CN105488367B - A kind of guard method, backstage and the system of SAM device - Google Patents
A kind of guard method, backstage and the system of SAM device Download PDFInfo
- Publication number
- CN105488367B CN105488367B CN201510799008.3A CN201510799008A CN105488367B CN 105488367 B CN105488367 B CN 105488367B CN 201510799008 A CN201510799008 A CN 201510799008A CN 105488367 B CN105488367 B CN 105488367B
- Authority
- CN
- China
- Prior art keywords
- card
- sam
- identity
- information
- card reader
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The present invention provides guard method, backstage and the system of a kind of SAM device, this method comprises: backstage receives the certification request that the card reader of ID card without SAM module is sent;Card reader authentication information and the first ID card information are included at least in the certification request;The backstage carries out safety certification to the card reader of ID card without SAM module according to the card reader authentication information in the certification request, and is confirmed according to first ID card information in the certification request to the authenticity of the identity card;After passing through to the card reader of ID card safety certification without SAM module, and after the authenticity validation to the identity card, indicate that the SAM device executes the process for obtaining resident identification card data.The present invention can be avoided SAM device and further improve the safety of SAM device in addition, backstage also carries out risk control management to card reader by the rogue attacks of card reader.
Description
Technical field
The present invention relates to a kind of electronic technology field more particularly to a kind of guard method, backstage and the systems of SAM device.
Background technique
Existing front end card reader of ID card has at least two modules, including read through model and SAM (residential identity results
Demonstrate,prove security control) module.Since each front end card reader of ID card is respectively provided with SAM module, existing front end identity card is read
The manufacturing cost of card device is high;Also, a SAM module can only carry out identity to the resident identification card information that a read through model is read
Verifying, therefore, existing front end card reader of ID card utilization rate is lower, to solve this problem, occurs improvement project at present: preceding
Holding card reader of ID card no longer includes SAM module, SAM module is set to backstage side, to promote the utilization rate of SAM module.
However the network environment due to being in from the background is open network, any card reader can request backstage to make its access
SAM module, this just greatly improves the security risk of SAM module, once SAM module is broken through by illegal card reader, in SAM module
The identity card root certificate of storage will be stolen or even be distorted by criminal, and consequence is hardly imaginable.
Summary of the invention
Present invention seek to address that the above problem.
The main purpose of the present invention is to provide a kind of guard methods of SAM device.
Another object of the present invention is to provide a kind of for protecting the backstage of SAM device.
Another object of the present invention is to provide a kind of protection systems of SAM device.
In order to achieve the above objectives, technical solution of the present invention is specifically achieved in that
One aspect of the present invention provides a kind of guard method of SAM device, comprising: is received from the background without SAM module
Card reader of ID card send certification request;It is included at least in the certification request: card reader authentication information and the first body
Part card information;The backstage is according to the card reader authentication information in the certification request to described without SAM module
Card reader of ID card carries out safety certification, and according to first ID card information in the certification request to the identity card
Authenticity confirmed;After passing through to the card reader of ID card safety certification without SAM module, and to described
After the authenticity validation of identity card, indicate that the SAM device executes the process for obtaining resident identification card data.
Optionally, first ID card information includes: identity card essential information and/or authentication ids information.
Optionally, the identity card essential information includes at least following one: identity card card mark, identity card application number
According to identity card presupposed information.
Optionally, the backstage is according to first ID card information in the certification request to the true of the identity card
Reality is confirmed, comprising:
The identity card essential information in first ID card information is sent to Ministry of Public Security backstage by the backstage, is connect
Receive the confirmation message for the corresponding identity card necessary being of the identity card essential information that the Ministry of Public Security backstage returns, confirmation
The identity card is true;Alternatively,
First ID card information is sent to the SAM device by the backstage, receives what the SAM device returned
Confirmation message after being passed through according to first ID card information to the authentication ids confirms that the identity card is true.
Optionally, the method also includes: the backstage obtains the management access information of the identity card;The identity card
Management access information include at least one of: the card management information of the identity card, the access of the history of the identity card
Number, the identity card are currently accessed position, the history on-position of the identity card, when being currently accessed of the identity card
Between and the identity card currency transaction information;The backstage is according to the management access information of the identity card according to preset strategy
Risk control management is carried out to identity card and the card reader.
Optionally, the backstage according to the management access information of the identity card according to preset strategy to the identity card and
The card reader carries out risk control management, includes at least one of following manner:
Judge whether the identity card is illegal identity card according to the card management information of the identity card, if so,
Risk control management then is carried out to the identity card or the card reader;
Judge the identity card is currently accessed whether position belongs to predeterminable area, if be not belonging to, to the identity
Card or the card reader carry out risk control management;
Judge whether the transaction amount in the currency transaction information of the identity card exceeds consumption limitation, if it is, right
The identity card or the card reader carry out risk control management;
Judge the identity card is currently accessed whether the time was within the scope of preset turn-on time, if it is, right
The identity card or the card reader carry out risk control management;
Within a preset period of time, whether the history access number of the identity card is more than preset times threshold value for judgement, if
It is that risk control management then is carried out to the identity card or the card reader;
Judgement within a preset period of time, the identity card continuously access the on-position of the SAM device distance whether
More than pre-determined distance, if it is, carrying out risk control management to the identity card or the card reader.
Optionally, the method also includes: the backstage obtains the management access information of the card reader;The card reader
Management access information include at least one of: the device management information of the card reader, the card reader history access
Number, the card reader are currently accessed position, the history on-position of the card reader, when being currently accessed of the card reader
Between, the Transaction Information of the card reader;According to the management access information of the card reader, according to preset strategy to the card reader
Carry out risk control management.
Optionally, the management access information according to the card reader carries out wind to the card reader according to preset strategy
Danger control management, includes at least one of following manner:
Judge whether the card reader is put on the blacklist or whether has been more than the normal use time limit, if it is, to institute
It states card reader and carries out risk control management;
Judge whether the on-position of the card reader belongs to predeterminable area, if be not belonging to, to the card reader into
Row risk control management;
Judge whether the transaction amount in the Transaction Information of the card reader exceeds consumption limitation, if it is, to described
Card reader carries out risk control management;
Judge the card reader is currently accessed whether the time was within the scope of preset turn-on time, if it is, right
The card reader carries out risk control management;
Within a preset period of time, whether the access number of the card reader is more than preset times, if it is, to institute for judgement
It states card reader and carries out risk control management;
Judgement within a preset period of time, the card reader continuously access the on-position of the SAM device distance whether
More than pre-determined distance, if it is, carrying out risk control management to the card reader.
Optionally, it is described the card reader of ID card safety certification without SAM module is passed through after, and to institute
After the authenticity validation for stating identity card, before the instruction SAM device executes the process for obtaining resident identification card data,
The method also includes: exit passageway is established with the card reader of ID card without SAM module in the backstage;The method
Further include: during the SAM device executes the process for obtaining resident identification card data, the backstage does not have with described
The card reader of ID card of SAM module transmits the number transmitted between the identity card and the SAM device using the exit passageway
According to.
Another aspect of the present invention provides a kind of for protecting the backstage of SAM device, comprising: reception device, for receiving
The certification request that card reader of ID card without SAM module is sent includes at least in the certification request: card reader certification letter
Breath and the first ID card information;Authentication device, for according to the card reader authentication information in the certification request to institute
It states the card reader of ID card without SAM module and carries out safety certification, and according to first identity in the certification request
Card information confirms the authenticity of the identity card;Access device, for not having SAM to described in the authentication device
After the card reader of ID card safety certification of module passes through, and after the authenticity validation to the identity card, the SAM dress is indicated
Set the process for executing and obtaining resident identification card data.
Optionally, the backstage further include: the SAM device, for holding after the instruction for receiving the access device
Row obtains the process of resident identification card data.
Optionally, first ID card information includes: identity card essential information and/or authentication ids information.
Optionally, the identity card essential information includes at least following one: identity card card mark, identity card application number
According to identity card presupposed information.
Optionally, the authentication device, for according to first ID card information in the certification request to described
The authenticity of identity card is confirmed, comprising:
The authentication device, for the identity card essential information in first ID card information to be sent to public security
Portion backstage receives the confirmation for the corresponding identity card necessary being of the identity card essential information that the Ministry of Public Security backstage returns
Information confirms that the identity card is true;Alternatively,
The authentication device receives the SAM for first ID card information to be sent to the SAM device
Device return the authentication ids are passed through according to first ID card information after confirmation message, confirm the identity
Card is true.
Optionally, the backstage further include: risk control device, for obtaining the management access information of the identity card;
Risk control management is carried out to identity card and the card reader according to preset strategy according to the management access information of the identity card.
Optionally, the management access information of the identity card includes at least one of: the card management of the identity card
Information, the history of the identity card access the history access digit for being currently accessed position, the identity card of number, the identity card
It sets, the currency transaction information for being currently accessed time and the identity card of the identity card;
The risk control device, for the management access information according to the identity card according to preset strategy to the body
Part card and the card reader carry out risk control management, include at least one of following manner:
Judge whether the identity card is illegal identity card according to the card management information of the identity card, if so,
Risk control management then is carried out to the identity card or the card reader;
Judge the identity card is currently accessed whether position belongs to predeterminable area, if be not belonging to, to the identity
Card or the card reader carry out risk control management;
Judge whether the transaction amount in the currency transaction information of the identity card exceeds consumption limitation, if it is, right
The identity card or the card reader carry out risk control management;
Judge the identity card is currently accessed whether the time was within the scope of preset turn-on time, if it is, right
The identity card or the card reader carry out risk control management;
Within a preset period of time, whether the history access number of the identity card is more than preset times threshold value for judgement, if
It is that risk control management then is carried out to the identity card or the card reader;
Judgement within a preset period of time, the identity card continuously access the on-position of the SAM device distance whether
More than pre-determined distance, if it is, carrying out risk control management to the identity card or the card reader.
Optionally, the risk control device is also used to obtain the management access information of the card reader, and according to described
The management access information of card reader carries out risk control management to the card reader according to preset strategy.
Optionally, the management access information of the card reader includes at least one of: the equipment management of the card reader
Information, the history of the card reader access the history access digit for being currently accessed position, the card reader of number, the card reader
It sets, the Transaction Information for being currently accessed time, the card reader of the card reader;
The risk control device is according to the management access information of the card reader according to preset strategy to the card reader
The mode for carrying out risk control management includes at least following one:
Judge whether the card reader is put on the blacklist or whether has been more than the normal use time limit, if it is, to institute
It states card reader and carries out risk control management;
Judge whether the on-position of the card reader belongs to predeterminable area, if be not belonging to, to the card reader into
Row risk control management;
Judge whether the transaction amount in the Transaction Information of the card reader exceeds consumption limitation, if it is, to described
Card reader carries out risk control management;
Judge the card reader is currently accessed whether the time was within the scope of preset turn-on time, if it is, right
The card reader carries out risk control management;
Within a preset period of time, whether the access number of the card reader is more than preset times, if it is, to institute for judgement
It states card reader and carries out risk control management;
Judgement within a preset period of time, the card reader continuously access the on-position of the SAM device distance whether
More than pre-determined distance, if it is, carrying out risk control management to the card reader.
Optionally, the backstage further include:
Transmitting device, in the authentication device to the card reader of ID card safety certification without SAM module
By rear, and after the authenticity validation to the identity card, indicate that the SAM device executes to obtain in the access device and occupy
Before the process of people's identity card data, exit passageway is established with the card reader;The transmitting device is also used in the SAM
During device executes the process for obtaining resident identification card data, with the card reader using described in exit passageway transmission
The data transmitted between identity card and the SAM device.
Another aspect of the present invention additionally provides a kind of protection system of SAM device, comprising: backstage, card reading as described above
Device and SAM device, in which: the card reader, for sending the certification request to the backstage;The SAM device is used for
After the instruction for receiving the backstage, the process for obtaining resident identification card data is executed.
Another aspect of the present invention additionally provides a kind of system for accessing SAM device, comprising: backstage as described above and card reading
Device, in which: the card reader, for sending the certification request to the backstage.
