment after the resident certificate card information stored by the resident certificate card is read through the server and the terminal.
12. The apparatus of claim 11, wherein the first processing module is further configured to obtain first authentication data, and carry the first authentication data in the card-searching request.
13. The apparatus according to claim 11 or 12, wherein the card-seeking response carries at least second identity authentication data;
the first processing module obtains the card searching response data in the following way: and authenticating the identity of the first resident certificate card verification safety control equipment according to the second identity authentication data, and acquiring the card searching response data under the condition that the authentication is passed.
14. The apparatus according to claim 11 or 12, wherein the first processing module is further configured to obtain third authentication data before the second transceiver module sends the card selection request to the first residential certificate card verification security control device through the terminal and the server, and carry the third authentication data in the card selection request.
15. The device according to claim 11 or 12, wherein the card selection request response carries at least fourth authentication data;
the first processing module obtains the card selection request response data in the following mode: and authenticating the identity of the first resident certificate card verification safety control equipment according to the fourth identity authentication data, and acquiring the card selection request response data under the condition that the authentication is passed.
16. The apparatus according to claim 11 or 12, wherein the first processing module is further configured to, before the second transceiver module sends a card reading request to the first resident certificate card verification security control device through the terminal and the server, acquire fifth authentication data, and carry the fifth authentication data in the card reading request.
17. The apparatus of claim 11 or 12, further comprising: the key negotiation module is used for negotiating with the first resident certificate card verification security control device through the terminal and the server to obtain a session key before the second transceiver module sends a card reading request to the first resident certificate card verification security control device through the terminal and the server;
the second transceiver module sends the first interactive information to the first resident certificate card verification security control device through the terminal and the server in the following way: the second transceiving module encrypts the first interaction information by adopting the session key to obtain a first interaction information ciphertext, and sends the first interaction information ciphertext to the first resident certificate card verification safety control equipment through the terminal and the server; the second transceiver module passes through the server with the terminal is received first resident's certificate card verifies that the safety control equipment sends the second mutual information and pass through the server with the terminal is received first resident's certificate card verifies that the safety control equipment is reading resident's certificate card information that resident's certificate card storage sent after the resident's certificate card information: the second transceiving module receives a second interactive information ciphertext sent by the first resident certificate card verification safety control device through the server and the terminal, and decrypts the second interactive information ciphertext by adopting the session key to obtain second interactive information; and the second transceiving module receives a resident certificate card information ciphertext sent by the first resident certificate card verification safety control device through the server and the terminal, and decrypts the resident certificate card information ciphertext by adopting the session key to obtain the resident certificate card information.
18. The apparatus of claim 11 or 12, further comprising: the storage module is used for storing the resident certificate card information; and/or the display module is used for displaying the resident certificate card information.
19. A system for reading resident identification card information, comprising: the system comprises a terminal, a server, a resident certificate card reading device and first resident certificate card verification safety control equipment;
the resident identification card reading apparatus comprising the apparatus of any one of the above claims 11 to 18;
the terminal is connected between the resident certificate card reading device and the server, and is used for sending a starting operation request to the resident certificate card reading device and transmitting interactive information between the resident certificate card reading device and the first resident certificate card verification safety control equipment with the server;
the server is connected between the terminal and the first resident certificate card verification safety control device and is used for transmitting information interacted between the resident certificate card reading device and the first resident certificate card verification safety control device with the terminal;
and the first resident certificate card verification safety control equipment is used for receiving a request sent by the resident certificate card reading device through the terminal and the server and executing operation corresponding to the request.
20. The system according to claim 19, wherein said server is further configured to select said first resident certificate card verification security control device from a plurality of resident certificate card security control devices upon receiving a request transmitted for the first time by said resident certificate card reading means through said terminal.
21. The system according to claim 20, wherein said server selects said first resident certificate card verification security control device from a plurality of resident certificate card security control devices by one of: selecting resident certificate card safety control equipment corresponding to the terminal from a pre-stored corresponding relationship as the first resident certificate card verification safety control equipment, wherein one or more terminals corresponding to each resident certificate card safety control equipment in the plurality of resident certificate card safety control equipment are recorded in the corresponding relationship; or, selecting the resident certificate card safety control equipment with the current working state being idle as the first resident certificate card verification safety control equipment.
22. The system of claim 19, further comprising: a storage device and/or a display device;
the resident certificate card reading device is also used for sending the resident certificate card information to the display device;
the display device is also used for displaying the resident certificate card information;
the resident certificate card reading device is also used for sending the resident certificate card information to the storage device;
and the storage device is used for storing the resident certificate card information.
CN201610780394.6A 2016-08-30 2016-08-30 Method and system for reading resident certificate card information and resident certificate card reading device Active CN106375302B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610780394.6A CN106375302B (en) 2016-08-30 2016-08-30 Method and system for reading resident certificate card information and resident certificate card reading device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610780394.6A CN106375302B (en) 2016-08-30 2016-08-30 Method and system for reading resident certificate card information and resident certificate card reading device

