CN104618115B

CN104618115B - ID card information acquisition methods and system

Info

Publication number: CN104618115B
Application number: CN201510040841.XA
Authority: CN
Inventors: 李明
Original assignee: 李明
Current assignee: Tendyron Corp
Priority date: 2015-01-27
Filing date: 2015-01-27
Publication date: 2018-12-18
Anticipated expiration: 2035-01-27
Also published as: CN104618115A

Abstract

The present invention provides a kind of ID card information acquisition methods and system, wherein, this method comprises: the first preposition terminal, which sends ID card information to electronic signature equipment, reads instruction, the identity storage information saved in electronic signature equipment is read in request, wherein, identity storage information includes: the ID card information in user's resident identification card；First preposition terminal receives the cipher-text information for the identity storage information that electronic signature equipment is sent；The cipher-text information of identity storage information is sent to background server by the first preposition terminal；Cipher-text information is decrypted in background server, obtains ID card information；Obtained ID card information is returned to the first preposition terminal by background server.

Description

ID card information acquisition methods and system

Technical field

The present invention relates to a kind of electronic technology field more particularly to a kind of ID card information acquisition methods and systems.

Background technique

Now when handling every business, business handling people needs to hold resident identification card and handles, and often carries body Part card, be easy to cause the loss of identity card, thus it cannot be guaranteed that the confidentiality and safety of the identity information in identity card.

Summary of the invention

Present invention seek to address that one of above problem.

According to an aspect of the invention, there is provided a kind of ID card information acquisition methods, comprising: the first preposition terminal to Electronic signature equipment sends ID card information and reads instruction, and the identity storage information saved in electronic signature equipment is read in request, Wherein, identity storage information includes: the ID card information in user's resident identification card；First preposition terminal receives electronic signature and sets The cipher-text information for the identity storage information that preparation is sent；The cipher-text information of identity storage information is sent to backstage by the first preposition terminal Server；Cipher-text information is decrypted in background server, obtains ID card information；Background server believes obtained identity card Breath returns to the first preposition terminal.

Optionally, cipher-text information is that electronic signature equipment encrypt to identity storage information using the second encryption key It arrives；Cipher-text information is decrypted, ID card information is obtained, comprising: background server is using corresponding with the second encryption key Cipher-text information is decrypted in second decruption key, obtains ID card information.

Optionally, the first preposition terminal to electronic signature equipment send ID card information read instruction before, method Further include: background server obtains identity and stores information, sends identity storage to electronic signature equipment via the second preposition terminal Information.

Optionally, the first preposition terminal to electronic signature equipment send ID card information read instruction before, method Further include: background server obtains identity and stores information, is encrypted using the first encryption key to identity storage information, and pass through The cipher-text information that encryption obtains is sent to electronic signature equipment by the second preposition terminal；Cipher-text information is decrypted, is obtained ID card information, comprising: background server carries out cipher-text information using the first decruption key corresponding with the first encryption key Decryption, obtains ID card information.

Optionally, the first preposition terminal to electronic signature equipment send ID card information read instruction before, method Further include: background server obtains identity and stores information, is encrypted using the first encryption key to identity storage information, and pass through The encryption data that encryption obtains is sent to electronic signature equipment by the second preposition terminal；Cipher-text information is adopted for electronic signature equipment Encryption data is encrypted to obtain with the second encryption key；Cipher-text information is decrypted, ID card information is obtained, comprising: Background server is decrypted cipher-text information using the second decruption key corresponding with the second encryption key, obtains encryption number According to encryption data is decrypted in recycling the first decruption key corresponding with the first encryption key, obtains ID card information.

Optionally, the data that background server is sent through the second preposition terminal to electronic signature equipment store information except identity Except further include: background server signs ID card information to obtain the first signing messages；Electronic signature equipment is sent to The data of first preposition terminal are in addition to identity card stores information further include: background server sign to ID card information The first signing messages is encrypted using third encryption key to the first signing messages or electronic signature equipment the One signing messages ciphertext；Cipher-text information is decrypted, obtain ID card information later and returns to obtained ID card information Before the first preposition terminal, further includes: background server verifies the first signing messages, and is verified；After alternatively, Platform server is decrypted the first signing messages ciphertext using third decruption key corresponding with third encryption key, to decryption The first obtained signing messages is verified, and is verified.

Optionally, identity stores information further include: background server signs ID card information to obtain the first signature Information；Cipher-text information is decrypted, obtains returning to first after ID card information and by obtained ID card information preposition Before terminal, further includes: the first signing messages that background server obtains signature is verified, and is verified.

Optionally, electronic signature equipment is sent to the data of the first preposition terminal in addition to identity stores information further include: Electronic signature equipment is signed to obtain the second signing messages or the second A.L.S. to ID card information or identity storage information The ciphertext of breath；Cipher-text information is decrypted, ID card information is obtained and returns to first later and by obtained ID card information Before preposition terminal, further includes: background server is verified and is verified to the second signing messages；Alternatively, background service The ciphertext of the second signing messages is decrypted in device, and the second signing messages that decryption obtains is verified and is verified.

According to another aspect of the present invention, a kind of ID card information acquisition system is provided, comprising: the first preposition terminal And background server；Wherein, the first preposition terminal includes: the first sending module, for sending identity card to electronic signature equipment The identity storage information saved in electronic signature equipment is read in information reading instruction, request, wherein identity stores information and includes: ID card information in user's resident identification card；First receiving module, for receiving the identity storage of electronic signature equipment transmission The cipher-text information of information；Second sending module, for the cipher-text information of identity storage information to be sent to background server；From the background Server includes: the second receiving module, for receiving cipher-text information；Encryption/decryption module is obtained for cipher-text information to be decrypted To ID card information；Third sending module, the ID card information for obtaining decryption return to the first preposition terminal.

Optionally, cipher-text information is that electronic signature equipment encrypt to identity storage information using the second encryption key It arrives；Encryption/decryption module is in the following manner decrypted cipher-text information: using the second decryption corresponding with the second encryption key Key pair cipher-text information is decrypted, and obtains ID card information.

Optionally, background server further include: first obtains module, in the first preposition terminal to electronic signature equipment Before sending ID card information reading instruction, obtains identity and store information；Third sending module was also used to via the second preposition end It holds to electronic signature equipment and sends identity storage information.

Optionally, background server further include: second obtains module, in the first preposition terminal to electronic signature equipment Before sending ID card information reading instruction, obtains identity and store information；Encryption/decryption module is also used to using the first encryption key The identity storage information obtained to the second acquisition module encrypts；Third sending module is also used to will via the second preposition terminal It encrypts obtained cipher-text information and is sent to electronic signature equipment；Encryption/decryption module in the following manner solves cipher-text information It is close: cipher-text information being decrypted using the first decruption key corresponding with the first encryption key, obtains ID card information.

Optionally, background server further include: third obtains module, in the first preposition terminal to electronic signature equipment Before sending ID card information reading instruction, obtains identity and store information；Encryption/decryption module is also used to using the first encryption key The identity storage information that module obtains is obtained to third to encrypt；Third sending module is also used to will via the second preposition terminal It encrypts obtained encryption data and is sent to electronic signature equipment；Cipher-text information is that electronic signature equipment uses the second encryption key pair Encryption data is encrypted to obtain；Encryption/decryption module is in the following manner decrypted cipher-text information: encrypting using with second Cipher-text information is decrypted in corresponding second decruption key of key, obtains encryption data, recycles and the first encryption key pair Encryption data is decrypted in the first decruption key answered, and obtains ID card information.