As seen from the above technical solution provided by the invention, the present invention provides a kind of guard method of SAM device,
Backstage and system, before the process for obtaining resident identification card data is executed in SAM device, backstage is just to card reader of ID card and body
Part card carries out safety certification, after the safety certification to card reader of ID card and identity card passes through, and foundation and body
After the exit passageway of part card card reader, just card reader of ID card is allowed to access SAM device, avoid SAM device by illegal identity
The attack for demonstrate,proving card reader and illegal identity card, reduces the risk that root certificate information is trapped in SAM device, further,
Backstage also carries out risk control management to card reader of ID card and identity card, avoids illegal identity card card reader and illegal identity
The attack to SAM device is demonstrate,proved, the safety of SAM device is further ensured.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment
Attached drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this
For the those of ordinary skill in field, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is a kind of flow chart of the guard method for SAM device that the embodiment of the present invention 1 provides;
Fig. 2 is a kind of structural schematic diagram on backstage for protecting SAM device that the embodiment of the present invention 2 provides;
Fig. 3 is the structural schematic diagram on the backstage that the another kind that the embodiment of the present invention 2 provides is used to protect SAM device;
Fig. 4 is a kind of structural schematic diagram of the protection system for SAM device that the embodiment of the present invention 3 provides;
Fig. 5 is the structural schematic diagram of the protection system for another SAM device that the embodiment of the present invention 3 provides.
Specific embodiment
With reference to the attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete
Ground description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Based on this
The embodiment of invention, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, belongs to protection scope of the present invention.
In the description of the present invention, it is to be understood that, term " center ", " longitudinal direction ", " transverse direction ", "upper", "lower",
The orientation or positional relationship of the instructions such as "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside" is
It is based on the orientation or positional relationship shown in the drawings, is merely for convenience of description of the present invention and simplification of the description, rather than instruction or dark
Show that signified device or element must have a particular orientation, be constructed and operated in a specific orientation, therefore should not be understood as pair
Limitation of the invention.In addition, term " first ", " second " are used for description purposes only, it is not understood to indicate or imply opposite
Importance or quantity or position.
In the description of the present invention, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in invention.
The embodiment of the present invention is described in further detail below in conjunction with attached drawing.
Embodiment 1
The present embodiment provides a kind of guard methods of SAM device, as shown in Figure 1, including the following steps (S101~S103):
S101, the certification request that the card reader of ID card without SAM module is sent is received from the background;
In the present embodiment, encryption equipment can be also possible to from the background for background server, the identity card without SAM module is read
Card device, for the relevant information of reading identity card, such as identity card essential information (such as identity card card sequence, identity card application number
According to identity card presupposed information etc.), resident identification card data (such as resident identification card number, name, photo, age, address, card
Service life, fingerprint etc.) etc., should have external communication interface, the communication interface without the card reader of ID card of SAM module
For wireline interface or wireless interface, communication interface can carry out data communication with backstage;SAM module is that existing card reader of ID card is set
The module set, SAM module can be used for that it is close just to read ID card information after certification passes through with identity card mutual authentication
Text, and identity card cipher-text information is decrypted to obtain the plaintext of ID card information, due to the card reader of ID card in this programme
It is not provided with SAM module, when the card reader of ID card without SAM module needs reading identity card cleartext information, needs Xiang Houtai
Certification request is sent, after certification passes through, resident identification card data is sent to SAM device by backstage and carry out corresponding operation, such as
ID card information ciphertext is decrypted, identity card cleartext information is obtained and is back to the card reader of ID card without SAM module.
In this step, card reader authentication information and the first ID card information are included at least in certification request;Wherein, recognize
It is wrapped in certification request comprising card reader authentication information in order to which legitimacy of the backstage to card reader carries out safety certification in card request
Containing the first ID card information in order to which authenticity of the backstage to identity card confirms.Believe further, it is also possible to be authenticated to card reader
Breath and the encryption of the first ID card information, are included in certification request in a manner of ciphertext, to improve to background transfer data
Safety.As a kind of optional embodiment, the first ID card information includes: identity card essential information and/or authentication ids
The confirmation to the authenticity of identity card may be implemented by identity card based on information in information from the background, is believed substantially by identity card
The confirmation to the authenticity of identity card also may be implemented in breath and/or authentication ids information, SAM device, wherein identity card is basic
Information is read from identity card by the card reader of ID card for not having SAM module, but the identity card essential information does not include resident
Identity card data (such as identification card number name, photo, address, fingerprint), the only relevant information of card, include at least it is following it
One: identity card card mark (such as identity card card sequence number, identity card chip serial number), identity card application data (are used for
Which application shown to be provided in the identity card card) and identity card presupposed information (for example, the structural body of preset support file
System, preset hidden identification and preset support fingerprint recognition etc.).These identity card essential informations can be used to unique identification
The identity of identity card, and be not easy to forge, can be used for judging whether identity card is true.And may be used also using identity card essential information
With the corresponding management access information for inquiring identity card, to realize the risk control management to identity card.Authentication ids letter
To need the authentication information sent to SAM module when being authenticated between identity card and SAM module in the prior art, SAM is filled breath
Setting can use the authentication ids information and authenticates to identity card, to confirm whether the identity card is true.
Based on the backstage authentication different to card reader of ID card, difference can be carried in card reader authentication information
Content can specifically include at least following three kinds of modes:
Mode one can include at least in card reader authentication information: the first authentication data, the first signed data and not have
There is the digital certificate of the card reader of ID card of SAM module, wherein background authentication identity card card reading may be implemented according to digital certificate
The legitimacy of device, according to the public key of the first authentication data and card reader may be implemented background authentication first signed data whether be
The signature that the legal card reader is done.As a kind of optional mode, the first signed data includes: without SAM module
The signed data that card reader of ID card signs to the first authentication data using its private key, wherein the first authentication data
May include at least one of: identity card essential information, card reader of ID card without SAM module identity and
Random factor.The identity of identity card essential information and card reader of ID card all can be plaintext version or ciphertext form, such as
Fruit is ciphertext form, then backstage has key identical with card reader, and can decrypt to ciphertext and obtain corresponding plaintext.First recognizes
Demonstrate,proving data, there are the modes of multiple combinations, and the ciphertext of plaintext, identity card essential information including identity card essential information does not have
The identity of the plaintext of the identity of the card reader of ID card of SAM module, card reader of ID card without SAM module
The combination of one or more of ciphertext and random factor, for example, the first authentication data includes: identity card essential information it is close
The ciphertext of the identity of card reader of ID card literary, without SAM module, random factor, in another example, the first authentication data packet
Include: the ciphertext of identity card essential information, random factor, in another example, the first authentication data includes: identity card essential information it is close
The plaintext or cipher text of the identity of card reader of ID card literary, without SAM module, is not listed herein.Recognize by first
The multiple combinations mode that card data may include, can increase the reliability of verifying.As the optional reality of one of the present embodiment
Mode is applied, the identity of the card reader of ID card without SAM module includes at least following one: without SAM module
The certificate number of the sequence number of card reader of ID card and the card reader of ID card without SAM module, sequence number and certificate number all may be used
With unique identification card reader of ID card.In the present embodiment, when the first authentication data includes random factor, as a kind of optional
Mode, random factor can by do not have SAM module card reader of ID card generate, the identity card card reading without SAM module
Device includes safety chip, which can store its private key and digital certificate, and can generate above-mentioned random factor, as
Another optional mode, random factor can also be sent by generating from the background receiving the card reader of ID card without SAM module
Certification request before, the card reader of ID card without SAM module from getting the random factor from the background, wherein it is random because
Son includes: random number and chance event, is single authentication data, therefore, from the background to the signature signed based on random factor
Data sign test can achieve the purpose for preventing Replay Attack.
In which one, the first signed data is to utilize its private key pair by not having the card reader of ID card of SAM module
What above-mentioned first authentication data was signed, the card reader of ID card without SAM module is to above-mentioned a certain combination side
The first authentication data that formula obtains is signed to obtain after the first signed data is sent to backstage, can use do not have from the background
The public key of the card reader of ID card of SAM module and the first authentication data obtained by this kind of combination are to the first signed data
Carry out sign test, wherein it is basic to can use the key pair identity card negotiated with the card reader of ID card for not having SAM module from the background
The ciphertext of information obtains the plaintext of identity card essential information, and backstage can use and read with the identity card for not having SAM module
The ciphertext that the key pair that card device is negotiated does not have the identity of the card reader of ID card of SAM module, which is decrypted, not to be had
The plaintext of the identity of the card reader of ID card of SAM module.In the present embodiment, above-mentioned first authentication data is utilized by backstage
Public key with the card reader of ID card for not having SAM module is to the safety certification of the first signed data, it is ensured that does not have SAM
The legitimacy of the card reader of ID card of module.
Mode two can include at least in card reader authentication information: the first authentication data as above and close using transmitting
The first authentication data ciphertext that key encrypts the first authentication data, it is identical with card reader of ID card due to preserving from the background
Transmission key can think backstage to the safety of card reader of ID card if backstage can decrypt the first authentication data ciphertext
Certification passes through, and therefore, which includes above-mentioned first authentication data and the first authentication data ciphertext can be real
Now backstage authenticates the legitimacy of card reader.
Mode three can include at least in card reader authentication information: the first authentication data as above and close using verifying
The check value that first authentication data is calculated in key, it is close due to preserving verification identical with card reader of ID card from the background
Key, if identical check value can be calculated to the first authentication data in backstage, it may be considered that backstage is to identity card card reading
The safety certification of device passes through, and therefore, which includes that above-mentioned first authentication data and check value may be implemented
Backstage authenticates the legitimacy of card reader.
S102, from the background according to the card reader authentication information in certification request to do not have SAM module card reader of ID card
Safety certification is carried out, and the authenticity of identity card is confirmed according to the first ID card information in certification request;
It in this step, include verifying (i.e. root of the backstage to the legitimacy for the card reader of ID card for not having SAM module
Safety certification is carried out to the card reader of ID card for not having SAM module according to the card reader authentication information in certification request) and after
Platform to the verifying of the legitimacy of identity card (that is, according to the first ID card information in certification request to the authenticity of identity card into
Row confirmation), wherein as one of the present embodiment optional embodiment, from the background to the identity card card reading for not having SAM module
The verifying of the legitimacy of device can be also possible to conjunction of the backstage to identity card before backstage is to the verifying of the legitimacy of identity card
After the verifying of method, the present embodiment improves the safety of certification by the double authentication to card reader of ID card and identity card
Property and reliability, can after certification passes through, just execute SAM device read resident identification card data process, guarantee SAM device
The attack of illegality equipment is not will receive.
Wherein, three kinds of modes of the corresponding content for being included with card reader authentication information in step S101, basis is recognized from the background
Card request in card reader authentication information to do not have SAM module card reader of ID card carry out safety certification, specifically include with
Under type:
Mode one, when card reader authentication information includes at least: the first authentication data, the first signed data and not having
When the digital certificate of the card reader of ID card of SAM module, from the background to the digital certificate for the card reader of ID card for not having SAM module
Legitimacy verified, and using the public key of the card reader of ID card without SAM module and the first authentication data to the
One signed data carries out sign test, and after and the first signed data sign test legal in verifying digital certificate passes through, then backstage is to identity card
The safety certification of card reader passes through.
Mode two, when card reader authentication information includes at least: the first authentication data and utilization transmission key pair as above
When the first authentication data ciphertext that the first authentication data encrypts, it is close that transmission identical with card reader of ID card is preserved from the background
Key can use the transmission key from the background and decrypt to the first authentication data ciphertext, and after successful decryption, then backstage is to identity card card reading
The safety certification of device passes through.
Mode three, when card reader authentication information includes at least: the first authentication data and utilization check key pair as above
When the check value that first authentication data is calculated, check key identical with card reader of ID card is preserved from the background, if
Identical school is calculated to the first authentication data using algorithm identical with card reader of ID card using the check key in backstage
Value is tested, then backstage passes through the safety certification of card reader of ID card.