Publications (2)

Publication Number Publication Date
CN106375302A CN106375302A (en) 2017-02-01
CN106375302B true CN106375302B (en) 2020-10-30

Family

ID=57899154

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610780394.6A Active CN106375302B (en) 2016-08-30 2016-08-30 Method and system for reading resident certificate card information and resident certificate card reading device

Country Status (1)

Country Link
CN (1) CN106375302B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104517086A (en) * 2014-12-31 2015-04-15 山东信通电子股份有限公司 Identity card information reading method
CN105488367A (en) * 2015-11-19 2016-04-13 李明 SAM apparatus protection method, background and system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7430663B2 (en) * 2004-08-09 2008-09-30 Research In Motion Limited System and method for enabling bulk retrieval of certificates
CN100538721C (en) * 2005-02-04 2009-09-09 高晶 Read the method for second generation control of identity cards number and sequence number with equipment
US8118218B2 (en) * 2006-09-24 2012-02-21 Rich House Global Technology Ltd. Method and apparatus for providing electronic purse
CN101727592A (en) * 2008-10-27 2010-06-09 北京思创银联科技有限公司 One-with-more second-generation ID card verification system and method
CN104636777B (en) * 2015-01-15 2018-03-20 李明 ID card information obtains system
CN104899533B (en) * 2015-05-20 2018-11-27 李明 ID card information acquisition methods, apparatus and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104517086A (en) * 2014-12-31 2015-04-15 山东信通电子股份有限公司 Identity card information reading method
CN105488367A (en) * 2015-11-19 2016-04-13 李明 SAM apparatus protection method, background and system

Also Published As

Publication number Publication date
CN106375302A (en) 2017-02-01

Similar Documents

Publication Publication Date Title
CN105900125B (en) System and method for convenient and secure mobile transactions
CN108551455B (en) Configuration method and device of smart card
CN109150548B (en) Digital certificate signing and signature checking method and system and digital certificate system
CN106357627B (en) Method, system and terminal for reading resident certificate card information
EP3057053A1 (en) Electronic device and method for processing secure information
WO2019129037A1 (en) Equipment authentication method, over-the-air card writing method, and equipment authentication device
CA2573171A1 (en) Host credentials authorization protocol
CN104899532B (en) ID card information acquisition methods, apparatus and system
CN106572427B (en) Method and device for establishing near field communication
EP3319268A1 (en) Identity information authentication method, user terminal, service terminal, authentication server, and service system
US20230192034A1 (en) Method for connecting bluetooth key to vehicle, vehicle bluetooth system, and bluetooth key
CN104899497B (en) Identity card reading device without SAM modules, SAM apparatus and systems
CN106027250A (en) Identity card information safety transmission method and system
CN103236926A (en) Point-to-point-based data transmission system and data transmission method
CN108322310B (en) Card reading login method and security login system by using security equipment
US20200233947A1 (en) System and method for facilitating authentication via a short-range wireless token
CN104899533B (en) ID card information acquisition methods, apparatus and system
CN106372557B (en) Certificate card information acquisition method, device and system
CN104933379A (en) Identity card information acquisition method, device and system
CN106375302B (en) Method and system for reading resident certificate card information and resident certificate card reading device
CN106372547B (en) Method and system for reading resident certificate card information and resident certificate card reading device
CN104899621A (en) Method, apparatus and system for acquiring identify card information
CN107689946B (en) Data communication method and data communication system
CN112041897B (en) Control method, ticketing rule server, ticket checking rule server and device
JP4904180B2 (en) Thin client system, server used therefor, client terminal, security card and data communication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220412

Address after: Tiantianrong building, No. 1, Zhongguancun, Beiqing Road, Haidian District, Beijing 100094

Patentee after: TENDYRON Corp.

Address before: 100086 room 603, building 12, taiyueyuan, Haidian District, Beijing

Patentee before: Li Ming