Optionally, the data that third sending module is sent via the second preposition terminal to electronic signature equipment are except identity stores Except information further include: background server signs ID card information to obtain the first signing messages；First receiving module connects The data that the electronic signature equipment received is sent are in addition to identity card stores information further include: background server is to ID card information It is signed to obtain the first signing messages or electronic signature equipment uses third encryption key to add the first signing messages Close the first obtained signing messages ciphertext；Background server further include: the first authentication module, for being carried out to the first signing messages Verifying, and after being verified, cipher-text information is decrypted in triggering encryption/decryption module；Alternatively, using with third encryption key pair The first signing messages ciphertext is decrypted in the third decruption key answered, and the first signing messages obtained to decryption is verified, And after being verified, cipher-text information is decrypted in triggering encryption/decryption module.

Optionally, identity stores information further include: background server signs ID card information to obtain the first signature Information；Background server further include: the second authentication module, the first signing messages for obtaining to signature is verified, and is tested After card passes through, cipher-text information is decrypted in triggering encryption/decryption module.

Optionally, the data that the electronic signature equipment that the first receiving module receives is sent are gone back in addition to identity stores information It include: that electronic signature equipment signs ID card information or identity storage information to obtain the second signing messages or the second label The ciphertext of name information；Background server further include: third authentication module for verifying to the second signing messages, and is verified Cipher-text information is decrypted by rear triggering encryption/decryption module；Alternatively, the ciphertext of the second signing messages is decrypted, to solution Close the second obtained signing messages is verified, and triggers encryption/decryption module after being verified and cipher-text information is decrypted.

According to a further aspect of the invention, a kind of resident identification card information authentication system is provided, comprising: electronic signature Equipment and above-mentioned ID card information obtain system.

As seen from the above technical solution provided by the invention, preposition terminal reads resident's body from electronic signature equipment ID card information in part card, can prevent from carrying that identity card is easy to be lost and the leakage of identity information caused by losing.Separately Outside, since the identity storage information that electronic signature equipment returns is ciphertext, it is necessary to be solved by background server to cipher-text information After close, the plaintext of ID card information can be just got, to ensure that the peace of the ID card information stored in electronic signature equipment Entirely.

Detailed description of the invention

In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment Attached drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this For the those of ordinary skill in field, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.

Fig. 1 is the structural schematic diagram that ID card information provided in an embodiment of the present invention obtains system；

Fig. 2 is the structural schematic diagram of the provided in an embodiment of the present invention first preposition terminal；

Fig. 3 is the structural schematic diagram of background server provided in an embodiment of the present invention；

Fig. 4 is the flow chart of ID card information acquisition methods provided in an embodiment of the present invention.

Specific embodiment

With reference to the attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete Ground description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Based on this The embodiment of invention, every other implementation obtained by those of ordinary skill in the art without making creative efforts Example, belongs to protection scope of the present invention.

In the description of the present invention, it is to be understood that, term " center ", " longitudinal direction ", " transverse direction ", "upper", "lower", The orientation or positional relationship of the instructions such as "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside" is It is based on the orientation or positional relationship shown in the drawings, is merely for convenience of description of the present invention and simplification of the description, rather than instruction or dark Show that signified device or element must have a particular orientation, be constructed and operated in a specific orientation, therefore should not be understood as pair Limitation of the invention.In addition, term " first ", " second " are used for description purposes only, it is not understood to indicate or imply opposite Importance or quantity or position.

In the description of the present invention, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected；It can To be mechanical connection, it is also possible to be electrically connected；It can be directly connected, can also can be indirectly connected through an intermediary Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition Concrete meaning in invention.

The embodiment of the present invention is described in further detail below in conjunction with attached drawing.

The embodiment of the invention provides a kind of ID card informations to obtain system.

Fig. 1 is the structural schematic diagram that ID card information provided in an embodiment of the present invention obtains system, referring to Fig. 1, the present invention It includes: the backstage clothes that the first preposition terminal 20 and the first preposition terminal 20 connect that the ID card information that embodiment provides, which obtains system, Business device 40.

In embodiments of the present invention, in the ID card information for needing to obtain user, the first preposition terminal 20 is to electronics label Name equipment 10 send ID card information read instruction, request read electronic signature equipment 10 in save include user's residential identity The identity of ID card information in card stores information, and then the first preposition terminal 20 receives the identity that electronic signature equipment 10 is sent Store the cipher-text information of information.The cipher-text information of identity storage information is sent to background server again by the first preposition terminal 20 40.After the cipher-text information for receiving identity storage information, the cipher-text information received is decrypted in background server 40, obtains To ID card information, obtained ID card information is then returned into the first preposition terminal 20.So that the first preposition terminal The 20 available ID card informations directly read.

In ID card information acquisition system provided in an embodiment of the present invention, multiple preposition terminals, Ke Yili may include Solution, the first preposition terminal 20 are one in system in multiple preposition terminals, and each preposition terminal is and background server 40 are connected.Background server 40 can be the server that bank provides, and preposition terminal can be then the terminal that bank counter provides, Such as PC etc. may be used also alternatively, background server 40 may be that other need to carry out the server that ID card information obtains system Think believable third-party server (such as Cloud Server) etc..Electronic signature equipment 10 can be the key equipment that bank provides (such as U-shield, K treasured of agricultural bank of industrial and commercial bank etc.), or the other equipment with signature function.The electronic signature equipment 10 can To be attached with any preposition terminal.

As an optional embodiment of the embodiment of the present invention, as shown in Figure 1, the system can also include: before second Set terminal 30.Second preposition terminal 30 and the first preposition terminal 20 can be the same preposition terminal, or before different Set terminal.In a particular application, user can hold resident identification card to the second preposition terminal 30 for connecting background server 40 Location carries out ID card information verification, the ID card information stored in the second preposition 30 reading identity card of terminal.Verifying body After part card information passes through, identity storage information can be sent to electronic signature equipment 10 through but not limited to one of such as under type It is stored:

The ID card information of reading is sent to electronic signature by the preposition terminal 30 of mode one: the second Equipment 10, electronic signature equipment 10 receive the identity that the second preposition terminal 30 is sent and store information, save identity and store information；When So, as an optional embodiment of the embodiment of the present invention, the second preposition terminal 30 can also be to the ID card information of reading It is shown, after confirming that ID card information is errorless, identity storage information is sent to electronic signature by the second preposition terminal 30 Equipment 10 is stored, and thereby ensures that the authenticity of ID card information.

The ID card information of reading is sent to background service by the preposition terminal 30 of mode two: the second Device 40, the encryption data that background server 40 obtains after encrypting to identity storage information are back to the second preposition terminal 30, Encryption data is sent to electronic signature equipment 10 by the second preposition terminal 30, which solves encryption data It obtains identity storage information after close to be stored, alternatively, electronic signature equipment 10 can also directly save the encryption data.Thus Even if guaranteeing to be trapped during ID card information is sent, no decruption key can not also obtain ID card information, ensure that ID card information confidentiality and safety.

The ID card information of reading is sent to background service by the preposition terminal 30 of mode three: the second Device 40, the signed data that background server 40 obtains after signing to identity storage information are back to the second preposition terminal 30, Identity is stored information to second preposition terminal 30 and signed data is sent to electronic signature equipment 10, the electronic signature equipment 10 It stores identity and stores information.Certainly, as an optional embodiment of the embodiment of the present invention, electronic signature equipment 10 can be right Signed data carries out sign test, and after sign test passes through, and storage identity stores information.Thereby it is ensured that the source of ID card information Reliable and non repudiation and authenticity.