By above-mentioned three kinds of authentication modes, the conjunction to the card reader of ID card for not having SAM module may be implemented from the background
The verifying of method guarantees that this does not have the legitimacy of the card reader of ID card of SAM module, to guarantee that SAM device not will receive
The attack of illegal identity card card reader.
In this step, from the background to the verifying of the legitimacy of identity card (that is, being believed according to the first identity card in certification request
Breath confirms the authenticity of identity card) it also may include various ways, merely exemplary below to provide the following two kinds mode:
Mode one, from the background according to the identity card essential information in the first ID card information in certification request to identity card
Authenticity is confirmed, is specifically included:
Identity card essential information is sent to Ministry of Public Security backstage by backstage;It is basic to receive the identity card that Ministry of Public Security backstage returns
The confirmation message of the corresponding identity card necessary being of information;Confirm that identity card is true.
In which one, the Ministry of Public Security backstage can be stored in advance with the associated identity card essential information of identity card, that is,
It says, if an identity card necessary being, when identity card essential information (the card sequence number of such as identity card) is sent out on backstage
It send to Ministry of Public Security backstage, Ministry of Public Security backstage can correspond to backstage one identity card essential information of return and find one
The confirmation message of real identity card, backstage can determine that the identity card is not at least to forge as a result, can prevent SAM device
The attack for the identity card illegally forged.
Mode two confirms have from the background according to the first ID card information in certification request to the authenticity of identity card
Body includes:
First ID card information is sent to SAM device by backstage, receives believing according to the first identity card for SAM device return
The confirmation message after passing through to authentication ids is ceased, confirmation identity card is true.
In which two, when in the first ID card information including identity card essential information, SAM device can be according to body
Part card essential information identity card is authenticated, specifically, may include: in the first ID card information identity card essential information,
The check value that parameter to be verified and identity card are calculated using check key based on the parameter to be verified, SAM device receive
To after first ID card information, the check key of the identity card can be inquired according to identity card essential information, utilizes the school
Test the check value that SAM device side is calculated based on the parameter to be verified for key, judge whether in the first ID card information
Check value is consistent, if unanimously, being true confirmation message to the identity card is returned from the background, body can be confirmed from the background as a result,
Part card is true, the attack for the identity card that can prevent SAM device from illegally being forged;When including in the first ID card information
When authentication ids information, SAM device can be authenticated identity card according to authentication ids information, to confirm that identity card is
It is no true.In the present embodiment, SAM device carries out certification and SAM mould in the prior art to identity card according to authentication ids information
Block is identical as the mode that identity card is authenticated, and details are not described herein again.When the first ID card information includes simultaneously that identity card is basic
When information and authentication ids information, SAM device can respectively be authenticated identity card according to identity card essential information, according to
Authentication ids information authenticates identity card, by carrying out double authentication according to different information, improves the reliable of certification
Property.The present embodiment can also be determined by authenticity of the SAM device to identity card as a result, executed in SAM device and obtained resident
Before the process of identity card data, just determines that the identity card is not at least to forge, can prevent SAM device from illegally being forged
Identity card attack.
The present embodiment is by the safety certification to the card reader of ID card for not having SAM module and to identity card as a result,
Safety certification double authentication, guarantee the safety of the equipment of access SAM device, if a certain link, such as identity card
Safety certification does not pass through, then backstage will also refuse card reader of ID card access SAM device without SAM module.
S103, after passing through to the card reader of ID card safety certification for not having SAM module, and to the true of identity card
Property confirmation after, instruction SAM device execute obtain resident identification card data process.
In this step, only pass through to the card reader of ID card and the equal safety certification of identity card that do not have SAM module,
Just instruction SAM device executes the process for obtaining resident identification card data on backstage, i.e., will just not have the identity card of SAM module from the background
The resident identification card data that card reader is sent to SAM device are sent to SAM device, alternatively, the instruction of SAM device platform upon receipt
It just begins through backstage afterwards to initiate to obtain the process of resident identification card data to card reader, if to the body for not having SAM module
Any one of part card card reader and the safety certification of identity card safety certification do not pass through, then SAM device can not execute acquisition
The process of resident identification card data, to ensure that when illegal identity demonstrate,proves card reader or illegal identity card wants attack SAM device
When, illegal identity card card reader or illegal identity card can be identified from the background, stops this rogue attacks, be the peace of SAM device
Full access provides guarantee.
As an alternative embodiment, if in step s 102, the first ID card information does not include identity card
Authentication information, i.e. SAM device does not authenticate identity card according to authentication ids information in step S102, then in this step
In, it can also include certification of the SAM device to identity card, SAM dress in the process for obtaining resident identification card data that SAM device, which executes,
Authentication ids information can be obtained from card reader by backstage by setting, and be recognized according to the authentication ids information identity card
Card, the certification is same as the prior art, and details are not described herein again.
In the present embodiment, in order to guarantee backstage card reader between can safety-oriented data transfer, as in the present embodiment
A kind of optional embodiment, in step s 102 to do not have SAM module card reader of ID card safety certification pass through after, and
After the authenticity validation to identity card, indicate that SAM device executes the process for obtaining resident identification card data in step s 103
Before, method provided in this embodiment further include: establish exit passageway with the card reader of ID card for not having SAM module from the background;
After establishing exit passageway, this method further include: the process for obtaining the process of resident identification card data is executed in SAM device
In, backstage and card reader of ID card without SAM module between exit passageway transmission identity card and SAM device using transmitting
Data are further ensured that it is possible thereby to improve the safety for transmitting data between backstage and card reader of ID card and are sent to SAM dress
The safety for the data set.
The essence that exit passageway is established with the card reader of ID card for not having SAM module in backstage is from the background and without SAM
The card reader of ID card of module negotiates common transmission key, using the transmission key to the identity card for not having SAM module
The data encryption transmitted between card reader and backstage, from the background can between the card reader of ID card without SAM module with guarantee
To establish the exit passageway for capableing of safety-oriented data transfer.As the optional embodiment of one of the present embodiment, rear
Platform carries out the legitimacy of the card reader of ID card and identity card that do not have SAM module before or after safety certification, further includes:
Card reader of ID card without SAM module is to the safety certification on backstage, such as the digital certificate sent to backstage is verified,
And sign test is carried out to the signed data that backstage is sent, pacified mutually with the card reader of ID card for not having SAM module from the background
After full certification passes through, transmission key can be negotiated in several ways with the card reader of ID card for not having SAM module from the background,
Including at least one of following manner:
Mode one: using fixed transmission key, what the transmission key of the fixation was not randomly generated, but both sides are preparatory
Agreement;
Mode two: being calculated transmission key using preset identical algorithm, which is that both sides make an appointment, but
Be according to the transmission key that the algorithm generates it is random, than in mode one, fixed transmission key is safer;
Mode three: transmission key is calculated using identical algorithm based on the first authentication data, for example, recognizing based on first
Demonstrate,prove the random factor in data, or by the ciphertext of the identity card essential information in the first authentication data and random factor jointly based on
Calculation obtains transmission key, and there are many combinations of the first authentication data, and details are not described herein again, due in the first authentication data
The randomness of random factor, the transmission key calculated at this time will be safer than the transmission key calculated in mode two.
It is optional as one of the present embodiment in order to further ensure SAM device is not attacked by illegal identity card
Embodiment, from the background can also be to identity card or reading in the present embodiment before step S103, or after step s 103
Card device carries out risk control management, that is, method provided in this embodiment further include: the management that backstage obtains identity card accesses letter
Breath;Backstage carries out risk control management to identity card and card reader according to preset strategy according to the management access information of identity card.
In the present embodiment, risk control management is then carried out when finding that identity card is dangerous, to reduce SAM device by illegal identity card
A possibility that attack, guarantees the safety of the identity card of access SAM device.
Wherein, as one of the present embodiment optional embodiment, the management access information of the identity card may include
At least one of: the card management information of identity card, the history of identity card access number, identity card be currently accessed position,
The history on-position of identity card, identity card are currently accessed time, the Transaction Information of identity card and history turn-on time.In step
Before rapid S103, when carrying out risk control management to identity card or card reader from the background, it can get in the following manner from the background
The access-in management information of identity card: it can receive the body that the card reader of ID card without SAM module is sent to backstage from the background
Part card is currently accessed the time, is currently accessed position and the access-in management of one or more identity cards in currency transaction information
Information, the access-in management information of above-mentioned identity card can be individually sent to backstage by card reader, also may be embodied in the first identity
It demonstrate,proves in information.In addition, the first ID card information may include as a kind of optional mode: identity card essential information passes through body
Part card essential information (such as identity card card identifies) can inquire pre-stored corresponding body from local data base from the background
(card management information, the history of identity card of such as identity card access number to the management access information of part card, the history of identity card connects
Enter position and history turn-on time etc.).After step s 103, risk control management is carried out to identity card or card reader from the background
When, from the background other than it can get through the above way the access-in management information of identity card, it can also be executed in SAM device
During the process for obtaining resident identification card data, the plaintext of resident identification card data, such as identity card are obtained from SAM device
Number, name, address, fingerprint etc. can be with the information of unique identification identity card, and by the resident identification card data from local data
Management access information (the card management information of such as identity card, identity card of the library inquiry to the pre-stored corresponding identity card
History access number, identity card history on-position and history turn-on time etc.).It, from the background can root in the present embodiment
According to the management access information of these identity cards to identity card and the card reader of ID card without SAM module carry out risk management,
Risk control management is then carried out when finding that the identity card is dangerous, to reduce a possibility that SAM device is by rogue attacks, is guaranteed
Access the safety of the equipment of SAM device.
As one of the present embodiment optional embodiment, according to the management access information of above-mentioned identity card, according to pre-
If strategy carries out risk control management to identity card, include at least one of following manner or any combination thereof: management allows to access
Identity card and connecing of allowing of the on-position range that allows of card reader of ID card equipment without SAM module, management, management
Enter trading limit, management allow access frequency, management allow turn-on time range, management permission continuous on-position away from
From:
Mode one: the identity card that management allows to access and the card reader of ID card equipment without SAM module are specific to wrap
It includes: judging whether identity card is illegal identity card according to the card management information of identity card from the background, if it is, to identity card
Or the card reader of ID card without SAM module carries out risk control management.
It, from the background can be according to identity card essential information, such as identity card as one of the present embodiment optional embodiment
Card sequence number obtain identity card card management information, for example, whether the identity card is put on the blacklist, the identity card is
It is no exist illegal access record, the identity card whether be more than the normal use time limit, the identity card whether reported the loss, the identity card
Whether format is illegal (i.e. illegal ID card information) for whether frozen, the identity card card image;Backstage passes through these
The card management information of identity card is it may determine that go out whether the identity card is illegal identity card, for example, if there is illegally connecing
Enter record, then thinks that the identity card is dangerous from the background, then safety certification does not pass through.In another example the card sequence number of the identity card
The not length of card sequence number of the length of the dedicated sequence number of identity card or sequence number beyond identity card as defined in the Ministry of Public Security
Degree, then think that the card image format of the identity card is illegal from the background, is illegal identity card.
In the present embodiment, risk control management may include at least one following manner: not allow not having SAM module
Card reader of ID card access SAM device, can disconnect from the background with should card reader of ID card without SAM module connection,
It sends warning signal, refuse the body for not having SAM module to the card reader of ID card and SAM device for not having SAM module
The data that part card card reader is sent are sent to SAM device, by the identity card and should card reader of ID card without SAM module
It pipes off, freeze the identity card etc., as long as card reader of ID card without SAM module and backstage can be disconnected
Communication, so that this, which does not have the card reader of ID card of SAM module and illegal identity card illegally, cannot attack the mode of SAM device,
It can be included within protection scope of the present invention.The mode of these risk control management is applied equally to following manner two
~mode six.
Mode two: the on-position range of permission is managed, is specifically included: sentenced from the background according to the position that is currently accessed of identity card
Whether the on-position of disconnected identity card belongs to predeterminable area, if be not belonging to, to identity card and the body without SAM module
Part card card reader carries out risk control management.
