CN105357667B - A kind of novel electron identity identifies smart card and discrimination method - Google Patents

A kind of novel electron identity identifies smart card and discrimination method Download PDF

Info

Publication number
CN105357667B
CN105357667B CN201510701503.6A CN201510701503A CN105357667B CN 105357667 B CN105357667 B CN 105357667B CN 201510701503 A CN201510701503 A CN 201510701503A CN 105357667 B CN105357667 B CN 105357667B
Authority
CN
China
Prior art keywords
identity
holder
terminal
card
authentication terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510701503.6A
Other languages
Chinese (zh)
Other versions
CN105357667A (en
Inventor
李祖猛
施伟周
张晓川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eastcompeace Technology Co Ltd
Original Assignee
Eastcompeace Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eastcompeace Technology Co Ltd filed Critical Eastcompeace Technology Co Ltd
Priority to CN201510701503.6A priority Critical patent/CN105357667B/en
Publication of CN105357667A publication Critical patent/CN105357667A/en
Application granted granted Critical
Publication of CN105357667B publication Critical patent/CN105357667B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Abstract

The present invention provides a kind of novel electron identity identification smart card; and devise a kind of authentication schemes that identity is mutually confirmed using the smart card and terminal; the electronic identity smart card supports national secret algorithm; the scheme of random session key is all used to resist Replay Attack with the session of terminal every time; and smart identity identification function is by holder's fingerprint protection; with very high safety, even if being obtained by other people, the electronic identity of holder can not be falsely used.Meanwhile the smart card is supported to check the identity information for the holder being stored in inside safety chip, can pass through USB and contactless communication two ways interactive information with terminal.