The ID card information of reading is sent to background service by the preposition terminal 30 of mode four: the second Device 40, the encryption data and identity storage information is carried out that background server 40 obtains after encrypting to identity storage information The signed data obtained after signature is back to the second preposition terminal 30, and the second preposition terminal 30 is retransmited to electronic signature equipment 10, acquisition identity storage information can be decrypted to encryption data and store for electronic signature equipment 10, alternatively, electronic signature Equipment 10 can also directly store encryption data；Certainly, as an optional embodiment of the embodiment of the present invention, electronic signature After equipment 10 encryption data can also be decrypted acquisition identity storage information, sign test is carried out to signed data, and in sign test By rear, that is, determine that identity storage information is confirmed through background server 40, then store identity storage information again.As a result, It can guarantee the non repudiation and authenticity of ID card information, it is also ensured that the confidentiality and safety of ID card information Property.

Hereby it is achieved that the ID card information in resident identification card can be safely stored.

What the ID card information in the embodiment of the present invention can be read from user's resident identification card for card reader of ID card Plaintext ID card information, or the ciphertext ID card information stored in user's resident identification card, the ciphertext ID card information It can be decrypted by network, to obtain its cleartext information.Certainly, ID card information can be in user's resident identification card Storage whole ID card informations, or according to different demands interception part identity demonstrate,prove information, specifically in the present invention It is not construed as limiting in embodiment.

Identity storage information encryption is sent to electronic signature equipment 10 and deposited by the second preposition terminal 30 based on above-mentioned The mode of storage, the public key that background server 40 can use electronic signature equipment 10 encrypt information, also can use with The key that electronic signature equipment 10 is negotiated is encrypted, and can also be utilized preset identical with electronic signature equipment 10 symmetrical close Key is encrypted.Corresponding, electronic signature equipment 10 can use after the information after private key pair encryption is decrypted and save, can also To save after being decrypted using the information after the key pair encryption negotiated with background server 40, can also utilize it is preset with The identical symmetric key of background server 40 saves after encrypted information is decrypted, alternatively, electronic signature equipment 10 The identity storage information that encryption can directly be stored, when receiving reading instruction, directly by the identity storage information hair of encryption Give the first preposition terminal 10.In addition, identity is stored information and identity storage information by the second preposition terminal 30 based on above-mentioned Signing messages be sent to the mode that electronic signature equipment 10 is stored together, background server 40 can use background service The private key of device 40 signs to ID card information, and electronic signature equipment 10 is using the public key of background server 40 to signed data Sign test is carried out, in the label that sign test can be obtained ID card information and the signature of background server 40 by rear electronic signature equipment 10 Name data (ID card information and its signed data can also be stored information together as identity) save together.

As an optional embodiment of the embodiment of the present invention, the second preposition terminal 30 can one of in the following way Or combinations thereof obtain the ID card information stored in user's resident identification card:

The preposition terminal 30 of mode one: the second reads the identity stored in resident identification card by equipment such as card reader of ID card Demonstrate,prove information；

Mode two: the ID card information of resident identification card is input in the second preposition terminal 30 by input equipment etc.；

The preposition terminal 30 of mode three: the second scans the ID card information of resident identification card by scanning device etc..

As an optional embodiment of the embodiment of the present invention, body can be verified one or a combination set of in the following way Part card information:

Mode one: ID card information is verified by the personnel of handling；

The ID card information that the preposition terminal 30 of mode two: the second will acquire is sent to background server 40, via backstage Server 40 is sent to ID card verification mechanism by way of safety and carries out verifying verification.

After the authenticity for only verifying resident identification card information, just ID card information is handled, thereby may be ensured that The authenticity of ID card information.

As a kind of optional embodiment of the embodiment of the present invention, identity card reading can also be set in electronic signature equipment 10 Card device reads the ID card information that stores in resident identification card via the card reader of ID card, and using the ID card information as Identity storage information is stored in electronic signature equipment 10.By the optional embodiment, user will can occupy in any place ID card information in people's identity card reads in electronic signature equipment 10 and saves.

As an optional embodiment of the embodiment of the present invention, ID card information includes at least following one or it is any Combination: name, ID card No., validity period and biometric information.Certainly, ID card information can also include: gender, the people Race, date of birth and/or address etc..Certainly, biometric information may include following one or any combination thereof: photo refers to Line and iris etc..

As an optional embodiment of the embodiment of the present invention, electronic signature equipment 10 saves identity storage information Afterwards, when removing the first preposition 20 transacting business of terminal, show ID card information if necessary, then can not have to carry identity card, only Need to carry electronic signature equipment 10 to provide ID card information, it is user-friendly, while can prevent identity card from losing Lose and caused by ID card information reveal.At this point, electronic signature equipment 10 receives the reading instruction that the first preposition terminal 20 is sent, Identity is stored into information and signing messages is sent to the first preposition terminal 20.

As an optional embodiment of the embodiment of the present invention, the first preposition terminal 20 can by dedicated interface from Electronic signature equipment 10 reads identity and stores information, which can be for wireline interface, such as USB, audio, serial ports etc., can also Think wireless interface, such as: NFC, bluetooth, WIFI, RFID etc..So that the first preposition terminal 20 is adapted to a variety of inhomogeneities The electronic signature equipment 10 of type.Certainly, the first preposition terminal 20 can be using the link connection background server 40 of safety.

In an optional embodiment of the embodiment of the present invention, electronic signature equipment that the first preposition terminal 20 receives 10 cipher-text informations sent may include one of following manner:

Mode one: believed by background server 40 using the ciphertext that the first encryption key encrypts ID card information Breath.

In this approach, electronic signature equipment 10 is when being stored in identity storage information, by background server 40 via second Cipher-text information is sent to electronic signature equipment 10 and saved by preposition terminal 30, and electronic signature equipment 10 receives the cipher-text information Afterwards, the cipher-text information is directly saved.When receiving the reading instruction that the first preposition terminal 20 is sent, directly by the cipher-text information Return to the first preposition terminal 20.

Mode two: electronic signature equipment 10 is believed using the ciphertext that the second encryption key encrypts ID card information Breath.

In a particular application, electronic signature equipment 10 can be when storing ID card information, carry out to ID card information Encrypting storing, alternatively, be also possible to when receiving reading instruction, after the plaintext of the ID card information of preservation is encrypted, It is sent to the first preposition terminal 20.The specific embodiment of the present invention is not construed as limiting.

Mode three: electronic signature equipment 10 is believed using the ciphertext that the second encryption key encrypts encryption data Breath, wherein encryption data is the encryption that background server 40 encrypts ID card information using the first encryption key Data.

In this approach, electronic signature equipment 10 is when being stored in identity storage information, by background server 40 via second The encryption data encrypted using the first encryption key to ID card information is sent to electronic signature by preposition terminal 30 Equipment 10 after electronic signature equipment 10 receives the encryption data, can directly save the encryption data, alternatively, can also adopt It is saved after being encrypted with the second encryption key to encryption data.It is instructed receiving the reading that the first preposition terminal 20 is sent When, it directlys adopt after the second encryption key encrypts the encryption data of preservation and obtains cipher-text information, which is returned Back to the first preposition terminal 20, alternatively, the cipher-text information of preservation is returned to the first preposition terminal 20 by electronic signature equipment 10.