In the specific implementation, backstage judges whether the on-position of identity card belongs to predeterminable area and can refer to identity card
Be currently accessed whether position belongs to user specific region, user property region and user administrative region, user specific region be
User oneself draw a circle to approve safety zone, user property region include user living area, user job region, user's travel purpose
Ground and user vacation land, user administrative region include province's range, city's range and district range.
Mode three: the access trading limit of permission is managed, is specifically included: being sentenced from the background according to the currency transaction information of identity card
Whether the transaction amount in disconnected currency transaction information exceeds consumption limitation, if it is, to identity card or without SAM module
Card reader of ID card carries out risk control management;
In the specific implementation, spending amount limitation can also be carried out for above-mentioned each region from the background, that is, judges identity card
Transaction Information in transaction amount whether exceed for each region consumption limitation, for example, single trade gold in Beijing
Volume is no more than 5000 yuan.
Mode four: the turn-on time of permission is managed, is specifically included: body being judged according to the time that is currently accessed of identity card from the background
Part card is currently accessed whether the time was within the scope of preset turn-on time, if it is, to identity card or not having SAM mould
The card reader of ID card of block carries out risk control management;
It in the specific implementation, from the background can also be for the limitation for the turn-on time that above-mentioned each region is allowed, i.e. body
Part card be currently accessed whether the time was within the scope of the turn-on time for each region, such as allow access time be from
8 points of morning at 5 points in afternoon, does not allow to access except the time range.
Mode five: manage the access frequency of permission, specifically include: within a preset period of time, identity card is gone through for backstage judgement
History accesses whether number is more than preset times threshold value, if it is, to identity card or the card reader of ID card without SAM module
Carry out risk control management;
In this approach, the identity card in preset time period can be inquired from the background ends the access number being currently accessed, example
Such as, end the access number in 1 month be currently accessed, if it exceeds preset times threshold value, for example 1 month access number is more than
100 times, then illustrate that the identity card has the possibility of rogue attacks SAM device, then the identity to the identity card or without SAM module
It demonstrate,proves card reader and carries out risk control management.
Mode six: the continuous on-position distance of permission is managed, is specifically included: judged from the background within a preset period of time, body
Whether the distance of the on-position of the continuous access SAM device of part card is more than pre-determined distance, if it is, to identity card or not having
The card reader of ID card of SAM module carries out risk control management.
In this approach, the identity card in preset time period can be inquired from the background ends the continuous access SAM being currently accessed
The position of SAM device is accessed respectively in Beijing and upper for example, in 1 day in the distance between on-position of device twice in succession
Sea, this distance between on-position accessed twice have been over pre-determined distance, illustrate that the identity card has rogue attacks SAM
The possibility of device, then the card reader of ID card to the identity card or without SAM module carries out risk control management.
Certainly, above-mentioned risk control Managed Solution by way of example only, carries out the side of risk control management in the present embodiment
Case is not limited to this.
In addition, in order to further ensure SAM device is not attacked by illegal card reader of ID card, as in the present embodiment
A kind of optional embodiment, from the background can also be right in the present embodiment before step S101, or after step slol
Card reader of ID card carries out risk control management, that is, method provided in this embodiment further include: backstage obtains card reader of ID card
Management access information;Backstage according to the management access information of card reader of ID card according to preset strategy to card reader of ID card into
Row risk control management.In the present embodiment, when find card reader of ID card it is dangerous when then carry out risk control management, with drop
A possibility that low SAM device is attacked by illegal card reader of ID card guarantees the safety of the card reader of ID card of access SAM device
Property.
Wherein, as one of the present embodiment optional embodiment, the pipe of the card reader of ID card without SAM module
Reason access information includes at least: the device management information of card reader of ID card, the history of card reader of ID card access number, identity
Card card reader be currently accessed position, the history on-position of card reader of ID card, card reader of ID card be currently accessed the time,
The Transaction Information of card reader of ID card.The present embodiment is only after step slol, to carry out risk to card reader of ID card from the background
It is illustrated for control management, the access-in management information of card reader of ID card can be got in the following manner from the background: after
Platform can receive when being currently accessed of card reader of ID card that the card reader of ID card without SAM module is sent to backstage
Between, the access-in management information of one or more card reader of ID card that is currently accessed in position and currency transaction information, it is above-mentioned
The access-in management information of card reader of ID card can be individually sent to backstage by card reader, also may be embodied in card reader certification letter
In breath.In addition, card reader authentication information may include: the identity of card reader of ID card is (such as a kind of optional mode
Sequence number, certificate number, public key information etc.), it from the background can be by the identity of card reader of ID card from local data library inquiry
To the pre-stored corresponding card reader of ID card management access information (device management information of such as card reader of ID card,
The history access number of card reader of ID card, the history on-position of card reader of ID card and history turn-on time etc.).This reality
It applies in example, risk management can be carried out to card reader of ID card according to the management access information of these identity cards from the background, work as discovery
Risk control management is then carried out when the card reader of ID card is dangerous, is attacked with reducing SAM device by illegal card reader of ID card
A possibility that hitting guarantees the safety of the card reader of ID card of access SAM device.
As one of the present embodiment optional embodiment, according to the pipe for the card reader of ID card for not having SAM module
Access information is managed, risk control management is carried out to the card reader of ID card for not having SAM module according to preset strategy, is included at least
One of following manner or any combination thereof: management allows the card reader of ID card equipment without SAM module of access, management to permit
Perhaps the access frequency of access trading limit, management permission that on-position range, management allow manages the turn-on time allowed
The continuous on-position distance that range, management allow:
Mode one: management allows the card reader of ID card equipment without SAM module accessed, specifically includes: sentencing from the background
Whether the card reader of ID card without SAM module that disconnecting enters is the illegal card reader of ID card without SAM module, such as
Fruit is then to carry out risk control management to the card reader of ID card for not having SAM module.
As one of the present embodiment optional embodiment, can be read from the background according to the identity card for not having SAM module
The identity of card device, the sequence number for not having the card reader of ID card of SAM module such as obtain the identity card without SAM module
The device management information of card reader, for example, should card reader of ID card without SAM module whether be put on the blacklist, this not
Card reader of ID card with SAM module records with the presence or absence of illegal access, is somebody's turn to do the card reader of ID card without SAM module
Whether the date of production and production firm the information such as meet the requirements;Backstage does not have the card reader of ID card of SAM module by these
Device management information it may determine that go out this do not have SAM module card reader of ID card whether be illegally do not have SAM mould
The card reader of ID card of block, for example, then thinking that this does not have the identity card of SAM module from the background if there is illegal access record
Card reader is dangerous, then safety certification does not pass through.
In the present embodiment, risk control management may include at least one following manner: not allow not having SAM module
Card reader of ID card access SAM device, can disconnect from the background with should card reader of ID card without SAM module connection,
It sends warning signal, refuse the body for not having SAM module to the card reader of ID card and SAM device for not having SAM module
The data that part card card reader is sent are sent to SAM device, the card reader of ID card for not having SAM module pipe off
Deng as long as the card reader of ID card without SAM module and the communication on backstage can be disconnected, so that this does not have SAM mould illegally
The card reader of ID card of block cannot attack the mode of SAM device, can be included within protection scope of the present invention.These wind
The mode of danger control management is applied equally to two~mode of following manner six.
Mode two: manage the on-position range of permission, specifically include: backstage judges the identity card without SAM module
Card reader is currently accessed whether position belongs to predeterminable area, if be not belonging to, to the identity card card reading for not having SAM module
Device carries out risk control management.
In the specific implementation, it is pre- to judge whether the on-position of the card reader of ID card without SAM module belongs to for backstage
If region can refer to the card reader of ID card without SAM module be currently accessed position whether belong to user specific region,
User property region and user administrative region, user specific region be user oneself draw a circle to approve safety zone, user property area
Domain includes user living area, user job region, user's travel destination and user vacation land, user administrative region include
Province's range, city's range and district range.
Mode three: the access trading limit of permission is managed, is specifically included: judging that the transaction amount in currency transaction information is
It is no to be limited beyond consumption, if it is, carrying out risk control management to the card reader of ID card for not having SAM module;
In the specific implementation, spending amount limitation can also be carried out for above-mentioned each region from the background, i.e. judgement does not have
Whether the transaction amount in the Transaction Information of the card reader of ID card of SAM module exceeds the consumption limitation for each region, example
Such as, no more than 5000 yuan of single transaction amount in Beijing.
Mode four: the turn-on time of permission is managed, is specifically included: judging the card reader of ID card without SAM module
It is currently accessed whether the time was within the scope of preset turn-on time, if it is, to the identity card card reading for not having SAM module
Device carries out risk control management;
It in the specific implementation, from the background can also be for the limitation for the turn-on time that above-mentioned each region is allowed, i.e., not
Card reader of ID card with SAM module is currently accessed whether the time was within the scope of the turn-on time for each region,
Such as the time accessed is allowed to be not allow to access except the time range from 8 points of morning at 5 points in afternoon.
Mode five: manage the access frequency of permission, specifically include: within a preset period of time, judgement does not have SAM mould for judgement
Whether the history access number of the card reader of ID card of block is more than preset times threshold value, if it is, to not having SAM module
Card reader of ID card carries out risk control management;
In this approach, can inquire from the background in preset time period should end without the card reader of ID card of SAM module
The access number being currently accessed, for example, end the access number in 1 month be currently accessed, if it exceeds preset times threshold value,
For example 1 month access number is more than 100 times, then illustrates that this does not have the card reader of ID card of SAM module and has rogue attacks SAM dress
The possibility set then carries out risk control management to the card reader of ID card for not having SAM module.
Mode six: manage the continuous on-position distance of permission, specifically include: judgement within a preset period of time, does not have
Whether the distance that the card reader of ID card of SAM module continuously accesses the on-position of SAM device is more than pre-determined distance, if so,
Risk control management then is carried out to the card reader of ID card for not having SAM module.
In this approach, can inquire from the background in preset time period should end without the card reader of ID card of SAM module
The distance between the on-position for the continuous access SAM device being currently accessed, for example, accessing SAM dress twice in succession in 1 day
Respectively in Beijing and Shanghai, this distance between on-position accessed twice has been over pre-determined distance, says for the position set
The bright possibility be somebody's turn to do the card reader of ID card without SAM module and have rogue attacks SAM device, then do not have SAM module to this
Card reader of ID card carries out risk control management.
Certainly, above-mentioned risk control Managed Solution by way of example only, carries out the side of risk control management in the present embodiment
Case is not limited to this.
The guard method of the SAM device provided through this embodiment, SAM device execute the stream for obtaining resident identification card data
Before journey, safety certification is carried out to the card reader of ID card and identity card that do not have SAM module from the background, and if only if to not having
After the card reader of ID card of SAM module and the safety certification of identity card pass through, backstage just allows SAM device to execute acquisition resident
The process of identity card data avoids SAM device from demonstrate,proving the attack of card reader and illegal identity card by illegal identity, reduces
The risk that root certificate information is trapped in SAM device further from the background can also read the identity card for not having SAM module
Card device and identity card carry out risk control management, and illegal identity card card reader and illegal identity card is avoided to attack SAM device
It hits, further ensures the safety of SAM device.
Embodiment 2
As shown in Fig. 2, the present embodiment provides a kind of for protecting the backstage 10 of SAM device, comprising: reception device 101 is recognized
Card device 102 and access device 103.
In the present embodiment, reception device 101 receive the certification that the card reader of ID card without SAM module is sent and ask
It asks, is included at least in certification request: card reader authentication information and the first ID card information;Authentication device 102 is recognized for basis
Card reader authentication information in card request carries out safety certification to the card reader of ID card for not having SAM module, and according to certification
The first ID card information in request confirms the authenticity of identity card;Access device 103, in authentication device 102
After passing through to the card reader of ID card safety certification for not having SAM module, and after the authenticity validation to identity card, instruction
SAM device executes the process for obtaining resident identification card data.
As one of the present embodiment optional embodiment, as shown in figure 3, backstage 10 further includes SAM device 104, use
In after the instruction for receiving access device 103, the process for obtaining resident identification card data is executed, to complete SAM device to body
The certification of part card and the reading of resident identification card data.