Description

A kind of novel electron identity identifies smart card and discrimination method
Technical field
The present invention relates to technical field of intelligent card, and in particular to a kind of novel electron identity identifies smart card and identification side Method.
Background technique
Existing electronic identity identifies smart card and requires input password, cannot resist guessing attack, and need Holder periodically changes and remembers password, it has not been convenient to also not safe enough.Meanwhile existing electronic identity identifies smart card and does not support The function of display and inquiry cardholder information.In addition, the cardholder information stored in existing identity identification smart card is simpler It is single, do not store the information such as photo and the fingerprint of holder.
Summary of the invention
To solve prior art defect and deficiency, it is an object of the invention to provide a kind of safer electronic identity mirror Other smart card and discrimination method.
The purpose of the present invention is what is be achieved through the following technical solutions:
A kind of novel electron identity identifies the discrimination method of smart card comprising following steps:
S1, the identity identification request that identity authentication terminal is issued according to the request of holder is received;
S2, prompt holder input fingerprint, and verify after receiving finger print information to the information, then verifying is tied Fruit is shown to holder;
S3, the identity identification instruction that holder issues according to the verification information is received;
S4, Xiang Suoshu identity authentication terminal requesting terminal letter of identity, and after receiving the letter of identity to its into Row verifying, restores terminal public key, shows the result of the verifying to holder;
S5, the solicited message for receiving the request card identity certificate that the identity authentication terminal issues, and respond the card Piece letter of identity is verified and is restored for the identity authentication terminal card public key to the identity authentication terminal, then receive institute State the result of verifying;
S6, it obtains card ciphertext using the terminal public key encrypted random number, and the card ciphertext is sent to described Identity authentication terminal decrypts the card ciphertext for the identity authentication terminal and utilizes the card public key encryption random number Obtain terminal ciphertext;Then the terminal ciphertext is received;
S7, the decryption terminal ciphertext simultaneously verify, and disperse session key, and the verification result of the terminal ciphertext is sent To the identity authentication terminal, disperse the session key for the identity authentication terminal, then receives the identity and identify eventually The solicited message for request holder's identity information that end is sent;
S8 responds holder's identity information to the identity after utilizing session key to encrypt holder's identity information and reflects Other terminal is decrypted holder's identity information for the identity authentication terminal and is verified, and the identity authentication terminal hair is received The identity identification result sent, and the identity identification result is shown to the holder.
Preferably, before the S2, comprising the following steps: check whether the card is locked, it is such as unlocked, then S2 is carried out, such as locks, then forbids the use of card identity identification system.The present invention provides a kind of novel electron identity identification intelligence The identification system of card comprising:
Identity identifies request receiving module, is used to receive the body that identity authentication terminal is issued according to the request of holder Part identifies request;
Fingerprint authentication module is used to prompting holder to input fingerprint, and after receiving finger print information to the information into Row verifying, then verification result is shown to holder;
Identity identifies command reception module, is used to receive the identity identification that holder issues according to the verification information and refers to It enables;
Terminal identity certificate request and authentication module are used for identity authentication terminal requesting terminal letter of identity, And it is verified after receiving the letter of identity, restore terminal public key, shows the result of the verifying to holder;
Card identity certificate request respond module is used to receive the request card identity that the identity authentication terminal issues The solicited message of certificate, and the card identity certificate is responded to the identity authentication terminal, it is tested for the identity authentication terminal Card restores card public key, and receives the verification result;
Card ciphertext generates and sending module, is used to obtain card ciphertext using the terminal public key encrypted random number, And the card ciphertext is sent to the identity authentication terminal, for the identity authentication terminal decrypt the card ciphertext and Terminal ciphertext is obtained using the card public key encryption random number;And receive the terminal ciphertext;
The decryption of terminal ciphertext and correction verification module, are used to decrypt the terminal ciphertext and verify, and disperse session key, and will The verification result of the terminal ciphertext is sent to the identity authentication terminal, and it is close to disperse the session for the identity authentication terminal Key, and receive the solicited message for request holder's identity information that the identity authentication terminal is sent;
Holder's identity information respond module is used for using described in response after session key encryption holder's identity information Holder's identity information decrypts holder's identity information and school for the identity authentication terminal to the identity authentication terminal It tests, receives the identity identification result that the identity authentication terminal is sent, and the identity identification result is shown to the holder.
Preferably, the identification system that the novel electron identity identifies smart card further includes card locking status checkout mould Block, is used to check whether the card to be locked, such as unlocked, then fingerprint authentication module prompt holder's input refers to Line, and the information is verified after receiving finger print information, then verification result is shown to holder.
The present invention also provides a kind of novel holder's identity information display methods comprising following steps:
S11, the request for receiving the display identity information that identity authentication terminal is issued according to the request of holder;
S12, prompt holder input fingerprint, and verify after receiving finger print information to the information, then will verifying Holder is given as the result is shown;
S13, the instruction for receiving the display identity information that holder issues according to the verification information, it is then aobvious to holder Show its identity information.
Preferably, further including checking whether the card is locked before the S12, such as unlocked rule enters step Rapid S12 forbids the use of identity information display function if locked.
The present invention also provides a kind of novel holder's identity information display systems comprising:
The request receiving module for showing identity information, is used to receive identity authentication terminal and is sent out according to the request of holder The request of display identity information out;
Holder's fingerprint authentication module is used to that holder to be prompted to input fingerprint, and to this after receiving finger print information Information is verified, then verification result is shown to holder;
Identity information display module is used to receive the display identity information that holder issues according to the verification information Instruction, then shows its identity information to holder.
Preferably, novel holder's identity information display system further includes card locking status checking module, It is used to check whether the card to be locked, such as unlocked, then holder's fingerprint authentication module prompt holder's input Fingerprint, and the information is verified after receiving finger print information, then verification result is shown to holder.
Compared with the existing technology, the present invention has the advantages that