Mode four: electronic signature equipment 10 adds ID card information and the second signing messages using the second encryption key Close obtained cipher-text information, wherein the second signing messages is that background server 40 uses the private key of background server 40 to identity Card information is signed.

In this way, the second signing messages can be when electronic signature equipment 10 is stored in identity storage information, after Platform server 40 is sent to electronic signature equipment 10 via the second preposition terminal 30 with ID card information, and electronic signature is set Standby 10 can be when receiving ID card information and the second signing messages, using the second encryption key to ID card information and second Signing messages saves after being encrypted as identity storage information, is also possible to directly save ID card information and the second A.L.S. Breath is returned using the second encryption key to what ID card information and the second signing messages were encrypted when receiving reading instruction Back to the first preposition terminal 20.

Mode five: electronic signature equipment 10 signs to the encryption data of ID card information and second using the second encryption key The cipher-text information that information is encrypted, wherein the encryption data of ID card information is that background server 40 adds using first What close key pair ID card information was encrypted, the second signing messages is background server 40 using background server 40 Private key signs to ID card information.

In this way, the encryption data of ID card information and the second signing messages can be in electronic signature equipment 10 When being stored in identity storage information, background server 40 is sent to electronic signature equipment 10, electronics via the second preposition terminal 30 Signature device 10 can be in the encryption data and the second signing messages for receiving ID card information, using the second encryption key pair The encryption data of ID card information and the second signing messages save after being encrypted as identity storage information, are also possible to directly The encryption data and the second signing messages for saving ID card information, when receiving reading instruction, using the second encryption key pair What the encryption data of ID card information and the second signing messages were encrypted returns to the first preposition terminal 20.

Corresponding to the cipher-text information of above-mentioned various modes, background server 40 is receiving what the first preposition terminal 20 was sent After cipher-text information, accordingly, it can be decrypted in the following ways:

Mode one: background server 40 carries out cipher-text information using the first decruption key corresponding with the first encryption key Decryption obtains ID card information.

Wherein, the first encryption key and the first decruption key are a pair of secret keys, can be symmetric key, and it is non-right to be also possible to Claim key.It can be preset, be also possible to what background server 40 and electronic signature equipment 10 were negotiated, the specific present invention is implemented Example is not construed as limiting.

Mode two: background server 40 carries out cipher-text information using the second decruption key corresponding with the second encryption key Decryption obtains ID card information.

Wherein, the second encryption key and the second decruption key are a pair of secret keys, can be symmetric key, and it is non-right to be also possible to Claim key.It can be preset, for example, the second encryption key can be the public key of background server 40, the second decruption key is The private key of background server 40.Alternatively, being also possible to what background server 40 was negotiated with electronic signature equipment 10, for example, backstage Server 40 and electronic signature equipment 10, which pass through to be mutually authenticated, establishes exit passageway, negotiates transmission key.The specific present invention is implemented Example is not construed as limiting.

Mode three: background server 40 carries out cipher-text information using the second decruption key corresponding with the second encryption key Decryption obtains encryption data, is then solved again using the second decruption key corresponding with the second encryption key to encryption data It is close, obtain ID card information.

Mode four: background server 40 decrypts cipher-text information using the second decruption key corresponding with the second encryption key Obtain ID card information and the second signing messages.

In this case, background server 40 may be used also after decryption obtains ID card information and the second signing messages To verify to the second signing messages, after being verified, then obtained ID card information returned into the first preposition terminal 20, It thereby may be ensured that the reliability of ID card information.

Mode five: background server 40 carries out cipher-text information using the second decruption key corresponding with the second encryption key Decryption obtains encryption data and the second signing messages, then again using the second decruption key corresponding with the second encryption key to adding Ciphertext data is decrypted, and obtains ID card information.

In an optional embodiment of the embodiment of the present invention, in above-mentioned each possible optional embodiment, After receiving reading instruction, electronic signature equipment 10 is returned in the data of the first preposition terminal 20, in addition to above-mentioned ciphertext is believed Breath can also include signing messages, and background server 40 returns to the first preposition terminal 20 in the ID card information for obtaining decryption Before, signing messages can also be verified, before being verified and then obtained ID card information is returned to first Terminal 20 is set, the reliability and non repudiation of the ID card information that thereby may be ensured that.

In a particular application, signing messages can include but is not limited at least one of:

Mode one: electronic signature equipment 10 is carried out using the ciphertext that its private key stores information or identity storage information to identity The first signing messages that signature obtains.

Accordingly, when background server 40 verifies signing messages, it can use the public key of electronic signature equipment 10 First signing messages is verified.

Wherein, the ciphertext of identity storage information can be electronic signature equipment 10 and be encrypted to obtain to identity storage information , it is also possible to background server 40 and ID card information is encrypted to obtain.

In this case, optionally, in order to avoid Replay Attack, the first preposition terminal 20 is to electronic signature equipment 10 Single authentication information is carried in the reading instruction of transmission；It then can also include: that electronic signature equipment 10 utilizes in signing messages The third signing messages that its private key signs to the single authentication information.Accordingly, accordingly, background server 40 is right When signing messages is verified, third signing messages can also be verified using the public key of electronic signature equipment 10.

As an optional embodiment of the embodiment of the present invention, single authentication information may include following one or its group It closes: random factor, time factor and event factor.

Specifically, random factor can be following one or combinations thereof: random number, random character and random Chinese character.Time The factor can be the time at that time.The numerical value that event factor can add up for every generation start-stop counter, it is different every time.

Include single authentication information when sending read instruction every time due to the first preposition terminal 20, it is ensured that every time from What electronic signature equipment 10 was sent when reading identity storage information in electronic signature equipment 10 is different information, even if by cutting It obtains, can not also be used for the second time in the first preposition terminal 20, prevent Replay Attack.

In the specific implementation process, the single authentication information carried in reading instruction can be background server 40 and be sent to First preposition terminal 20.For example, the first preposition terminal 20 is needing before reading identity card information in electronic signature equipment 10, After can first notifying background server 40, background server 40 to receive the notice of the first preposition terminal 20, to the first preposition end End 20 sends single authentication information to electronic signature equipment 10, and electronic signature equipment 10 is reading single authentication information carrying Instruction is sent to electronic signature equipment 10.Certainly, single authentication information can not also be carried and read by the first preposition terminal 20 Electronic signature equipment 10 is sent in instruction, but by an individual signaling, for example, signature command, single authentication is believed Breath is sent to electronic signature equipment 10, and the first preposition terminal 20 can also read instruction sending to electronic signature equipment 10 Afterwards, background server 40 is reinformed, the single authentication request of the transmission of background server 40 is then received again, is then then forwarded to the One preposition terminal 20.The specific embodiment of the present invention is not construed as limiting.

It can also include: background service in identity storage information in an optional embodiment of the embodiment of the present invention The second signing messages that device 40 signs to ID card information using its private key.Accordingly, 40 pairs of background server label When name information is verified, second signing messages will also be verified using the public key of background server 40.

Wherein, the second signing messages can be the second preposition terminal 30 and identity storage information be sent to electronic signature equipment When 10, electronic signature equipment 10 is sent to using the second signing messages as a part of identity storage information.I.e. second is preposition After the ID card information that terminal 30 can store in getting resident identification card, ID card information is sent to background server 40, background server 40 signs to ID card information using the private key of background server 40, obtains the second signing messages, so The second signing messages is returned into the second preposition terminal 30 afterwards, and the second preposition terminal 30 is deposited using the second signing messages as identity A part of storage information is sent to electronic signature equipment 10, and upon receipt, the second signing messages is made for electronic signature equipment 10 The a part for storing information for identity is stored.

