CN105357667B - A kind of novel electron identity identifies smart card and discrimination method - Google Patents
A kind of novel electron identity identifies smart card and discrimination method Download PDFInfo
- Publication number
- CN105357667B CN105357667B CN201510701503.6A CN201510701503A CN105357667B CN 105357667 B CN105357667 B CN 105357667B CN 201510701503 A CN201510701503 A CN 201510701503A CN 105357667 B CN105357667 B CN 105357667B
- Authority
- CN
- China
- Prior art keywords
- identity
- holder
- terminal
- card
- authentication terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
Abstract
The present invention provides a kind of novel electron identity identification smart card; and devise a kind of authentication schemes that identity is mutually confirmed using the smart card and terminal; the electronic identity smart card supports national secret algorithm; the scheme of random session key is all used to resist Replay Attack with the session of terminal every time; and smart identity identification function is by holder's fingerprint protection; with very high safety, even if being obtained by other people, the electronic identity of holder can not be falsely used.Meanwhile the smart card is supported to check the identity information for the holder being stored in inside safety chip, can pass through USB and contactless communication two ways interactive information with terminal.
Description
Technical field
The present invention relates to technical field of intelligent card, and in particular to a kind of novel electron identity identifies smart card and identification side
Method.
Background technique
Existing electronic identity identifies smart card and requires input password, cannot resist guessing attack, and need
Holder periodically changes and remembers password, it has not been convenient to also not safe enough.Meanwhile existing electronic identity identifies smart card and does not support
The function of display and inquiry cardholder information.In addition, the cardholder information stored in existing identity identification smart card is simpler
It is single, do not store the information such as photo and the fingerprint of holder.
Summary of the invention
To solve prior art defect and deficiency, it is an object of the invention to provide a kind of safer electronic identity mirror
Other smart card and discrimination method.
The purpose of the present invention is what is be achieved through the following technical solutions:
A kind of novel electron identity identifies the discrimination method of smart card comprising following steps:
S1, the identity identification request that identity authentication terminal is issued according to the request of holder is received;
S2, prompt holder input fingerprint, and verify after receiving finger print information to the information, then verifying is tied
Fruit is shown to holder;
S3, the identity identification instruction that holder issues according to the verification information is received;
S4, Xiang Suoshu identity authentication terminal requesting terminal letter of identity, and after receiving the letter of identity to its into
Row verifying, restores terminal public key, shows the result of the verifying to holder;
S5, the solicited message for receiving the request card identity certificate that the identity authentication terminal issues, and respond the card
Piece letter of identity is verified and is restored for the identity authentication terminal card public key to the identity authentication terminal, then receive institute
State the result of verifying;
S6, it obtains card ciphertext using the terminal public key encrypted random number, and the card ciphertext is sent to described
Identity authentication terminal decrypts the card ciphertext for the identity authentication terminal and utilizes the card public key encryption random number
Obtain terminal ciphertext;Then the terminal ciphertext is received;
S7, the decryption terminal ciphertext simultaneously verify, and disperse session key, and the verification result of the terminal ciphertext is sent
To the identity authentication terminal, disperse the session key for the identity authentication terminal, then receives the identity and identify eventually
The solicited message for request holder's identity information that end is sent;
S8 responds holder's identity information to the identity after utilizing session key to encrypt holder's identity information and reflects
Other terminal is decrypted holder's identity information for the identity authentication terminal and is verified, and the identity authentication terminal hair is received
The identity identification result sent, and the identity identification result is shown to the holder.