SAM device in the present embodiment can integrate in the background, as a part (as shown in Figure 3) on backstage, effectively
SAM device is promoted to the compatibility of server, SAM device can also exist as individual SAM device, lead to independently of backstage
It crosses itself communication interface and is attached with server and communicated, convenient for the upgrading and maintenance on backstage, promote the flexibility on backstage;Into
One step, the SAM device in the present embodiment can be one or more, to adapt to the demand on different backstages.
It is just right before the backstage provided through this embodiment executes the process for obtaining resident identification card data in SAM device
Card reader of ID card and identity card without SAM module carry out safety certification, and if only if to the identity for not having SAM module
After card card reader and the safety certification of identity card pass through, backstage just allows SAM device to execute acquisition resident identification card data
Process, if do not passed through to the safety certification of the card reader of ID card and identity card that do not have SAM module, backstage does not allow
SAM device executes the process for obtaining resident identification card data, so that ensure that ought not have the identity card card reading of SAM module illegally
When device or illegal identity card want attack SAM device, it can identify that this does not have the card reader of ID card of SAM module illegally from the background
Or illegal identity card, stop this rogue attacks, reduce the risk that root certificate information is trapped in SAM device, is SAM device
Secure accessing provide guarantee.
In the present embodiment, encryption equipment can be also possible to for background server (such as PC terminal) from the background, does not have SAM module
Card reader of ID card, for the relevant information of reading identity card, such as identity card essential information (such as identity card card sequence, body
Part card apply data and identity card presupposed information etc.), resident identification card data (such as resident identification card number, name, photo, the age,
Address, card service life, fingerprint etc.) etc., there should be external communication interface without the card reader of ID card of SAM module,
The communication interface is wireline interface or wireless interface, and communication interface can carry out data communication with backstage;SAM module is existing identity
A module of card reader setting is demonstrate,proved, SAM module can be used for just reading body after certification passes through with identity card mutual authentication
Part card information ciphertext, and identity card cipher-text information is decrypted to obtain the plaintext of ID card information, due to the body in this programme
Part card card reader is not provided with SAM module, and the card reader of ID card without SAM module needs reading identity card cleartext information
When, certification request need to be sent to backstage, after certification passes through, resident identification card data are sent to SAM device by backstage and carry out phase
The operation answered such as decrypts ID card information ciphertext, obtains identity card cleartext information and is back to the identity without SAM module
Demonstrate,prove card reader.
In the present embodiment, card reader authentication information and the first ID card information are included at least in certification request;Wherein,
Recognize in certification request comprising card reader authentication information in order to which the authentication device 102 on backstage carries out safety to the legitimacy of card reader
It demonstrate,proves, comprising the first ID card information in order to which the authentication device 102 on backstage carries out really the authenticity of identity card in certification request
Recognize.In addition, card reader can also encrypt card reader authentication information and the first ID card information, it is included in a manner of ciphertext
In certification request, to improve the safety for the data that backstage receives.As a kind of optional embodiment, the first ID card information
It include: identity card essential information and/or authentication ids information, by identity card based on information, the authentication device 102 on backstage
The confirmation to the authenticity of identity card may be implemented, pass through identity card essential information and/or authentication ids information, SAM device
Also the confirmation to the authenticity of identity card may be implemented, wherein identity card essential information is read by not having the identity card of SAM module
Card device is read from identity card, but the identity card essential information does not include resident identification card data (such as identification card number name, photograph
Piece, address, fingerprint etc.), the only relevant information of card, include at least following one: identity card card identifies (such as ID card
Piece sequence number, identity card chip serial number etc.), identity card application data are (for showing which is provided in the identity card card
Using) and identity card presupposed information (for example, preset support the structural system of file, preset hidden identification and preset
Support fingerprint recognition etc.).These identity card essential informations can be used to the identity of unique identification identity card, and be not easy to forge, can
For judging whether identity card is true.And it can also be corresponded to using identity card essential information and inquire the management of identity card and connect
Enter information, to realize the risk control management to identity card.Authentication ids information is identity card in the prior art and SAM mould
The authentication information sent to SAM module is needed when being authenticated between block, SAM device can use the authentication ids information pair
Identity card is authenticated, to confirm whether the identity card is true.
Based on the authentication device on the backstage authentication different to card reader, can be carried in card reader authentication information
Different contents can specifically include at least following three kinds of modes:
Mode one can include at least in card reader authentication information: the first authentication data, the first signed data and not have
There is the digital certificate of the card reader of ID card of SAM module, wherein the authentication device 102 on backstage may be implemented according to digital certificate
The legitimacy for verifying card reader of ID card, the authentication device on backstage may be implemented according to the public key of the first authentication data and card reader
Whether 102 verifying first signed datas are signature that the legal card reader is done.As a kind of optional mode, the first label
Name data include: that the card reader of ID card without SAM module signs to the first authentication data using its private key
Signed data, wherein the first authentication data may include at least one of: identity card essential information, without SAM module
The identity of card reader of ID card and random factor.The identity of identity card essential information and card reader of ID card
Think plaintext version or ciphertext form, if it is ciphertext form, the authentication device 102 on backstage has identical with card reader close
Key, and ciphertext can be decrypted and obtain corresponding plaintext.There are the mode of multiple combinations, including identity card are basic for first authentication data
The plaintext of information, the ciphertext of identity card essential information, card reader of ID card without SAM module identity plaintext,
The ciphertext of the identity of card reader of ID card without SAM module and the combination of one or more of random factor,
For example, the first authentication data includes: the ciphertext of identity card essential information, the identity of card reader of ID card without SAM module
The ciphertext of mark, random factor, in another example, the first authentication data includes: the ciphertext of identity card essential information, random factor, again
For example, the first authentication data includes: the ciphertext of identity card essential information, the identity of card reader of ID card without SAM module
The plaintext or cipher text of mark, is not listed herein.The multiple combinations mode that may include by the first authentication data, can increase
The reliability of verifying.As one of the present embodiment optional embodiment, the body of the card reader of ID card without SAM module
Part mark includes at least following one: the sequence number of the card reader of ID card without SAM module and the body without SAM module
The certificate number of part card card reader, sequence number and certificate number can unique identification card reader of ID card.In the present embodiment, when
When one authentication data includes random factor, as a kind of optional mode, random factor can be by not having the identity card of SAM module
Card reader generate, the card reader of ID card without SAM module includes safety chip, the safety chip can store its private key with
And digital certificate, and above-mentioned random factor can be generated, as another optional mode, random factor can also by generating from the background,
Before receiving the certification request that the card reader of ID card without SAM module is sent, the identity card card reading without SAM module
Device from getting the random factor from the background, wherein and random factor includes: random number and chance event, is single authentication data, because
This, the authentication device 102 on backstage, which can achieve the signed data sign test signed based on random factor, prevents Replay Attack
Purpose.
In which one, the first signed data is to utilize its private key pair by not having the card reader of ID card of SAM module
What above-mentioned first authentication data was signed, the card reader of ID card without SAM module is to above-mentioned a certain combination side
The first authentication data that formula obtains is signed to obtain after the first signed data is sent to backstage, and the authentication device 102 on backstage can
To utilize the public key of the card reader of ID card without SAM module and the first authentication data pair obtained by this kind of combination
First signed data carries out sign test, wherein the authentication device 102 on backstage can use to be read with the identity card for not having SAM module
The ciphertext for the key pair identity card essential information that card device is negotiated obtains the plaintext of identity card essential information and the certification dress on backstage
Setting 102 can use the identity card reading that the key pair negotiated with the card reader of ID card for not having SAM module does not have SAM module
The ciphertext of the identity of card device is decrypted to obtain the plaintext of the identity of the card reader of ID card without SAM module.
In the present embodiment, read by the authentication device 102 on backstage using above-mentioned first authentication data and the identity card without SAM module
Safety certification of the public key of card device to the first signed data, it is ensured that the card reader of ID card without SAM module it is legal
Property.
Mode two can include at least in card reader authentication information: the first authentication data as above and close using transmitting
The first authentication data ciphertext that key encrypts the first authentication data, since the authentication device 102 on backstage is preserved and identity
The identical transmission key of card reader is demonstrate,proved, if backstage can decrypt the certification that can think backstage to the first authentication data ciphertext
Device 102 passes through the safety certification of card reader of ID card, and therefore, which includes above-mentioned first authentication data
And first authentication data ciphertext the authentication device 102 on backstage may be implemented the legitimacy of card reader is authenticated.
Mode three can include at least in card reader authentication information: the first authentication data as above and close using verifying
The check value that first authentication data is calculated in key, since the authentication device 102 on backstage is preserved and card reader of ID card
Identical check key, if identical check value can be calculated to the first authentication data in the authentication device 102 on backstage,
It is considered that the authentication device 102 on backstage passes through the safety certification of card reader of ID card, and therefore, the card reader authentication information packet
The authentication device 102 that backstage may be implemented containing above-mentioned first authentication data and check value recognizes the legitimacy of card reader
Card.
In the present embodiment, authentication device 102, for the legitimacy to the card reader of ID card for not having SAM module
Verifying (carries out safety to the card reader of ID card for not having SAM module according to the card reader authentication information in certification request to recognize
Card) and the legitimacy to identity card verifying (that is, according to the first ID card information in certification request to the true of identity card
Property confirmed), wherein as one of the present embodiment optional embodiment, authentication device 102 is not to having SAM module
The verifying of legitimacy of card reader of ID card can be also possible to before the verifying to the legitimacy of identity card to identity card
Legitimacy verifying after, the present embodiment improves certification by the double authentication to card reader of ID card and identity card
Safety and reliability can just execute the process that SAM device reads resident identification card data, guarantee SAM after certification passes through
Device not will receive the attack of illegal identity card card reader.
Wherein, three kinds of modes of the content for being included corresponding to card reader authentication information, authentication device 102 are used for basis
Card reader authentication information in certification request carries out safety certification to the card reader of ID card for not having SAM module, specifically includes
Following manner:
Mode one, when card reader authentication information includes at least: the first authentication data, the first signed data and not having
When the digital certificate of the card reader of ID card of SAM module, specifically, authentication device 102, for the body for not having SAM module
The legitimacy of the digital certificate of part card card reader is verified, and utilizes the public key of the card reader of ID card without SAM module
And first authentication data sign test is carried out to the first signed data, in verifying, digital certificate is legal and the first signed data sign test is logical
Later, then authentication device 102 passes through the safety certification of card reader of ID card.
Mode two, when card reader authentication information includes at least: the first authentication data and utilization transmission key pair as above
When the first authentication data ciphertext that the first authentication data encrypts, specifically, since authentication device 102 is preserved and identity card
The identical transmission key of card reader, authentication device 102 are also used to decrypt the first authentication data ciphertext using the transmission key,
After successful decryption, then authentication device 102 passes through the safety certification of card reader of ID card.
Mode three, when card reader authentication information includes at least: the first authentication data and utilization check key pair as above
When the check value that first authentication data is calculated, specifically, since authentication device 102 is preserved and card reader of ID card phase
With check key, authentication device 102 is also used to using the check key using algorithm identical with card reader of ID card to the
Identical check value is calculated in one authentication data, then authentication device 102 passes through the safety certification of card reader of ID card.
By above-mentioned three kinds of authentication modes, authentication device 102 be may be implemented to the identity card card reading for not having SAM module
The verifying of the legitimacy of device guarantees that this does not have the legitimacy of the card reader of ID card of SAM module, to guarantee SAM device not
It will receive the attack of illegal identity card card reader.
In the present embodiment, authentication device 102 is to the verifying of the legitimacy of identity card (that is, according in certification request
One ID card information confirms the authenticity of identity card) also may include various ways, below it is merely exemplary provide it is as follows
Two ways:
Mode one, authentication device 102, for being believed substantially according to the identity card in the first ID card information in certification request
Breath confirms the authenticity of identity card, specifically includes:
Identity card essential information is sent to Ministry of Public Security's authentication device 102 by authentication device 102;Receive Ministry of Public Security's certification dress
Set the confirmation message of the corresponding identity card necessary being of identity card essential information of 102 returns;Confirm that identity card is true.