It should be noted that if background server 40 needs to verify multiple signing messages, only to institute In the case that some signing messages are all verified, just confirmation is verified.

Wherein, to those skilled in the art, in the embodiment of the present invention, background server 40 carries out signing messages Verifying refers to background server 40 using public key (as set forth above, it is possible to be the public key or background server of electronic signature equipment 10 40 public key) signing messages is decrypted, a digest value is obtained, then, background server 40 is (as above to corresponding information It is described, information can be stored for ID card information or identity) digest calculations are carried out, it will be calculated what digest value was obtained with decryption Digest value is compared, if unanimously, be verified, otherwise, verifying does not pass through.

Mode two: background server 40 sign using ciphertext of its private key to ID card information or ID card information The second signing messages arrived.

In this case, wherein the second signing messages can be the second preposition terminal 30 for ID card information or identity The ciphertext of card information is when being sent to electronic signature equipment 10, by the second signing messages with the close of ID card information or ID card information Text sends jointly to electronic signature equipment 10.The body that i.e. second preposition terminal 30 can store in getting resident identification card After part card information, ID card information is sent to background server 40, background server 40 utilizes the private key of background server 40 Sign to ID card information, obtain the second signing messages, then by the plaintext of the second signing messages and ID card information or Ciphertext returns to the second preposition terminal 30 together, and the second preposition terminal 30 signs the plaintext or cipher text of ID card information and second Name information sends jointly to electronic signature equipment 10, electronic signature equipment 10 upon receipt, by the second signing messages and identity The plaintext or cipher text associated storage together for demonstrate,proving information, receive read instruction when, the second signing messages is returned to the together One preposition terminal 20.In this case, when background server 40 verifies signing messages, background server 40 is utilized Public key verifies the second signing messages.

Using system provided in an embodiment of the present invention, electronic signature equipment 10 saves ID card information, the first preposition terminal 20 in reading identity card information, the cipher-text information of the identity read storage information is sent to background server 40, by rear The cipher-text information of the identity storage information read from electronic signature equipment 10 is decrypted in platform server 40, thus both can be to prevent The problem of only carrying identity card easy to be lost and the leakage of identity information caused by losing, and can guarantee electronic signature equipment The ID card information stored in 10 will not illegally be read.

It should be noted that, although being said so that preposition terminal is provided separately with background server as an example in the present embodiment Bright, but it is not limited to this, in practical applications, can also be by preposition terminal and background server unification setting.As long as can be real The existing required function of providing of the embodiment of the present invention.

According to embodiments of the present invention, a kind of resident identification card information authentication system is additionally provided, which includes electronics label Name equipment 10 and above-mentioned ID card information obtain system.

Individually below to the structure of the first preposition terminal 20 and background server 40 in ID card information acquisition system into Row explanation.

In an optional embodiment of the embodiment of the present invention, the first preposition terminal 20 can use knot as shown in Figure 2 Structure.As shown in Fig. 2, the first preposition terminal 20 provided in an embodiment of the present invention specifically includes that the first sending module 200, first connect Receive module 202 and the second sending module 204.Wherein,

First sending module 200 reads instruction for sending ID card information to electronic signature equipment 10, and electricity is read in request The identity storage information saved in sub- signature device, wherein identity storage information includes: the identity card in user's resident identification card Information.

First receiving module 202, the cipher-text information of the identity storage information for receiving the transmission of electronic signature equipment 10.

Second sending module 204, for the cipher-text information of identity storage information to be sent to background server 40.

In an optional embodiment of the embodiment of the present invention, background server 40 can use structure as shown in Figure 3. As shown in figure 3, background server 40 provided in an embodiment of the present invention specifically includes that the second receiving module 400, deciphering module 402 With third sending module 404.Wherein,

Second receiving module 400, the cipher-text information sent for receiving the first preposition terminal 20.

Encryption/decryption module 402 obtains ID card information for the cipher-text information received to be decrypted.

Third sending module 404, the ID card information for obtaining decryption return to the first preposition terminal 20.

It can be seen that obtaining system using ID card information provided in an embodiment of the present invention, can prevent from carrying body Part demonstrate,proves the problem of leakage of identity information caused by easy to be lost and loss, and guarantees the identity card letter that electronic signature equipment 10 saves Breath will not illegally be read.

In an optional embodiment of the embodiment of the present invention, as described above, the first receiving module 202 receive it is close Literary information includes above-mentioned mode one to mode five, and encryption/decryption module 402 can be using above-mentioned corresponding mode one to mode Five are decrypted.

Optionally, background server 40 can also include: the first acquisition module, in the first preposition terminal to electronics label Before name equipment sends ID card information reading instruction, obtains identity and store information；Third sending module 404 is also used to via Two preposition terminals send identity to electronic signature equipment and store information.

Optionally, background server 40 can also include: the second acquisition module, in the first preposition terminal to electronics label Before name equipment sends ID card information reading instruction, obtains identity and store information；Encryption/decryption module 402 is also used to using first The identity storage information that encryption key obtains the second acquisition module encrypts；Third sending module 404 is also used to via The cipher-text information that encryption obtains is sent to electronic signature equipment by two preposition terminals；Encryption/decryption module 402 is right in the following manner Cipher-text information is decrypted: being decrypted, is obtained to cipher-text information using the first decruption key corresponding with the first encryption key ID card information.

Optionally, background server 40 can also include: that third obtains module, in the first preposition terminal to electronics label Before name equipment sends ID card information reading instruction, obtains identity and store information；Encryption/decryption module 402 is also used to using first Encryption key obtains the identity storage information that module obtains to third and encrypts；Third sending module 404 is also used to via The encryption data that encryption obtains is sent to electronic signature equipment by two preposition terminals；Cipher-text information is electronic signature equipment using the Two encryption keys are encrypted to obtain to encryption data；Encryption/decryption module 402 is in the following manner decrypted cipher-text information: Cipher-text information is decrypted using the second decruption key corresponding with the second encryption key, obtains encryption data, recycle with Encryption data is decrypted in corresponding first decruption key of first encryption key, obtains ID card information.

In an optional embodiment of the embodiment of the present invention, after receiving reading instruction, electronic signature equipment 10 In the data for returning to the first preposition terminal 20, in addition to above-mentioned cipher-text information can also include signing messages, background server 40 before the ID card information for obtaining decryption returns to the first preposition terminal 20, can also verify signing messages, It is being verified and then obtained ID card information is returned into the first preposition terminal 20, the body that thereby may be ensured that The reliability and non repudiation of part card information.As described above, signing messages can include at least aforesaid way one and mode two Content.

In an optional embodiment of the embodiment of the present invention, third sending module 404 via the second preposition terminal to The data that electronic signature equipment 10 is sent can also include: background server in addition to identity stores information to ID card information into Row signature obtains the second signing messages；The data that the electronic signature equipment 10 that first receiving module 202 receives is sent remove identity Can also include: background server 40 except card storage information to ID card information signed to obtain the second signing messages or The second signing messages ciphertext that electronic signature equipment uses third encryption key to encrypt the second signing messages；From the background Server 40 can also include: the first authentication module, for being verified to the second signing messages, and after being verified, triggering Cipher-text information is decrypted in encryption/decryption module 402；Alternatively, using third decruption key corresponding with third encryption key to Two signing messages ciphertexts are decrypted, and verify to obtained the second signing messages of decryption, and after being verified, triggering plus solution Cipher-text information is decrypted in close module 402.