Preferably, before the S2, comprising the following steps: check whether the card is locked, it is such as unlocked, then
S2 is carried out, such as locks, then forbids the use of card identity identification system.The present invention provides a kind of novel electron identity identification intelligence
The identification system of card comprising:
Identity identifies request receiving module, is used to receive the body that identity authentication terminal is issued according to the request of holder
Part identifies request;
Fingerprint authentication module is used to prompting holder to input fingerprint, and after receiving finger print information to the information into
Row verifying, then verification result is shown to holder;
Identity identifies command reception module, is used to receive the identity identification that holder issues according to the verification information and refers to
It enables;
Terminal identity certificate request and authentication module are used for identity authentication terminal requesting terminal letter of identity,
And it is verified after receiving the letter of identity, restore terminal public key, shows the result of the verifying to holder;
Card identity certificate request respond module is used to receive the request card identity that the identity authentication terminal issues
The solicited message of certificate, and the card identity certificate is responded to the identity authentication terminal, it is tested for the identity authentication terminal
Card restores card public key, and receives the verification result;
Card ciphertext generates and sending module, is used to obtain card ciphertext using the terminal public key encrypted random number,
And the card ciphertext is sent to the identity authentication terminal, for the identity authentication terminal decrypt the card ciphertext and
Terminal ciphertext is obtained using the card public key encryption random number;And receive the terminal ciphertext;
The decryption of terminal ciphertext and correction verification module, are used to decrypt the terminal ciphertext and verify, and disperse session key, and will
The verification result of the terminal ciphertext is sent to the identity authentication terminal, and it is close to disperse the session for the identity authentication terminal
Key, and receive the solicited message for request holder's identity information that the identity authentication terminal is sent;
Holder's identity information respond module is used for using described in response after session key encryption holder's identity information
Holder's identity information decrypts holder's identity information and school for the identity authentication terminal to the identity authentication terminal
It tests, receives the identity identification result that the identity authentication terminal is sent, and the identity identification result is shown to the holder.
Preferably, the identification system that the novel electron identity identifies smart card further includes card locking status checkout mould
Block, is used to check whether the card to be locked, such as unlocked, then fingerprint authentication module prompt holder's input refers to
Line, and the information is verified after receiving finger print information, then verification result is shown to holder.
The present invention also provides a kind of novel holder's identity information display methods comprising following steps:
S11, the request for receiving the display identity information that identity authentication terminal is issued according to the request of holder;
S12, prompt holder input fingerprint, and verify after receiving finger print information to the information, then will verifying
Holder is given as the result is shown;
S13, the instruction for receiving the display identity information that holder issues according to the verification information, it is then aobvious to holder
Show its identity information.
Preferably, further including checking whether the card is locked before the S12, such as unlocked rule enters step
Rapid S12 forbids the use of identity information display function if locked.
The present invention also provides a kind of novel holder's identity information display systems comprising:
The request receiving module for showing identity information, is used to receive identity authentication terminal and is sent out according to the request of holder
The request of display identity information out;
Holder's fingerprint authentication module is used to that holder to be prompted to input fingerprint, and to this after receiving finger print information
Information is verified, then verification result is shown to holder;
Identity information display module is used to receive the display identity information that holder issues according to the verification information
Instruction, then shows its identity information to holder.
Preferably, novel holder's identity information display system further includes card locking status checking module,
It is used to check whether the card to be locked, such as unlocked, then holder's fingerprint authentication module prompt holder's input
Fingerprint, and the information is verified after receiving finger print information, then verification result is shown to holder.
Compared with the existing technology, the present invention has the advantages that
The electronic identity designed in the invention identifies smart card, uses fingerprint recognition protection scheme, the two-way mirror of PKI certificate
Other scheme, each random session key scheme, while supporting display holder's identity information, USB and non-contact two can be passed through
Kind communication mode and terminal carry out information exchange;Compared with existing scheme, there is higher safety and flexible practicability.And
And the electronic identity of the present invention identifies smart card and supports national secret algorithm, all uses random session key with the session of terminal every time
Scheme resist Replay Attack, and smart identity identification function is had very high safety by holder's fingerprint protection, even if
It is obtained by other people, the electronic identity of holder can not be falsely used.
Detailed description of the invention
Fig. 1 is the flow chart of the embodiment of the present invention one;
Fig. 2 is the flow chart of the embodiment of the present invention three.
Specific embodiment
Embodiment one:
As shown in Figure 1, the present embodiment provides the discrimination methods that a kind of novel electron identity identifies smart card comprising following
Step:
It receives the identity that identity authentication terminal is issued according to the request of holder and identifies request;
Check whether the card is locked, it is such as unlocked, then prompt holder to input fingerprint, and receiving fingerprint letter
The information is verified after breath, then verification result is shown to holder;
It receives holder and instruction is identified according to the identity that the verification result issues;
To identity authentication terminal requesting terminal letter of identity, and it is tested after receiving the letter of identity
Card restores terminal public key, while showing the result of the verifying to holder;
The solicited message for the request card identity certificate that the identity authentication terminal issues is received, and responds the card body
Part certificate is verified and is restored for the identity authentication terminal card public key to the identity authentication terminal, then receive the body
The result for the verifying that part authentication terminal issues;
Card ciphertext is obtained using the terminal public key encrypted random number, and the card ciphertext is sent to the identity
Authentication terminal is decrypted the card ciphertext for the identity authentication terminal and is obtained using the card public key decryptions random number
Terminal ciphertext;Then the terminal ciphertext is received again;
It decrypts the terminal ciphertext and verifies, disperse session key, and the verification result of the terminal ciphertext is sent to
The identity authentication terminal disperses the session key for the identity authentication terminal, and receives the identity authentication terminal hair
The solicited message of the request holder's identity information sent;
Identified using holder's identity information to the identity is responded after session key encryption holder's identity information
Terminal is decrypted holder's identity information for the identity authentication terminal and is verified, and receives the identity authentication terminal and sends
Identity identification result, and the identity identification result is shown to the holder.