The electronic identity designed in the invention identifies smart card, uses fingerprint recognition protection scheme, the two-way mirror of PKI certificate Other scheme, each random session key scheme, while supporting display holder's identity information, USB and non-contact two can be passed through Kind communication mode and terminal carry out information exchange;Compared with existing scheme, there is higher safety and flexible practicability.And And the electronic identity of the present invention identifies smart card and supports national secret algorithm, all uses random session key with the session of terminal every time Scheme resist Replay Attack, and smart identity identification function is had very high safety by holder's fingerprint protection, even if It is obtained by other people, the electronic identity of holder can not be falsely used.
Detailed description of the invention
Fig. 1 is the flow chart of the embodiment of the present invention one;
Fig. 2 is the flow chart of the embodiment of the present invention three.
Specific embodiment
Embodiment one:
As shown in Figure 1, the present embodiment provides the discrimination methods that a kind of novel electron identity identifies smart card comprising following Step:
It receives the identity that identity authentication terminal is issued according to the request of holder and identifies request;
Check whether the card is locked, it is such as unlocked, then prompt holder to input fingerprint, and receiving fingerprint letter The information is verified after breath, then verification result is shown to holder;
It receives holder and instruction is identified according to the identity that the verification result issues;
To identity authentication terminal requesting terminal letter of identity, and it is tested after receiving the letter of identity Card restores terminal public key, while showing the result of the verifying to holder;
The solicited message for the request card identity certificate that the identity authentication terminal issues is received, and responds the card body Part certificate is verified and is restored for the identity authentication terminal card public key to the identity authentication terminal, then receive the body The result for the verifying that part authentication terminal issues;
Card ciphertext is obtained using the terminal public key encrypted random number, and the card ciphertext is sent to the identity Authentication terminal is decrypted the card ciphertext for the identity authentication terminal and is obtained using the card public key decryptions random number Terminal ciphertext;Then the terminal ciphertext is received again;
It decrypts the terminal ciphertext and verifies, disperse session key, and the verification result of the terminal ciphertext is sent to The identity authentication terminal disperses the session key for the identity authentication terminal, and receives the identity authentication terminal hair The solicited message of the request holder's identity information sent;
Identified using holder's identity information to the identity is responded after session key encryption holder's identity information Terminal is decrypted holder's identity information for the identity authentication terminal and is verified, and receives the identity authentication terminal and sends Identity identification result, and the identity identification result is shown to the holder.
Embodiment two:
The present embodiment provides a kind of identification systems for identifying smart card for realizing novel electron identity comprising:
Identity identifies request receiving module, is used to receive the body that identity authentication terminal is issued according to the request of holder Part identifies request;
Card locks status checking module and fingerprint authentication module, and the card locking status checking module is for checking institute State whether card is locked, such as unlocked, then the fingerprint authentication module prompt holder inputs fingerprint, and is receiving fingerprint The information is verified after information, then verification result is shown to holder;
Identity identifies command reception module, is used to receive the identity identification that holder issues according to the verification information and refers to It enables;
Terminal identity certificate request and authentication module are used for identity authentication terminal requesting terminal letter of identity, And it is verified after receiving the letter of identity, restore terminal public key, shows the result of the verifying to holder;
Card identity certificate request respond module is used to receive the request card identity that the identity authentication terminal issues The solicited message of certificate, and the card identity certificate is responded to the identity authentication terminal, it is tested for the identity authentication terminal Card restores card public key, and receives the verification result;
Card ciphertext generates and sending module, is used to obtain card ciphertext using the terminal public key encrypted random number, And the card ciphertext is sent to the identity authentication terminal, for the identity authentication terminal decrypt the card ciphertext and Terminal ciphertext is obtained using the card public key encryption random number;And receive the terminal ciphertext;
The decryption of terminal ciphertext and correction verification module, are used to decrypt the terminal ciphertext and verify, and disperse session key, and will The verification result of the terminal ciphertext is sent to the identity authentication terminal, and it is close to disperse the session for the identity authentication terminal Key;Then the solicited message for request holder's identity information that the identity authentication terminal is sent is received;
Holder's identity information respond module is used for using described in response after session key encryption holder's identity information Holder's identity information decrypts holder's identity information and school for the identity authentication terminal to the identity authentication terminal It tests, receives the identity identification result that the identity authentication terminal is sent, and the identity identification result is shown to the holder.
Embodiment three:
The present embodiment provides a kind of novel holder's identity information display methods, as shown in Figure 2 comprising following step It is rapid:
Receive the request for the display identity information that identity authentication terminal is issued according to the request of holder;
Check whether the card is locked, it is such as unlocked, prompt holder to input fingerprint, and receiving finger print information The information is verified afterwards, then verification result is shown to holder;
The instruction for receiving the display identity information that holder issues according to the verification information, then shows it to holder Identity information.
Example IV:
The present embodiment also provides a kind of for realizing the novel of holder's identity information display methods described in embodiment three Holder's identity information display system comprising:
The request receiving module for showing identity information, is used to receive identity authentication terminal and is sent out according to the request of holder The request of display identity information out;
Card locks status checking module and holder's fingerprint authentication module, and the card locking status checking module is used for Check whether the card is locked, such as unlocked, then holder's fingerprint authentication module is for prompting holder's input to refer to Line, and the information is verified after receiving finger print information, then card locking status checking module card will be tested as the result is shown To holder;
Identity information display module is used to receive the display identity information that holder issues according to the verification information Instruction, then shows its identity information to holder.
The present invention carries out the authorization check that holder uses the smart card using more safety and efficient fingerprint recognition, together When smart card electronic identity identification function and the function of display holder's identity information require the protection of fingerprint recognition;The intelligence The electronic identity identification flow that can block uses the public key certificate mechanism based on PKI, can efficiently carry out pair of card and terminal Identify to identity;The smart card is during to terminal transmission holder's identity information using negotiation random session key every time Scheme, effectively resist Replay Attack;The smart card can show the identity information of holder, such as ID;The smart card branch Hold USB and non-contact two kinds of communication modes.
It should be pointed out that for those of ordinary skill in the art, without departing from the inventive concept of the premise, Various modifications and improvements can be made, and these are all within the scope of protection of the present invention.Therefore, the scope of protection of the patent of the present invention It should be determined by the appended claims.