In an optional embodiment of the embodiment of the present invention, it can also include: background server that identity, which stores information, 40 pairs of ID card informations are signed to obtain the second signing messages；Background server can also include: the second authentication module, be used for Obtained the second signing messages of signature is verified, and after being verified, triggering encryption/decryption module 402 carries out cipher-text information Decryption.

In an optional embodiment of the embodiment of the present invention, the electronic signature that the first receiving module 202 receives is set The data that preparation is sent can also include: electronic signature equipment 10 to ID card information or identity in addition to the identity stores information Storage information is signed to obtain the ciphertext of the first signing messages or the first signing messages；Background server can also include: Third authentication module for verifying to the first signing messages, and triggers encryption/decryption module 402 after being verified and believes ciphertext Breath is decrypted；Alternatively, the ciphertext of the first signing messages is decrypted, the first signing messages obtained to decryption is tested Card, and trigger encryption/decryption module 402 after being verified and cipher-text information is decrypted.

As an optional embodiment of the embodiment of the present invention, ID card information includes at least following one or it is any Combination: name, ID card No., validity period and biometric information etc., certainly, ID card information can also include: gender, the people Race, date of birth and/or address etc..Wherein, biometric information includes following one or any combination thereof: photo, fingerprint and Iris.

The embodiment of the invention also provides a kind of ID card information acquisition methods, this method is applied to above system, can be with It is completed by the first preposition terminal 20 with the cooperation of background server 40.

Fig. 4 shows the flow chart of ID card information acquisition methods provided in an embodiment of the present invention, referring to fig. 4, the present invention The ID card information acquisition methods that embodiment provides mainly include the following steps S410 to S450.

In embodiments of the present invention, in the ID card information for needing to obtain user, step S410, the first preposition end are executed It holds 20 to send ID card information to electronic signature equipment 10 and reads instruction, what is saved in request reading electronic signature equipment 10 includes The identity of ID card information in user's resident identification card stores information, wherein it includes: user's residential identity that identity, which stores information, ID card information in card.

After electronic signature equipment 10 receives reading instruction, the close of identity storage information is sent to the first preposition terminal 20 Literary information, in the step s 420, the first preposition terminal 20 receive the ciphertext for the identity storage information that electronic signature equipment 10 is sent Information.After the cipher-text information for receiving the identity storage information from electronic signature equipment 10, due to the first preposition terminal 20 do not have sign test ability, and therefore, the cipher-text information of identity storage information is sent to background server 40 by the first preposition terminal 20 (step S430).Certainly, if the first preposition terminal 20 has decryption function, subsequent decryption step can also be directly first It is executed in preposition terminal 20.I.e. first preposition terminal 20 is arranged with the unification of background server 40.

After background server 40 receives identity storage information and signing messages, step S440 is executed, to cipher-text information It is decrypted, obtains ID card information.Then background server 40 will the obtained ID card information of decryption to return to first preposition Terminal 20 (step S450).

Identity storage information is saved in an optional embodiment of the embodiment of the present invention, in electronic signature equipment 10 can It is therefore, preposition first in the optional embodiment to be to be stored in by background server 40 via the second preposition terminal 30 Before terminal 20 sends ID card information reading instruction to electronic signature equipment 10, background server 40, which can store identity, to be believed Breath is sent to electronic signature equipment 10 by the second preposition terminal 30.

In an optional embodiment of the embodiment of the present invention, in step S420, what the first preposition terminal 20 received The cipher-text information that electronic signature equipment 10 is sent may include one of following manner:

In this approach, before step S410, electronic signature equipment 10 is when being stored in identity storage information, by taking from the background Cipher-text information is sent to electronic signature equipment 10 via the second preposition terminal 30 and saved by business device 40, and electronic signature equipment 10 receives To after the cipher-text information, the cipher-text information is directly saved.When receiving the reading instruction that the first preposition terminal 20 is sent, directly The cipher-text information is returned into the first preposition terminal 20.

In a particular application, electronic signature equipment 10 can be before step S410, when storing ID card information, to body Part card information carries out encrypting storing, alternatively, being also possible to when receiving reading instruction, by the plaintext of the ID card information of preservation After being encrypted, it is sent to the first preposition terminal 20.The specific embodiment of the present invention is not construed as limiting.

In this approach, electronic signature equipment 10 can be before step S410, when being stored in identity storage information, by rear The encryption that platform server 40 will encrypt ID card information using the first encryption key via the second preposition terminal 30 Data are sent to electronic signature equipment 10, after electronic signature equipment 10 receives the encryption data, can directly save the encryption Data, alternatively, being saved after can also being encrypted using the second encryption key to encryption data.In receiving step S410 When the reading instruction that one preposition terminal 20 is sent, directlys adopt and obtained after the second encryption key encrypts the encryption data of preservation To cipher-text information, which is returned into the first preposition terminal 20, alternatively, electronic signature equipment 10 believes the ciphertext of preservation Breath returns to the first preposition terminal 20.

In this way, before the second signing messages can be step S410, identity is stored in electronic signature equipment 10 When storing information, background server 40 is sent to electronic signature equipment 10 via the second preposition terminal 30 with ID card information , electronic signature equipment 10 can be when receiving ID card information and the second signing messages, using the second encryption key to body Part card information and the second signing messages save after being encrypted as identity storage information, are also possible to directly save identity card letter Breath and the second signing messages, when receiving the reading instruction in step S410, using the second encryption key to ID card information The first preposition terminal 20 is returned to what the second signing messages was encrypted.

In this way, the encryption data of ID card information and the second signing messages can be before step S410, When electronic signature equipment 10 is stored in identity storage information, background server 40 is sent to electronic signature via the second preposition terminal 30 Equipment 10, electronic signature equipment 10 can be used in the encryption data and the second signing messages for receiving ID card information Second encryption key is protected after encrypting to the encryption data of ID card information and the second signing messages as identity storage information It deposits, is also possible to directly save the encryption data and the second signing messages of ID card information, is receiving the reading in step S420 When instruction fetch, returned to using the second encryption key to what the encryption data of ID card information and the second signing messages were encrypted First preposition terminal 20.

Corresponding to the cipher-text information of above-mentioned various modes, background server 40 is receiving what the first preposition terminal 20 was sent After cipher-text information, accordingly, in step S440, background server 40 can be decrypted in the following ways:

In this case, background server 40 is being held after decryption obtains ID card information and the second signing messages Before row step S450, the second signing messages can also be verified, after being verified, then obtained ID card information be returned Back to the first preposition terminal 20 (step S450), the reliability of ID card information thereby may be ensured that.

In this case, background server 40 is after decryption obtains ID card information and the second signing messages, in step Before rapid S450, the second signing messages can also be verified, after being verified, then obtained ID card information be returned to First preposition terminal 20 (step S450), thereby may be ensured that the reliability of ID card information.

In an optional embodiment of the embodiment of the present invention, after receiving the reading instruction in step S410, electricity Sub- signature device 10 returns in the data of the first preposition terminal 20, in addition to above-mentioned cipher-text information can also include A.L.S. Breath, background server 40 is before the ID card information for obtaining decryption returns to the first preposition terminal 20 (step S450), also Signing messages can be verified, be verified and then obtained ID card information is returned into the first preposition terminal 20 (step S450), the reliability and non repudiation of the ID card information that thereby may be ensured that.