Embodiment two:
The present embodiment provides a kind of identification systems for identifying smart card for realizing novel electron identity comprising:
Identity identifies request receiving module, is used to receive the body that identity authentication terminal is issued according to the request of holder
Part identifies request;
Card locks status checking module and fingerprint authentication module, and the card locking status checking module is for checking institute
State whether card is locked, such as unlocked, then the fingerprint authentication module prompt holder inputs fingerprint, and is receiving fingerprint
The information is verified after information, then verification result is shown to holder;
Identity identifies command reception module, is used to receive the identity identification that holder issues according to the verification information and refers to
It enables;
Terminal identity certificate request and authentication module are used for identity authentication terminal requesting terminal letter of identity,
And it is verified after receiving the letter of identity, restore terminal public key, shows the result of the verifying to holder;
Card identity certificate request respond module is used to receive the request card identity that the identity authentication terminal issues
The solicited message of certificate, and the card identity certificate is responded to the identity authentication terminal, it is tested for the identity authentication terminal
Card restores card public key, and receives the verification result;
Card ciphertext generates and sending module, is used to obtain card ciphertext using the terminal public key encrypted random number,
And the card ciphertext is sent to the identity authentication terminal, for the identity authentication terminal decrypt the card ciphertext and
Terminal ciphertext is obtained using the card public key encryption random number;And receive the terminal ciphertext;
The decryption of terminal ciphertext and correction verification module, are used to decrypt the terminal ciphertext and verify, and disperse session key, and will
The verification result of the terminal ciphertext is sent to the identity authentication terminal, and it is close to disperse the session for the identity authentication terminal
Key;Then the solicited message for request holder's identity information that the identity authentication terminal is sent is received;
Holder's identity information respond module is used for using described in response after session key encryption holder's identity information
Holder's identity information decrypts holder's identity information and school for the identity authentication terminal to the identity authentication terminal
It tests, receives the identity identification result that the identity authentication terminal is sent, and the identity identification result is shown to the holder.
Embodiment three:
The present embodiment provides a kind of novel holder's identity information display methods, as shown in Figure 2 comprising following step
It is rapid:
Receive the request for the display identity information that identity authentication terminal is issued according to the request of holder;
Check whether the card is locked, it is such as unlocked, prompt holder to input fingerprint, and receiving finger print information
The information is verified afterwards, then verification result is shown to holder;
The instruction for receiving the display identity information that holder issues according to the verification information, then shows it to holder
Identity information.
Example IV:
The present embodiment also provides a kind of for realizing the novel of holder's identity information display methods described in embodiment three
Holder's identity information display system comprising:
The request receiving module for showing identity information, is used to receive identity authentication terminal and is sent out according to the request of holder
The request of display identity information out;
Card locks status checking module and holder's fingerprint authentication module, and the card locking status checking module is used for
Check whether the card is locked, such as unlocked, then holder's fingerprint authentication module is for prompting holder's input to refer to
Line, and the information is verified after receiving finger print information, then card locking status checking module card will be tested as the result is shown
To holder;
Identity information display module is used to receive the display identity information that holder issues according to the verification information
Instruction, then shows its identity information to holder.
The present invention carries out the authorization check that holder uses the smart card using more safety and efficient fingerprint recognition, together
When smart card electronic identity identification function and the function of display holder's identity information require the protection of fingerprint recognition;The intelligence
The electronic identity identification flow that can block uses the public key certificate mechanism based on PKI, can efficiently carry out pair of card and terminal
Identify to identity;The smart card is during to terminal transmission holder's identity information using negotiation random session key every time
Scheme, effectively resist Replay Attack;The smart card can show the identity information of holder, such as ID;The smart card branch
Hold USB and non-contact two kinds of communication modes.