In which one, Ministry of Public Security's authentication device 102 can be stored in advance with the associated identity card essential information of identity card,
That is, if an identity card necessary being, when authentication device 102 by identity card essential information (such as identity card
Card sequence number) be sent to Ministry of Public Security's authentication device 102 after, Ministry of Public Security's authentication device 102 can to authentication device 102 return one
The identity card essential information can correspond to the confirmation message for finding a real identity card, and authentication device 102 can be true as a result,
The fixed identity card is not at least to forge, the attack for the identity card that can prevent SAM device from illegally being forged.
Mode two, authentication device 102, for the authenticity according to the first ID card information in certification request to identity card
Confirmed, specifically included:
First ID card information is sent to SAM device by authentication device 102, receive SAM device return according to first
ID card information authentication ids are passed through after confirmation message, confirmation identity card it is true.
In which two, when in the first ID card information including identity card essential information, SAM device can be according to body
Part card essential information identity card is authenticated, specifically, may include: in the first ID card information identity card essential information,
The check value that parameter to be verified and identity card are calculated using check key based on the parameter to be verified, SAM device receive
To after first ID card information, the check key of the identity card can be inquired according to identity card essential information, utilizes the school
Test the check value that SAM device side is calculated based on the parameter to be verified for key, judge whether in the first ID card information
Check value is consistent, if unanimously, being true confirmation message to the identity card is returned from the background, body can be confirmed from the background as a result,
Part card is true, the attack for the identity card that can prevent SAM device from illegally being forged;When including in the first ID card information
When authentication ids information, SAM device can be authenticated identity card according to authentication ids information, in the present embodiment, SAM
Device carries out the side that certification is authenticated with SAM module in the prior art and identity card to identity card according to authentication ids information
Formula is identical, and details are not described herein again.When the first ID card information includes simultaneously identity card essential information and authentication ids information,
SAM device can respectively authenticate identity card according to identity card essential information, according to authentication ids information to identity card
It is authenticated, by carrying out double authentication according to different information, improves the reliability of certification.The present embodiment can also be with as a result,
It is determined by authenticity of the SAM device to identity card, before the process for obtaining resident identification card data is executed in SAM device,
Just determine that the identity card is not at least to forge, the attack for the identity card that can prevent SAM device from illegally being forged.
The present embodiment is by the safety certification to the card reader of ID card for not having SAM module and to identity card as a result,
Safety certification double authentication, guarantee the safety of the equipment of access SAM device, if a certain link, such as identity card
Safety certification does not pass through, then authentication device 102 will also refuse card reader of ID card access SAM device without SAM module.
As one of the present embodiment optional embodiment, if not including identity identification in the first ID card information
Information is demonstrate,proved, then executing in the process for obtaining resident identification card data in SAM device can also include that SAM device recognizes identity card
Card, SAM device can obtain authentication ids information from card reader by backstage, and according to the authentication ids information to identity
Card is authenticated, and the certification is same as the prior art, and details are not described herein again.
As one of the present embodiment optional embodiment, as shown in Figures 2 and 3, backstage 10, further includes transmitting device
105 (shown in dotted line frames), for authentication device 102 to do not have SAM module card reader of ID card safety certification pass through after,
And after the authenticity validation to identity card, indicate that SAM device executes the stream of acquisition resident identification card data in access device 103
Before journey, exit passageway is established with card reader;Transmitting device 105 is also used to execute acquisition resident identification card data in SAM device
Process during, utilize the data transmitted between exit passageway transmission identity card and SAM device with card reader.It is possible thereby to
The safety for transmitting data between backstage and card reader of ID card is improved, is further ensured that the peace for being sent to the data of SAM device
Quan Xing.
In the present embodiment, authentication device 102 establishes the reality of exit passageway with the card reader of ID card for not having SAM module
Matter is that authentication device 102 and the card reader of ID card for not having SAM module negotiate common transmission key, close using the transmission
Data encryption of the key to being transmitted between the card reader of ID card and authentication device 102 for not having SAM module, to guarantee authentication device
It can establish the exit passageway for capableing of safety-oriented data transfer between 102 and the card reader of ID card without SAM module.Make
For the optional embodiment of one of the present embodiment, authentication device 102 to the card reader of ID card for not having SAM module and
The legitimacy of identity card carries out before or after safety certification, further includes: the card reader of ID card without SAM module is to backstage
Safety certification, such as the digital certificate that the card reader of ID card without SAM module sends authentication device 102 tests
Card, and sign test, authentication device 102 and the identity card for not having SAM module are carried out to the signed data that authentication device 102 is sent
Card reader carries out mutually after safety certification passes through, and authentication device 102 can pass through with the card reader of ID card for not having SAM module
Various ways negotiate transmission key, include at least one of following manner:
Mode one: using fixed transmission key, what the transmission key of the fixation was not randomly generated, but both sides are preparatory
Agreement;
Mode two: being calculated transmission key using preset identical algorithm, which is that both sides make an appointment, but
Be according to the transmission key that the algorithm generates it is random, than in mode one, fixed transmission key is safer;
Mode three: transmission key is calculated using identical algorithm based on the first authentication data, for example, recognizing based on first
Demonstrate,prove the random factor in data, or by the ciphertext of the identity card essential information in the first authentication data and random factor jointly based on
Calculation obtains transmission key, and there are many combinations of the first authentication data, and details are not described herein again, due in the first authentication data
The randomness of random factor, the transmission key calculated at this time will be safer than the transmission key calculated in mode two.
It is optional as one of the present embodiment in order to further ensure SAM device is not attacked by illegal identity card
Embodiment, as shown in Figures 2 and 3, backstage 10 can also include risk control device 106 (shown in dotted line frame), for obtaining
The management access information of identity card;To identity card and do not have SAM according to preset strategy according to the management access information of identity card
The card reader of ID card of module carries out risk control management.In the present embodiment, risk is then carried out when finding that identity card is dangerous
Control management guarantees the peace of the identity card of access SAM device to reduce a possibility that SAM device is attacked by illegal identity card
Quan Xing.
Wherein, as one of the present embodiment optional embodiment, the management access information of the identity card may include
At least one of: the card management information of identity card, the history of identity card access number, identity card be currently accessed position,
The history on-position of identity card, identity card are currently accessed time, the Transaction Information of identity card and history turn-on time.It is connecing
Before entering the process that device 103 indicates that SAM device executes acquisition resident identification card data, identity card or card reader are carried out from the background
When risk control manages, risk control device 106 can get the access-in management information of identity card in the following manner: receive
Device 101 can receive the identity card that the card reader of ID card without SAM module is sent to backstage be currently accessed the time,
It is currently accessed the access-in management information of one or more identity cards in position and currency transaction information, above-mentioned identity card connects
Reception device 101 can be individually sent to by card reader by entering management information, also may be embodied in the first ID card information, be received
The access-in management information of above-mentioned identity card is sent to risk control device 106 by device 101.In addition, as a kind of optional side
Formula, the first ID card information may include: identity card essential information, and risk control device 106 can be believed substantially by identity card
Breath (such as identity card card identifies) inquires the management access information of the pre-stored corresponding identity card from local data base
(when card management information, the history of identity card access number, the history on-position of identity card and the history of such as identity card access
Between etc.).After access device 103 indicates that SAM device executes the process for obtaining resident identification card data, risk control device
When 106 pairs of identity cards or card reader carry out risk control management, the access in addition to identity card can be got through the above way
Except management information, it can also be obtained during SAM device executes the process for obtaining resident identification card data from SAM device
Take the plaintext of resident identification card data, such as identification card number, name, address, fingerprint can with the information of unique identification identity card, and
The management access information of the pre-stored corresponding identity card is inquired from local data base by the resident identification card data
(when card management information, the history of identity card access number, the history on-position of identity card and the history of such as identity card access
Between etc.).In the present embodiment, risk control device 106 can according to the management access informations of these identity cards to identity card and
Card reader of ID card without SAM module carries out risk management, then carries out risk control when finding that the identity card is dangerous
Management guarantees the safety of the equipment of access SAM device to reduce a possibility that SAM device is by rogue attacks.
As one of the present embodiment optional embodiment, risk control device 106, for according to above-mentioned identity card
Manage access information, risk control management carried out to identity card according to preset strategy, include at least one of following manner or its
Meaning combination: the identity card that management allows to access and the access digit that the card reader of ID card equipment without SAM module, management allow
It sets range, the access trading limit that management allows, the access frequency of management permission, manage the turn-on time range allowed, management
The continuous on-position distance allowed:
Mode one: the identity card that management allows to access and the card reader of ID card equipment without SAM module are specific to wrap
Include: risk control device 106 judges whether identity card is illegal identity card according to the card management information of identity card, if
It is that then the card reader of ID card to identity card or without SAM module carries out risk control management.
As one of the present embodiment optional embodiment, risk control device 106 can be believed substantially according to identity card
Breath, if the card sequence number of identity card obtains the card management information of identity card, for example, whether the identity card is put into black name
The single, identity card with the presence or absence of illegal access record, the identity card whether be more than the normal use time limit, the identity card whether
It reports the loss, whether the identity card is frozen, whether format is illegal (i.e. illegal ID card information) for identity card card image;
Risk control device 106 is by the card management information of these identity cards it may determine that going out whether the identity card is illegal identity
Card, for example, then risk control device 106 thinks that the identity card is dangerous if there is illegal access record, then safety certification is not
Pass through.In another example the card sequence number of the identity card is not the length of the dedicated sequence number of identity card or sequence number beyond public affairs
The length of the card sequence number of identity card as defined in peace portion, then risk control device 106 thinks the card image lattice of the identity card
Formula is illegal, is illegal identity card.
In the present embodiment, risk control management may include at least one following manner: risk control device 106 can be with
Control does not indicate that SAM device executes the process for obtaining resident identification card data, risk control device 106 can control disconnection and should
The connection of card reader of ID card without SAM module is issued to the card reader of ID card and SAM device for not having SAM module
Data that the card reader of ID card for not having SAM module is sent are sent to SAM device, by the identity by caution signal, refusal
Card and should card reader of ID card without SAM module pipe off, freeze the identity card etc., as long as can disconnect
The communication of card reader of ID card and backstage without SAM module, so that this does not have the card reader of ID card of SAM module illegally
The mode that SAM device cannot be attacked with illegal identity card, can be included within protection scope of the present invention.These risk controls
The mode of tubulation reason is applied equally to two~mode of following manner six.
Mode two: manage the on-position range of permission, specifically include: risk control device 106 is worked as according to identity card
Preceding on-position judges whether the on-position of identity card belongs to predeterminable area, if be not belonging to, to identity card and does not have
There is the card reader of ID card of SAM module to carry out risk control management.
In the specific implementation, risk control device 106 judge whether the on-position of identity card belongs to predeterminable area can be with
Refer to identity card is currently accessed whether position belongs to user specific region, user property region and user administrative region, use
Family specific region be user oneself draw a circle to approve safety zone, user property region include user living area, user job region,
User's travel destination and user vacation land, user administrative region include province's range, city's range and district range.
Mode three: manage the access trading limit of permission, specifically include: risk control device 106 is worked as according to identity card
Preceding Transaction Information judges whether the transaction amount in currency transaction information exceeds consumption limitation, if it is, to identity card or not
Card reader of ID card with SAM module carries out risk control management;
In the specific implementation, risk control device 106 can also carry out spending amount limitation for above-mentioned each region, i.e.,
Judge whether the transaction amount in the Transaction Information of identity card exceeds the consumption limitation for each region, for example, in Beijing
Single transaction amount is no more than 5000 yuan.
Mode four: manage the turn-on time of permission, specifically include: risk control device 106 currently connects according to identity card
What the angle of incidence judged identity card is currently accessed whether the time was within the scope of preset turn-on time, if it is, to identity card
Or the card reader of ID card without SAM module carries out risk control management;
In the specific implementation, risk control device 106 can also be for the turn-on time that above-mentioned each region is allowed
Limitation, i.e. identity card is currently accessed whether the time was within the scope of the turn-on time for each region, such as allows to connect
The time entered is not allow to access except the time range from 8 points of morning at 5 points in afternoon.