Accordingly, when background server 40 verifies signing messages, it can use the public key of electronic signature equipment 10 First signing messages is verified.Pass through the optional embodiment, it is ensured that the ID card information got is by electricity The user authentication of sub- signature device, so that it is guaranteed that the reliability and non repudiation of ID card information.

In this case, optionally, in order to avoid Replay Attack, in step S410, the first preposition terminal 20 is to electricity Single authentication information is carried in the reading instruction that sub- signature device 10 is sent；It then can also include: electronics label in signing messages The third signing messages that name equipment 10 signs to the single authentication information using its private key.Accordingly, accordingly, after When platform server 40 verifies signing messages, can also using electronic signature equipment 10 public key to third signing messages into Row verifying.

In this case, wherein the second signing messages can be the second preposition terminal 30 for ID card information or identity The ciphertext of card information is when being sent to electronic signature equipment 10, by the second signing messages with the close of ID card information or ID card information Text sends jointly to electronic signature equipment 10.The body that i.e. second preposition terminal 30 can store in getting resident identification card After part card information, ID card information is sent to background server 40, background server 40 utilizes the private key of background server 40 Sign to ID card information, obtain the second signing messages, then by the plaintext of the second signing messages and ID card information or Ciphertext returns to the second preposition terminal 30 together, and the second preposition terminal 30 signs the plaintext or cipher text of ID card information and second Name information sends jointly to electronic signature equipment 10, electronic signature equipment 10 upon receipt, by the second signing messages and identity The plaintext or cipher text associated storage together for demonstrate,proving information, receive read instruction when, the second signing messages is returned to the together One preposition terminal 20.In this case, when background server 40 verifies signing messages, background server 40 is utilized Public key verifies the second signing messages.Pass through the optional embodiment, it is ensured that the ID card information got be through Later platform server authentication, so that it is guaranteed that the reliability of ID card information.

That is, cipher-text information is adopted in an optional embodiment of the embodiment of the present invention for electronic signature equipment Identity storage information is encrypted to obtain with the second encryption key；And when executing step S440, background server use with Cipher-text information is decrypted in corresponding second decruption key of second encryption key, obtains ID card information.

In another optional embodiment of the embodiment of the present invention, sent in the first preposition terminal to electronic signature equipment Before ID card information reads instruction, background server obtains identity and stores information, via the second preposition terminal to electronic signature Equipment sends identity and stores information.

In an optional embodiment of the embodiment of the present invention, body is sent to electronic signature equipment in the first preposition terminal Before part card information reads instruction, background server obtains identity storage information, is stored and is believed to identity using the first encryption key Breath is encrypted, and the cipher-text information that encryption obtains is sent to electronic signature equipment via the second preposition terminal；And it is executing When step S440, background server is decrypted cipher-text information using the first decruption key corresponding with the first encryption key, Obtain ID card information.

In another optional embodiment of the embodiment of the present invention, sent in the first preposition terminal to electronic signature equipment Before ID card information reads instruction, background server obtains identity and stores information, is stored using the first encryption key to identity Information is encrypted, and the encryption data that encryption obtains is sent to electronic signature equipment via the second preposition terminal；Ciphertext letter Breath is that electronic signature equipment is encrypted to obtain using the second encryption key to encryption data；And when executing step S440, after Platform server is decrypted cipher-text information using the second decruption key corresponding with the second encryption key, obtains encryption data, It recycles the first decruption key corresponding with the first encryption key that encryption data is decrypted, obtains ID card information.

In another optional embodiment of the embodiment of the present invention, background server is through the second preposition terminal to electronics label The data that name equipment is sent are in addition to identity stores information further include: background server is signed to obtain the to ID card information One signing messages；Electronic signature equipment is sent to the data of the first preposition terminal in addition to identity card stores information further include: after Platform server is signed to obtain the first signing messages or electronic signature equipment using third encryption key to ID card information The first signing messages ciphertext that first signing messages is encrypted；And after executing step S440 and step S450 it Before, background server verifies the first signing messages, and is verified；It is encrypted alternatively, background server is used with third The first signing messages ciphertext is decrypted in the corresponding third decruption key of key, carries out to the first signing messages that decryption obtains Verifying, and be verified.

In another optional embodiment of the embodiment of the present invention, it can also include: background service that identity, which stores information, Device signs ID card information to obtain the first signing messages；And after executing step S440 and before step S450, after The first signing messages that platform server obtains signature is verified, and is verified.

In another optional embodiment of the embodiment of the present invention, electronic signature equipment is sent to the first preposition terminal Data are in addition to identity stores information further include: electronic signature equipment sign to ID card information or identity storage information To the ciphertext of the second signing messages or the second signing messages；And after executing step S440 and before step S450, backstage Server is verified and is verified to the second signing messages；Alternatively, background server to the ciphertext of the second signing messages into Row decryption is verified and is verified to the second signing messages that decryption obtains.

Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes It is one or more for realizing specific logical function or process the step of executable instruction code module, segment or portion Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussed suitable Sequence, including according to related function by it is basic simultaneously in the way of or in the opposite order, to execute function, this should be of the invention Embodiment person of ordinary skill in the field understood.

It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.Above-mentioned In embodiment, software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage Or firmware is realized.It, and in another embodiment, can be under well known in the art for example, if realized with hardware Any one of column technology or their combination are realized: having a logic gates for realizing logic function to data-signal Discrete logic, with suitable combinational logic gate circuit specific integrated circuit, programmable gate array (PGA), scene Programmable gate array (FPGA) etc..

Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.

It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in a processing module It is that each unit physically exists alone, can also be integrated in two or more units in a module.Above-mentioned integrated mould Block both can take the form of hardware realization, can also be realized in the form of software function module.The integrated module is such as Fruit is realized and when sold or used as an independent product in the form of software function module, also can store in a computer In read/write memory medium.

Storage medium mentioned above can be read-only memory, disk or CD etc..

In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any One or more embodiment or examples in can be combined in any suitable manner.

Although the embodiments of the present invention has been shown and described above, it is to be understood that above-described embodiment is example Property, it is not considered as limiting the invention, those skilled in the art are not departing from the principle of the present invention and objective In the case where can make changes, modifications, alterations, and variations to the above described embodiments within the scope of the invention.The scope of the present invention By appended claims and its equivalent limit.

Claims

1. a kind of ID card information acquisition methods characterized by comprising

Electronic signature equipment obtains cipher-text information, and the first preposition terminal sends ID card information to the electronic signature equipment and reads The identity storage information saved in the electronic signature equipment is read in instruction, request, wherein the identity stores information and includes: ID card information and background server in user's resident identification card sign the ID card information to obtain the first label Name information；Wherein, it includes: mode one, the background server that the electronic signature equipment, which obtains the mode of the cipher-text information, The identity storage information is obtained, the identity is sent to the electronic signature equipment via the second preposition terminal and stores information, The electronic signature equipment is encrypted to obtain the cipher-text information using the second encryption key to identity storage information；Side Formula two, the background server obtain the identity and store information, using the first encryption key to the identity store information into Row encryption, and the cipher-text information that encryption obtains is sent to the electronic signature equipment via the described second preposition terminal； Mode three, the background server are obtained the identity and store information, stored using first encryption key to the identity Information is encrypted, and the encryption data that encryption obtains is sent to the electronic signature equipment, institute via the second preposition terminal Stating cipher-text information is that the electronic signature equipment is encrypted to obtain using second encryption key to the encryption data；