It should be pointed out that for those of ordinary skill in the art, without departing from the inventive concept of the premise,
Various modifications and improvements can be made, and these are all within the scope of protection of the present invention.Therefore, the scope of protection of the patent of the present invention
It should be determined by the appended claims.
Claims (2)
1. the discrimination method that a kind of novel electron identity identifies smart card, which is characterized in that itself the following steps are included:
S1, the identity identification request that identity authentication terminal is issued according to the request of holder is received;
S2, prompt holder input fingerprint, and verify after receiving finger print information to the information, then verification result is shown
Show to holder;
S3, the identity identification instruction that holder issues according to the verification information is received;
S4, Xiang Suoshu identity authentication terminal requesting terminal letter of identity, and it is tested after receiving the letter of identity
Card restores terminal public key, shows the result of the verifying to holder;
S5, the solicited message for receiving the request card identity certificate that the identity authentication terminal issues, and respond the card body
Card public key is verified for the identity authentication terminal and restored to part certificate to the identity authentication terminal;Then it is tested described in receiving
The result of card;
S6, card ciphertext is obtained using the terminal public key encrypted random number, and the card ciphertext is sent to the identity
Authentication terminal is decrypted the card ciphertext for the identity authentication terminal and is obtained using the card public key encryption random number
Terminal ciphertext;And receive the terminal ciphertext that the identity authentication terminal is sent;
S7, the decryption terminal ciphertext simultaneously verify, and disperse session key, and the verification result of the terminal ciphertext is sent to institute
Identity authentication terminal is stated, disperses the session key for the identity authentication terminal, then receives the identity authentication terminal hair
The solicited message of the request holder's identity information sent;
S8, holder's identity information is responded to identity identification end after encrypting holder's identity information using session key
End is decrypted holder's identity information for the identity authentication terminal and is verified, and the identity authentication terminal hair is then received
The identity identification result sent, and the identity identification result is shown to the holder;
Before the S2, comprising the following steps: check whether the card is locked, it is such as unlocked, then S2 is carried out, is such as locked
It is fixed, then forbid the use of card identity identification system.
2. the identification system that a kind of novel electron identity identifies smart card, it is characterised in that: include:
Identity identifies request receiving module, is used to receive the identity mirror that identity authentication terminal is issued according to the request of holder
It does not invite and asks;
Fingerprint authentication module is used to that holder to be prompted to input fingerprint, and tests after receiving finger print information the information
Card, then verification result is shown to holder;
Identity identifies command reception module, is used to receive holder according to the identity that the verification information issues and identifies instruction;
Terminal identity certificate request and authentication module are used for identity authentication terminal requesting terminal letter of identity, and
It is verified after receiving the letter of identity, restores terminal public key, shows the result of the verifying to holder;
Card identity certificate request respond module is used to receive the request card identity certificate that the identity authentication terminal issues
Solicited message, and respond the card identity certificate to the identity authentication terminal, for identity authentication terminal verifying and
Restore card public key, then receives the result of the verifying;
Card ciphertext generates and sending module, is used to obtain card ciphertext using the terminal public key encrypted random number, and will
The card ciphertext is sent to the identity authentication terminal, decrypts the card ciphertext and utilization for the identity authentication terminal
The card public key encryption random number obtains terminal ciphertext;Then it is close to receive the terminal that the identity authentication terminal is sent
Text;
The decryption of terminal ciphertext and correction verification module, are used to decrypt the terminal ciphertext and verify, and disperse session key, and will be described
The verification result of terminal ciphertext is sent to the identity authentication terminal, disperses the session key for the identity authentication terminal,
Then the solicited message for request holder's identity information that the identity authentication terminal is sent is received;
Holder's identity information respond module is used to hold using described in response after session key encryption holder's identity information
People's identity information is decrypted holder's identity information for the identity authentication terminal and is verified to the identity authentication terminal,
Then the identity identification result that the identity authentication terminal is sent is received, and the identity identification result is shown to described hold