Mode five: manage the access frequency of permission, specifically include: risk control device 106 judge within a preset period of time,
Whether the history access number of identity card is more than preset times threshold value, if it is, to identity card or the body without SAM module
Part card card reader carries out risk control management;
In this approach, risk control device 106 can inquire what identity card cut-off in preset time period was currently accessed
Number is accessed, for example, end the access number in 1 month be currently accessed, if it exceeds preset times threshold value, such as 1 month
Accessing number is more than 100 times, then illustrates that the identity card has the possibility of rogue attacks SAM device, then to the identity card or does not have
The card reader of ID card of SAM module carries out risk control management.
Mode six: manage the continuous on-position distance of permission, specifically include: risk control device 106 judges default
In period, whether the distance that identity card continuously accesses the on-position of SAM device is more than pre-determined distance, if it is, to body
Part is demonstrate,proved or the card reader of ID card without SAM module carries out risk control management.
In this approach, risk control device 106 can inquire what identity card cut-off in preset time period was currently accessed
The distance between the on-position of continuous access SAM device, for example, accessing the position point of SAM device twice in succession in 1 day
Not in Beijing and Shanghai, this distance between on-position accessed twice has been over pre-determined distance, illustrates the identity card
There is the possibility of rogue attacks SAM device, then the card reader of ID card to the identity card or without SAM module carries out risk control
Management.
Certainly, above-mentioned risk control Managed Solution by way of example only, carries out the side of risk control management in the present embodiment
Case is not limited to this.
In addition, in order to further ensure SAM device is not attacked by illegal card reader of ID card, as in the present embodiment
A kind of optional embodiment, risk control device 106 is also used to obtain the pipe of the card reader of ID card without SAM module
Access information is managed, and according to the management access information for the card reader of ID card for not having SAM module, according to preset strategy to not having
There is the card reader of ID card of SAM module to carry out risk control management.In the present embodiment, risk control device 106 is when discovery identity
Card card reader it is dangerous when then carry out risk control management, attacked by illegal card reader of ID card with to reduce SAM device
Possibility guarantees the safety of the card reader of ID card of access SAM device.
Wherein, as one of the present embodiment optional embodiment, the pipe of the card reader of ID card without SAM module
Reason access information includes at least: the device management information of card reader of ID card, the history of card reader of ID card access number, identity
Card card reader be currently accessed position, the history on-position of card reader of ID card, card reader of ID card be currently accessed the time,
The Transaction Information of card reader of ID card.Risk control device 106 can get connecing for card reader of ID card in the following manner
Enter management information: reception device 101 can receive the identity card that the card reader of ID card without SAM module is sent to backstage
Card reader is currently accessed the time, is currently accessed position and one or more card reader of ID card in currency transaction information
The access-in management information of access-in management information, above-mentioned card reader of ID card can be individually sent to reception device 101 by card reader,
Also it may be embodied in card reader authentication information, the access-in management information of above-mentioned identity card is sent to risk by reception device 101
Control device 106.In addition, card reader authentication information may include: the identity of card reader of ID card as a kind of optional mode
It identifies (such as sequence number, certificate number, public key information), risk control device 106 can pass through the identity mark of card reader of ID card
Know management access information (such as identity card card reading that the pre-stored corresponding card reader of ID card is inquired from local data base
The device management information of device, the history access number of card reader of ID card, the history on-position of card reader of ID card and history
Turn-on time etc.).In the present embodiment, risk control device 106 can be according to the management access information of these identity cards to body
Part card card reader carries out risk management, then carries out risk control management when finding that the card reader of ID card is dangerous, to reduce
A possibility that SAM device is attacked by illegal card reader of ID card guarantees the safety of the card reader of ID card of access SAM device
Property.
As one of the present embodiment optional embodiment, risk control device 106, for according to without SAM mould
The management access information of the card reader of ID card of block carries out the card reader of ID card for not having SAM module according to preset strategy
Risk control management includes at least one of following manner or any combination thereof: management allows the body without SAM module accessed
The access frequency that part card reader device, the on-position range that management allows, the access trading limit for managing permission, management allow
The continuous on-position distance of turn-on time range, management permission that rate, management allow:
Mode one: management allows the card reader of ID card equipment without SAM module accessed, specifically includes: risk control
Device 106 processed judges whether the card reader of ID card without SAM module of access is the illegal identity without SAM module
Card reader is demonstrate,proved, if it is, carrying out risk control management to the card reader of ID card for not having SAM module.
As one of the present embodiment optional embodiment, risk control device 106 can be according to without SAM module
Card reader of ID card identity, such as do not have SAM module card reader of ID card sequence number obtain do not have SAM mould
The device management information of the card reader of ID card of block, for example, should card reader of ID card without SAM module whether be put into it is black
List, should the card reader of ID card without SAM module with the presence or absence of illegal access record, should the identity without SAM module
Whether the date of production and production firm for demonstrate,proving card reader the information such as meet the requirements;Risk control device 106 does not have by these
The device management information of the card reader of ID card of SAM module is it may determine that go out the card reader of ID card for not having SAM module
It whether is the illegal card reader of ID card for not having SAM module, for example, then risk control fills if there is illegal access record
It sets 106 and thinks that the card reader of ID card without SAM module is dangerous, then safety certification does not pass through.
In the present embodiment, risk control management may include at least one following manner: risk control device 106 can be with
Control does not indicate that SAM device executes the process for obtaining resident identification card data, risk control device 106 can control disconnection and should
The connection of card reader of ID card without SAM module is issued to the card reader of ID card and SAM device for not having SAM module
The data that the card reader of ID card for not having SAM module is sent are sent to SAM device, do not have this by caution signal, refusal
There is the card reader of ID card of SAM module to pipe off etc., as long as the card reader of ID card without SAM module can be disconnected
It can be wrapped with the communication of risk control device 106 prevent the illegal identity demonstrate,proves card reader from attacking the mode of SAM device
Containing within protection scope of the present invention.The mode of these risk control management is applied equally to two~mode of following manner
Six.
Mode two: manage the on-position range of permission, specifically include: the judgement of risk control device 106 does not have SAM mould
The card reader of ID card of block is currently accessed whether position belongs to predeterminable area, if be not belonging to, to not having SAM module
Card reader of ID card carries out risk control management.
In the specific implementation, risk control device 106 judges the on-position of the card reader of ID card without SAM module
Whether belong to that predeterminable area can refer to the card reader of ID card without SAM module is currently accessed whether position belongs to user
Specific region, user property region and user administrative region, user specific region be user oneself draw a circle to approve safety zone, use
Family attribute region includes user living area, user job region, user's travel destination and user vacation land, user it is administrative
Region includes province's range, city's range and district range.
Mode three: the access trading limit of permission is managed, is specifically included: judging that the transaction amount in currency transaction information is
It is no to be limited beyond consumption, if it is, carrying out risk control management to the card reader of ID card for not having SAM module;
In the specific implementation, risk control device 106 can also carry out spending amount limitation for above-mentioned each region, i.e.,
Judge whether the transaction amount in the Transaction Information of the card reader of ID card without SAM module exceeds disappearing for each region
Take limitation, for example, single transaction amount is no more than 5000 yuan in Beijing.
Mode four: the turn-on time of permission is managed, is specifically included: judging the card reader of ID card without SAM module
It is currently accessed whether the time was within the scope of preset turn-on time, if it is, to the identity card card reading for not having SAM module
Device carries out risk control management;
In the specific implementation, risk control device 106 can also be for the turn-on time that above-mentioned each region is allowed
Limitation, i.e., card reader of ID card without SAM module is currently accessed whether the time is in access for each region
In time range, such as the time accessed is allowed to be not allow to connect except the time range from 8 points of morning at 5 points in afternoon
Enter.
Mode five: manage the access frequency of permission, specifically include: within a preset period of time, judgement does not have SAM mould for judgement
Whether the history access number of the card reader of ID card of block is more than preset times threshold value, if it is, to not having SAM module
Card reader of ID card carries out risk control management;
In this approach, risk control device 106, which can be inquired, is somebody's turn to do the identity card without SAM module in preset time period
Card reader ends the access number being currently accessed, for example, ending the access number in 1 month be currently accessed, if it exceeds in advance
If frequency threshold value, such as 1 month access number are more than 100 times, then it is non-to illustrate that the card reader of ID card without SAM module has
Method attacks the possibility of SAM device, then carries out risk control management to the card reader of ID card for not having SAM module.
Mode six: manage the continuous on-position distance of permission, specifically include: judgement within a preset period of time, does not have
Whether the distance that the card reader of ID card of SAM module continuously accesses the on-position of SAM device is more than pre-determined distance, if so,
Risk control management then is carried out to the card reader of ID card for not having SAM module.
In this approach, risk control device 106, which can be inquired, is somebody's turn to do the identity card without SAM module in preset time period
The distance between the on-position for the continuous access SAM device that card reader cut-off is currently accessed, for example, in 1 day, twice in succession
The position of SAM device is accessed respectively in Beijing and Shanghai, this distance between on-position accessed twice has been over pre-
If distance, illustrates that this does not have the possibility that the card reader of ID card of SAM module has rogue attacks SAM device, then do not have to this
The card reader of ID card of SAM module carries out risk control management.
Certainly, above-mentioned risk control Managed Solution by way of example only, carries out the side of risk control management in the present embodiment
Case is not limited to this.
The backstage provided through this embodiment, before SAM device executes the process for obtaining resident identification card data, to not having
The card reader of ID card and identity card for having SAM module carry out safety certification, read and if only if to the identity card for not having SAM module
After the safety certification of card device and identity card passes through, SAM device is just allowed to start to execute the process for obtaining resident identification card data,
SAM device is avoided to reduce SAM by the attack of the illegal card reader of ID card without SAM module and illegal identity card
The risk that root certificate information is trapped in device, further, backstage is also to the card reader of ID card and body for not having SAM module
Part card carries out risk control management, avoids the illegally card reader of ID card without SAM module and illegal identity from demonstrate,proving and fills to SAM
The attack set further ensures the safety of SAM device.
Embodiment 3
The system for present embodiments providing two kinds of access SAM devices based on the backstage provided in embodiment 2.Fig. 4 and Fig. 5
For the structural schematic diagram of the system of access SAM device.
As shown in figure 4, the present embodiment provides it is a kind of access SAM device system, the system include: in embodiment 2 after
Platform 10 (as shown in Figure 3), the card reader of ID card 20 without SAM module, in which:
Card reader of ID card 20 without SAM module, for sending certification request to backstage.Wherein, about backstage 10
Related content, specific descriptions refer to embodiment 2.
In the present embodiment, backstage 10 can be also possible to encryption equipment for background server, the identity card without SAM module
Card reader 20, for the relevant information of reading identity card, such as identity card essential information, (such as identity card card sequence, identity card are answered
With data and identity card presupposed information etc.), resident identification card data (such as resident identification card number, name, photo, the age, address,
Card service life, fingerprint etc.) etc., should have external communication interface, the communication without the card reader of ID card of SAM module
Interface is wireline interface or wireless interface, and communication interface can carry out data communication with backstage 10;SAM module is that existing identity card is read
One module of card device setting, SAM module can be used for just reading identity card after certification passes through with identity card mutual authentication
Information ciphertext, and identity card cipher-text information is decrypted to obtain the plaintext of ID card information, due to the identity card in this programme
Card reader is not provided with SAM module, when the card reader of ID card without SAM module needs reading identity card cleartext information, needs
Certification request is sent after certification passes through to backstage resident identification card data are sent to SAM device by backstage and are grasped accordingly
Make, such as ID card information ciphertext is decrypted, obtain identity card cleartext information and is back to the identity card card reading without SAM module
Device 20.