Claims (2)

1. the discrimination method that a kind of novel electron identity identifies smart card, which is characterized in that itself the following steps are included:
S1, the identity identification request that identity authentication terminal is issued according to the request of holder is received;
S2, prompt holder input fingerprint, and verify after receiving finger print information to the information, then verification result is shown Show to holder;
S3, the identity identification instruction that holder issues according to the verification information is received;
S4, Xiang Suoshu identity authentication terminal requesting terminal letter of identity, and it is tested after receiving the letter of identity Card restores terminal public key, shows the result of the verifying to holder;
S5, the solicited message for receiving the request card identity certificate that the identity authentication terminal issues, and respond the card body Card public key is verified for the identity authentication terminal and restored to part certificate to the identity authentication terminal;Then it is tested described in receiving The result of card;
S6, card ciphertext is obtained using the terminal public key encrypted random number, and the card ciphertext is sent to the identity Authentication terminal is decrypted the card ciphertext for the identity authentication terminal and is obtained using the card public key encryption random number Terminal ciphertext;And receive the terminal ciphertext that the identity authentication terminal is sent;
S7, the decryption terminal ciphertext simultaneously verify, and disperse session key, and the verification result of the terminal ciphertext is sent to institute Identity authentication terminal is stated, disperses the session key for the identity authentication terminal, then receives the identity authentication terminal hair The solicited message of the request holder's identity information sent;
S8, holder's identity information is responded to identity identification end after encrypting holder's identity information using session key End is decrypted holder's identity information for the identity authentication terminal and is verified, and the identity authentication terminal hair is then received The identity identification result sent, and the identity identification result is shown to the holder;
Before the S2, comprising the following steps: check whether the card is locked, it is such as unlocked, then S2 is carried out, is such as locked It is fixed, then forbid the use of card identity identification system.
2. the identification system that a kind of novel electron identity identifies smart card, it is characterised in that: include:
Identity identifies request receiving module, is used to receive the identity mirror that identity authentication terminal is issued according to the request of holder It does not invite and asks;
Fingerprint authentication module is used to that holder to be prompted to input fingerprint, and tests after receiving finger print information the information Card, then verification result is shown to holder;
Identity identifies command reception module, is used to receive holder according to the identity that the verification information issues and identifies instruction;
Terminal identity certificate request and authentication module are used for identity authentication terminal requesting terminal letter of identity, and It is verified after receiving the letter of identity, restores terminal public key, shows the result of the verifying to holder;
Card identity certificate request respond module is used to receive the request card identity certificate that the identity authentication terminal issues Solicited message, and respond the card identity certificate to the identity authentication terminal, for identity authentication terminal verifying and Restore card public key, then receives the result of the verifying;
Card ciphertext generates and sending module, is used to obtain card ciphertext using the terminal public key encrypted random number, and will The card ciphertext is sent to the identity authentication terminal, decrypts the card ciphertext and utilization for the identity authentication terminal The card public key encryption random number obtains terminal ciphertext;Then it is close to receive the terminal that the identity authentication terminal is sent Text;
The decryption of terminal ciphertext and correction verification module, are used to decrypt the terminal ciphertext and verify, and disperse session key, and will be described The verification result of terminal ciphertext is sent to the identity authentication terminal, disperses the session key for the identity authentication terminal, Then the solicited message for request holder's identity information that the identity authentication terminal is sent is received;
Holder's identity information respond module is used to hold using described in response after session key encryption holder's identity information People's identity information is decrypted holder's identity information for the identity authentication terminal and is verified to the identity authentication terminal, Then the identity identification result that the identity authentication terminal is sent is received, and the identity identification result is shown to described hold People;
The identification system that the novel electron identity identifies smart card further includes card locking status checking module, is used to check Whether the card is locked, such as unlocked, then the fingerprint authentication module prompt holder inputs fingerprint, and refers to receiving The information is verified after line information, then verification result is shown to holder.
CN201510701503.6A 2015-10-22 2015-10-22 A kind of novel electron identity identifies smart card and discrimination method Active CN105357667B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510701503.6A CN105357667B (en) 2015-10-22 2015-10-22 A kind of novel electron identity identifies smart card and discrimination method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510701503.6A CN105357667B (en) 2015-10-22 2015-10-22 A kind of novel electron identity identifies smart card and discrimination method