People;
The identification system that the novel electron identity identifies smart card further includes card locking status checking module, is used to check
Whether the card is locked, such as unlocked, then the fingerprint authentication module prompt holder inputs fingerprint, and refers to receiving
The information is verified after line information, then verification result is shown to holder.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510701503.6A CN105357667B (en) | 2015-10-22 | 2015-10-22 | A kind of novel electron identity identifies smart card and discrimination method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510701503.6A CN105357667B (en) | 2015-10-22 | 2015-10-22 | A kind of novel electron identity identifies smart card and discrimination method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105357667A CN105357667A (en) | 2016-02-24 |
CN105357667B true CN105357667B (en) | 2019-04-30 |
Family
ID=55333500
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510701503.6A Active CN105357667B (en) | 2015-10-22 | 2015-10-22 | A kind of novel electron identity identifies smart card and discrimination method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105357667B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106778326A (en) * | 2016-11-28 | 2017-05-31 | 福建升腾资讯有限公司 | A kind of method and system for realizing movable storage device protection |
CN109068324B (en) * | 2018-09-25 | 2022-04-08 | 北京仁信证科技有限公司 | Identity authentication system and identity authentication method based on NB-iot module |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101436247A (en) * | 2007-11-12 | 2009-05-20 | 中国长城计算机深圳股份有限公司 | Biological personal identification method and system based on UEFI |
CN202044242U (en) * | 2011-04-29 | 2011-11-23 | 山东中创软件工程股份有限公司 | Visual acuity detector based on fingerprint recognition |
CN102916968A (en) * | 2012-10-29 | 2013-02-06 | 北京天诚盛业科技有限公司 | Identity authentication method, identity authentication server and identity authentication device |
CN103813333A (en) * | 2014-02-21 | 2014-05-21 | 天地融科技股份有限公司 | Data processing method based on negotiation keys |
US8868923B1 (en) * | 2010-07-28 | 2014-10-21 | Sandia Corporation | Multi-factor authentication |
-
2015
- 2015-10-22 CN CN201510701503.6A patent/CN105357667B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101436247A (en) * | 2007-11-12 | 2009-05-20 | 中国长城计算机深圳股份有限公司 | Biological personal identification method and system based on UEFI |
US8868923B1 (en) * | 2010-07-28 | 2014-10-21 | Sandia Corporation | Multi-factor authentication |
CN202044242U (en) * | 2011-04-29 | 2011-11-23 | 山东中创软件工程股份有限公司 | Visual acuity detector based on fingerprint recognition |
CN102916968A (en) * | 2012-10-29 | 2013-02-06 | 北京天诚盛业科技有限公司 | Identity authentication method, identity authentication server and identity authentication device |
CN103813333A (en) * | 2014-02-21 | 2014-05-21 | 天地融科技股份有限公司 | Data processing method based on negotiation keys |
Also Published As
Publication number | Publication date |
---|---|
CN105357667A (en) | 2016-02-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108551455B (en) | Configuration method and device of smart card | |
CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
CN105989386B (en) | A kind of method and apparatus for reading and writing radio frequency identification card | |
CN101483654A (en) | Method and system for implementing authentication and data safe transmission | |
US11636478B2 (en) | Method of performing authentication for a transaction and a system thereof | |
CN105245340A (en) | Identity authentication method based on remote account opening and system | |
US10044684B2 (en) | Server for authenticating smart chip and method thereof | |
CN106850207B (en) | Identity identifying method and system without CA | |
CN101262349A (en) | SMS-based identity authentication method and device | |
CN109379189A (en) | Block chain account cipher key backup and restoration methods, device, terminal and system | |
CN102664898A (en) | Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system | |
CN102123027A (en) | Information security processing method and mobile terminal | |
CN103914913A (en) | Intelligent card application scene recognition method and system | |
CN101964805B (en) | Method, equipment and system for safely sending and receiving data | |
CN104935441A (en) | Authentication method and relevant devices and systems | |
CN102739403A (en) | Identity authentication method and device for dynamic token | |
CN104408620A (en) | Safe NFC (near field communication) payment method and safe NFC payment system | |
CN106789024A (en) | A kind of remote de-locking method, device and system | |
CN102970676A (en) | Method for processing original data, internet of thing system and terminal | |
CN108401494B (en) | Method and system for transmitting data | |
CN105407467A (en) | Short message encryption methods, devices and system | |
CN110176989B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool | |
CN103596175A (en) | Mobile intelligent terminal certification system and method based on near field communication technology | |
CN105357667B (en) | A kind of novel electron identity identifies smart card and discrimination method | |
CN107888376B (en) | NFC authentication system based on quantum communication network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information |
Inventor after: Li Zumeng Inventor after: Shi Weizhou Inventor after: Zhang Xiaochuan Inventor before: Li Zumeng Inventor before: Shi Weizhou |
|
COR | Change of bibliographic data | ||
GR01 | Patent grant | ||
GR01 | Patent grant |