The first preposition terminal receives the cipher-text information that the electronic signature equipment is sent and the electronic signature is set It is standby that the ID card information or identity storage information are signed to obtain the second signing messages or second signature The ciphertext of information；

The first preposition terminal is by the cipher-text information and the electronic signature equipment to the ID card information or described Identity storage information, which is signed to obtain the second signing messages, is sent to the background server；The background server is to described Cipher-text information is decrypted, and obtains the ID card information, and first signing messages is verified and is verified, with And after second signing messages is verified and is verified, the ID card information that the background server will obtain Return to the described first preposition terminal；

Alternatively,

The first preposition terminal is by the cipher-text information and the electronic signature equipment to the ID card information or identity The ciphertext for the second signing messages that storage information is signed is sent to the background server；The background server pair The cipher-text information is decrypted, and obtains the ID card information, and first signing messages is verified and verified logical It crosses, and the second signing messages that the ciphertext of second signing messages is decrypted is verified and is verified Afterwards, the obtained ID card information is returned to the described first preposition terminal by the background server；

Wherein, the mode that the cipher-text information is decrypted in the background server includes: to obtain in the electronic signature equipment For the moment to the cipher-text information employing mode, the background server is using the second decryption corresponding with second encryption key Cipher-text information described in key pair is decrypted；When the electronic signature equipment obtains the cipher-text information employing mode two, institute Background server is stated the cipher-text information is decrypted using the first decruption key corresponding with first encryption key；? When the electronic signature equipment obtains the cipher-text information employing mode three, the background server is used and second encryption The cipher-text information is decrypted in corresponding second decruption key of key, obtains the encryption data, recycles and described the The encryption data is decrypted in corresponding first decruption key of one encryption key.

2. the method according to claim 1, wherein

The data that the background server is sent through the described second preposition terminal to the electronic signature equipment are deposited except the identity It stores up except information further include: the background server signs the ID card information to obtain the first signing messages；

The data that the electronic signature equipment is sent to the described first preposition terminal are also wrapped in addition to the identity card stores information Include: the background server signs the ID card information to obtain the first signing messages or the electronic signature equipment The first signing messages ciphertext that first signing messages is encrypted using third encryption key；

The ID card information that is described that the cipher-text information is decrypted, obtaining the ID card information later and will obtain Before returning to the described first preposition terminal, the method also includes: the background server to first signing messages into Row verifying, and be verified；Alternatively, the background server is using third decruption key corresponding with third encryption key to institute It states the first signing messages ciphertext to be decrypted, the first signing messages for obtaining decryption is verified, and is verified.

3. a kind of ID card information obtains system characterized by comprising the first preposition terminal and background server；Wherein,

The first preposition terminal includes:

First sending module reads instruction for sending ID card information to electronic signature equipment, and the electronics label are read in request The identity storage information saved in name equipment, wherein the identity storage information includes: the identity card in user's resident identification card Information and the background server sign the ID card information to obtain the first signing messages；

First receiving module, the cipher-text information and the electronic signature equipment sent for receiving the electronic signature equipment The ID card information or identity storage information are signed to obtain the second signing messages or second A.L.S. The ciphertext of breath；

Wherein, it includes: mode one that the electronic signature equipment, which obtains the mode of the cipher-text information, and the of the background server For obtaining identity storage information, third sending module is used for via the second preposition terminal to the electronics one acquisition module Signature device sends the identity and stores information, and the electronic signature equipment, which stores the identity using the second encryption key, to be believed Breath is encrypted to obtain the cipher-text information；Mode two, the second of the background server obtain module and are used for described first Before preposition terminal sends the ID card information reading instruction to the electronic signature equipment, the identity storage letter is obtained Breath, encryption/decryption module are used to obtain the identity storage information that module obtains to described second using the first encryption key and carry out Encryption, the third sending module are used to that the cipher-text information that encryption obtains to be sent to institute via the described second preposition terminal State electronic signature equipment；Mode three, the third of the background server obtain module and are used in the described first preposition terminal to institute Before stating the electronic signature equipment transmission ID card information reading instruction, the identity storage information, the encryption and decryption are obtained Module is used to obtain the identity storage information that module obtains to the third using first encryption key and encrypt, The third sending module is used to that the encryption data that encryption obtains to be sent to the electronic signature via the second preposition terminal and sets Standby, the cipher-text information is that the electronic signature equipment encrypt to the encryption data using second encryption key It arrives；

Second sending module, for by the cipher-text information and the electronic signature equipment to the ID card information or described Identity storage information, which is signed to obtain the second signing messages, is sent to the background server；

The background server includes:

Second receiving module, for receiving the cipher-text information and the electronic signature equipment to the ID card information or institute Identity storage information is stated to be signed to obtain the second signing messages；

The encryption/decryption module obtains the ID card information for the cipher-text information to be decrypted；

Second authentication module, for being verified to first signing messages；

Third authentication module, for being verified to second signing messages；

Third sending module, for first signing messages to be verified and is verified in second authentication module, And after the third authentication module is verified and is verified to second signing messages, the obtained body will be decrypted Part card information returns to the described first preposition terminal；

Alternatively,

Second sending module of the first preposition terminal is used for the cipher-text information and the electronic signature equipment to institute It states ID card information or the ciphertext of the second signing messages that identity storage information is signed is sent to the background service Device；

The background server includes:

Second receiving module, for receiving the cipher-text information and the electronic signature equipment to the ID card information or body The ciphertext for the second signing messages that part storage information is signed；

Second authentication module, for being verified to first signing messages；

Third authentication module, the second signing messages being decrypted for the ciphertext to second signing messages are tested Card；

Third sending module, for first signing messages to be verified and is verified in the encryption/decryption module, with And after second signing messages is verified and is verified, the ID card information that decryption obtains is returned to described First preposition terminal；

Wherein, the mode that the cipher-text information is decrypted in the background server includes: to obtain in the electronic signature equipment For the moment to the cipher-text information employing mode, the encryption/decryption module of the background server, for using and described second The cipher-text information is decrypted in corresponding second decruption key of encryption key；It is obtained in the electronic signature equipment described close When literary information employing mode two, the encryption/decryption module of the background server, for using and first encryption key The cipher-text information is decrypted in corresponding first decruption key；The cipher-text information is obtained in the electronic signature equipment to adopt When with mode three, the encryption/decryption module of the background server, for using institute corresponding with second encryption key It states the second decruption key the cipher-text information is decrypted, obtains the encryption data, recycle close with first encryption The encryption data is decrypted in corresponding first decruption key of key.

4. system according to claim 3, which is characterized in that

The data that the third sending module is sent via the described second preposition terminal to the electronic signature equipment are except the body Except part storage information further include: the background server signs the ID card information to obtain the first signing messages；

The data that the electronic signature equipment that first receiving module receives is sent except identity card storage information it Outside further include: the background server signs the ID card information to obtain the first signing messages or the electronics label The first signing messages ciphertext that name equipment uses third encryption key to encrypt first signing messages；

The background server further include: the first authentication module for verifying to first signing messages, and is verified logical Later, the encryption/decryption module is triggered the cipher-text information is decrypted；Alternatively, using corresponding with third encryption key The first signing messages ciphertext is decrypted in three decruption keys, and the first signing messages obtained to decryption is verified, and After being verified, triggers the encryption/decryption module and the cipher-text information is decrypted.

5. a kind of resident identification card information authentication system characterized by comprising electronic signature equipment and such as claim 3 Or 4 described in any item ID card informations obtain systems.