Publications (2)

Publication Number Publication Date
CN105357667A CN105357667A (en) 2016-02-24
CN105357667B true CN105357667B (en) 2019-04-30

Family

ID=55333500

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510701503.6A Active CN105357667B (en) 2015-10-22 2015-10-22 A kind of novel electron identity identifies smart card and discrimination method

Country Status (1)

Country Link
CN (1) CN105357667B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778326A (en) * 2016-11-28 2017-05-31 福建升腾资讯有限公司 A kind of method and system for realizing movable storage device protection
CN109068324B (en) * 2018-09-25 2022-04-08 北京仁信证科技有限公司 Identity authentication system and identity authentication method based on NB-iot module

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436247A (en) * 2007-11-12 2009-05-20 中国长城计算机深圳股份有限公司 Biological personal identification method and system based on UEFI
CN202044242U (en) * 2011-04-29 2011-11-23 山东中创软件工程股份有限公司 Visual acuity detector based on fingerprint recognition
CN102916968A (en) * 2012-10-29 2013-02-06 北京天诚盛业科技有限公司 Identity authentication method, identity authentication server and identity authentication device
CN103813333A (en) * 2014-02-21 2014-05-21 天地融科技股份有限公司 Data processing method based on negotiation keys
US8868923B1 (en) * 2010-07-28 2014-10-21 Sandia Corporation Multi-factor authentication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436247A (en) * 2007-11-12 2009-05-20 中国长城计算机深圳股份有限公司 Biological personal identification method and system based on UEFI
US8868923B1 (en) * 2010-07-28 2014-10-21 Sandia Corporation Multi-factor authentication
CN202044242U (en) * 2011-04-29 2011-11-23 山东中创软件工程股份有限公司 Visual acuity detector based on fingerprint recognition
CN102916968A (en) * 2012-10-29 2013-02-06 北京天诚盛业科技有限公司 Identity authentication method, identity authentication server and identity authentication device
CN103813333A (en) * 2014-02-21 2014-05-21 天地融科技股份有限公司 Data processing method based on negotiation keys

Also Published As

Publication number Publication date
CN105357667A (en) 2016-02-24

Similar Documents

Publication Publication Date Title
CN108551455B (en) Configuration method and device of smart card
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
CN105989386B (en) A kind of method and apparatus for reading and writing radio frequency identification card
CN101483654A (en) Method and system for implementing authentication and data safe transmission
US11636478B2 (en) Method of performing authentication for a transaction and a system thereof
CN105245340A (en) Identity authentication method based on remote account opening and system
US10044684B2 (en) Server for authenticating smart chip and method thereof
CN106850207B (en) Identity identifying method and system without CA
CN101262349A (en) SMS-based identity authentication method and device
CN109379189A (en) Block chain account cipher key backup and restoration methods, device, terminal and system
CN102664898A (en) Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system
CN102123027A (en) Information security processing method and mobile terminal
CN103914913A (en) Intelligent card application scene recognition method and system
CN101964805B (en) Method, equipment and system for safely sending and receiving data
CN104935441A (en) Authentication method and relevant devices and systems
CN102739403A (en) Identity authentication method and device for dynamic token
CN104408620A (en) Safe NFC (near field communication) payment method and safe NFC payment system
CN106789024A (en) A kind of remote de-locking method, device and system
CN102970676A (en) Method for processing original data, internet of thing system and terminal
CN108401494B (en) Method and system for transmitting data
CN105407467A (en) Short message encryption methods, devices and system
CN110176989B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool
CN103596175A (en) Mobile intelligent terminal certification system and method based on near field communication technology
CN105357667B (en) A kind of novel electron identity identifies smart card and discrimination method
CN107888376B (en) NFC authentication system based on quantum communication network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Li Zumeng

Inventor after: Shi Weizhou

Inventor after: Zhang Xiaochuan

Inventor before: Li Zumeng

Inventor before: Shi Weizhou

COR Change of bibliographic data
GR01 Patent grant
GR01 Patent grant