In addition, the card reader of ID card 20 for not having SAM module is also used between background transfer identity card and SAM device
Interaction data, and 10 establish exit passageway with backstage, the SAM device on backstage executes the stream for obtaining resident identification card data
During journey, the data transmitted between identity card and SAM device are transmitted using exit passageway with backstage 10.It is possible thereby to improve
The safety that data are transmitted between backstage and card reader of ID card, is further ensured that the safety for being sent to the data of SAM device.
As shown in figure 5, the system for present embodiments providing another access SAM device, which includes: in embodiment 2
30 (this reality of backstage 10 (as shown in Figure 2), the card reader of ID card 20 without SAM module and one or more SAM device
Example is applied only for 3), in which:
Card reader of ID card 20 without SAM module, for sending certification request to backstage;Wherein, about backstage 10
Related content, specific descriptions refer to embodiment 2.Each SAM device 30, for starting to execute after the instruction on backstage 10
Obtain the process of resident identification card data.
In addition, the card reader of ID card 20 for not having SAM module is also used between background transfer identity card and SAM device
Interaction data, and 10 establish exit passageway with backstage, the SAM device on backstage executes the stream for obtaining resident identification card data
During journey, the data transmitted between identity card and SAM device are transmitted using exit passageway with backstage 10.It is possible thereby to improve
The safety that data are transmitted between backstage and card reader of ID card, is further ensured that the safety for being sent to the data of SAM device.
The system of the access SAM device provided through this embodiment, SAM device execute the stream for obtaining resident identification card data
Before journey, backstage just carries out safety certification to the card reader of ID card and identity card that do not have SAM module, and if only if to not having
After the safety certification of the card reader of ID card and identity card that have SAM module passes through, just allows SAM device to start execution from the background and obtain
Take the process of resident identification card data, if to do not have SAM module card reader of ID card and identity card safety certification not
Pass through, then backstage does not allow SAM device to start to execute the process for obtaining resident identification card data, so that ensure that not to have illegally
When thering is the card reader of ID card of SAM module or illegal identity card to want attack SAM device, it can identify that this does not have illegally from the background
The card reader of ID card or illegal identity of SAM module are demonstrate,proved, and are stopped this rogue attacks, are reduced root certificate information in SAM device
The risk being trapped provides guarantee for the secure accessing of SAM device.
Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes
It is one or more for realizing specific logical function or process the step of executable instruction code module, segment or portion
Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussed suitable
Sequence, including according to related function by it is basic simultaneously in the way of or in the opposite order, Lai Zhihang function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.Above-mentioned
In embodiment, software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage
Or firmware is realized.It, and in another embodiment, can be under well known in the art for example, if realized with hardware
Any one of column technology or their combination are realized: having a logic gates for realizing logic function to data-signal
Discrete logic, with suitable combinational logic gate circuit specific integrated circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries
Suddenly be that relevant hardware can be instructed to complete by program, program can store in a kind of computer readable storage medium
In, which when being executed, includes the steps that one or a combination set of embodiment of the method.
It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in a processing module
It is that each unit physically exists alone, can also be integrated in two or more units in a module.Above-mentioned integrated mould
Block both can take the form of hardware realization, can also be realized in the form of software function module.If integrated module with
The form of software function module is realized and when sold or used as an independent product, also can store computer-readable at one
It takes in storage medium.
Storage medium mentioned above can be read-only memory, disk or CD etc..
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any
One or more embodiment or examples in can be combined in any suitable manner.
Although the embodiments of the present invention has been shown and described above, it is to be understood that above-described embodiment is example
Property, it is not considered as limiting the invention, those skilled in the art are not departing from the principle of the present invention and objective
In the case where can make changes, modifications, alterations, and variations to the above described embodiments within the scope of the invention.The scope of the present invention
By appended claims and its equivalent limit.
Claims (13)
1. a kind of guard method of SAM device characterized by comprising
Backstage receives the certification request that the card reader of ID card without SAM module is sent;It is at least wrapped in the certification request
Include: card reader authentication information and the first ID card information, first ID card information include at least identity card essential information,
The check value that parameter to be verified and identity card are calculated using check key based on the parameter to be verified, and the identity
Demonstrate,proving essential information does not include resident identification card data, and the identity card essential information includes at least following one: identity card card
Mark, identity card application data and identity card presupposed information;
The backstage is according to the card reader authentication information in the certification request to the identity card without SAM module
Card reader carries out safety certification;
First ID card information is sent to the SAM device by the backstage;
The SAM device receives first ID card information;The identity card is inquired according to the identity card essential information
Check key, the check value of SAM device side is calculated based on the parameter to be verified using the check key, judges institute
Whether the check value for stating SAM device side is consistent with the check value in first ID card information, if unanimously, to after described
It is true confirmation message that platform, which returns to the identity card,;
The backstage receives passing through according to first ID card information to the authentication ids for the SAM device return
Confirmation message afterwards confirms that the identity card is true;
After passing through to the card reader of ID card safety certification without SAM module, and to the true of the identity card
Property confirmation after, indicate that the SAM device executes the process for obtaining the resident identification card data.
2. the method as described in claim 1, it is characterised in that: first ID card information, further includes: authentication ids letter
Breath.
3. method according to claim 1 or 2, it is characterised in that: the method also includes:
The backstage obtains the management access information of the identity card;The management access information of the identity card include it is following at least
One of: the card management information of the identity card, the history of identity card access number, the identity card are currently accessed position
Set, the history on-position of the identity card, the identity card the current transaction letter for being currently accessed time and the identity card
Breath;
The backstage carries out identity card and the card reader according to preset strategy according to the management access information of the identity card
Risk control management.
4. method according to claim 1 or 2, it is characterised in that: the method also includes:
The backstage obtains the management access information of the card reader;The management access information of the card reader include it is following at least
One of: the device management information of the card reader, the history access number of the card reader, the card reader are currently accessed position
Set, the history on-position of the card reader, the card reader the Transaction Information for being currently accessed time, the card reader;
According to the management access information of the card reader, risk control management is carried out to the card reader according to preset strategy.
5. method according to claim 1 or 2, it is characterised in that: read in the identity card to described without SAM module
After card device safety certification passes through, and after the authenticity validation to the identity card, obtained in the instruction SAM device execution
Before the process for taking resident identification card data, the method also includes: the backstage and the identity card without SAM module
Card reader establishes exit passageway;
The method also includes: during the SAM device executes the process for obtaining resident identification card data, the backstage
The identity card and the SAM device are transmitted using the exit passageway with the card reader of ID card without SAM module
Between the data transmitted.
6. a kind of for protecting the backstage of SAM device characterized by comprising
Reception device, the certification request sent for receiving card reader of ID card without SAM module, in the certification request
Include at least: card reader authentication information and the first ID card information, first ID card information include at least identity card base
The check value that this information, parameter to be verified and identity card are calculated using check key based on the parameter to be verified, and
The identity card essential information does not include resident identification card data, and the identity card essential information includes at least following one: body
Part card piece mark, identity card application data and identity card presupposed information;
Authentication device, for according to the card reader authentication information in the certification request to described without SAM module
Card reader of ID card carries out safety certification, and first ID card information is sent to the SAM device;It receives described
Confirmation message after what SAM device returned pass through the authentication ids according to first ID card information, described in confirmation
Identity card is true;Wherein, the SAM device receives first ID card information;It is inquired according to the identity card essential information
To the check key of the identity card, SAM device side is calculated based on the parameter to be verified using the check key
Check value judges whether the check value of the SAM device side is consistent with the check value in first ID card information, if one
It causes, then returning to the identity card to the backstage is true confirmation message;
Access device, for passing through in the authentication device to the card reader of ID card safety certification without SAM module
Afterwards, it and after the authenticity validation to the identity card, indicates that the SAM device executes and obtains the resident identification card data
Process.
7. backstage as claimed in claim 6, it is characterised in that: the backstage further include:
The SAM device, for executing the stream for obtaining resident identification card data after the instruction for receiving the access device
Journey.
8. backstage as claimed in claims 6 or 7, it is characterised in that:
First ID card information further include: authentication ids information.
9. backstage as claimed in claims 6 or 7, it is characterised in that: the backstage further include:
Risk control device, for obtaining the management access information of the identity card;It is accessed and is believed according to the management of the identity card
Breath carries out risk control management to identity card and the card reader according to preset strategy, wherein the management of the card reader accesses
Information includes at least one of: history the access number, the reading of the device management information of the card reader, the card reader
Card device be currently accessed position, the history on-position of the card reader, the card reader are currently accessed time, the card reading
The Transaction Information of device.
10. backstage as claimed in claim 9, it is characterised in that:
The risk control device is also used to obtain the management access information of the card reader, and according to the pipe of the card reader
It manages access information and risk control management is carried out to the card reader according to preset strategy, wherein the management of the card reader accesses
Information includes at least one of: history the access number, the reading of the device management information of the card reader, the card reader
Card device be currently accessed position, the history on-position of the card reader, the card reader are currently accessed time, the card reading
The Transaction Information of device.
11. backstage as claimed in claims 6 or 7, it is characterised in that: the backstage further include:
Transmitting device, for passing through in the authentication device to the card reader of ID card safety certification without SAM module
Afterwards, it and after the authenticity validation to the identity card, indicates that the SAM device executes in the access device and obtains resident's body
Before the process of part card data, exit passageway is established with the card reader;The transmitting device is also used in the SAM device
During executing the process for obtaining resident identification card data, the identity is transmitted using the exit passageway with the card reader
The data transmitted between card and the SAM device.
12. a kind of protection system of SAM device characterized by comprising backstage as claimed in claim 6 or such as right
It is required that the backstage described in when only quoting claim 6 in 8~11 any one, card reader of ID card and SAM without SAM module
Device, in which:
The card reader of ID card without SAM module, for sending the certification request to the backstage;
The SAM device, for executing the process for obtaining resident identification card data after the instruction for receiving the backstage.
13. a kind of system for accessing SAM device characterized by comprising backstage as claimed in claim 7 or such as right
It is required that the backstage described in when only quoting claim 7 in any one of 8-11 and the card reader of ID card without SAM module,
In:
The card reader of ID card without SAM module, for sending the certification request to the backstage.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510799008.3A CN105488367B (en) | 2015-11-19 | 2015-11-19 | A kind of guard method, backstage and the system of SAM device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510799008.3A CN105488367B (en) | 2015-11-19 | 2015-11-19 | A kind of guard method, backstage and the system of SAM device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105488367A CN105488367A (en) | 2016-04-13 |
CN105488367B true CN105488367B (en) | 2019-05-21 |
Family
ID=55675342
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510799008.3A Active CN105488367B (en) | 2015-11-19 | 2015-11-19 | A kind of guard method, backstage and the system of SAM device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105488367B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105915549A (en) * | 2016-06-20 | 2016-08-31 | 公安部第三研究所 | Secure communication system and method for online read of physical identity card |
CN106375302B (en) * | 2016-08-30 | 2020-10-30 | 李明 | Method and system for reading resident certificate card information and resident certificate card reading device |
CN107346383B (en) * | 2016-09-09 | 2019-12-10 | 天地融科技股份有限公司 | authorization method and system |
KR102369228B1 (en) * | 2017-05-25 | 2022-02-28 | 삼성에스디에스 주식회사 | Risk analysis apparatus and method for risk based authentication |
CN107392805B (en) * | 2017-07-03 | 2020-09-08 | 南方城墙信息安全科技有限公司 | Electronic diploma read-write control system and method |
CN109639412A (en) * | 2018-12-05 | 2019-04-16 | 成都卫士通信息产业股份有限公司 | A kind of communication means, system and electronic equipment and storage medium |
CN109711180A (en) * | 2018-12-26 | 2019-05-03 | 江苏恒宝智能系统技术有限公司 | A kind of application method of identity card for substituting string code |
CN110110553A (en) * | 2019-05-16 | 2019-08-09 | 深圳航天科技创新研究院 | Card reader based on block chain reads method for verifying authority |
CN113408309B (en) * | 2021-08-19 | 2021-11-26 | 飞天诚信科技股份有限公司 | Data processing method and device and computer readable storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101123010A (en) * | 2007-08-17 | 2008-02-13 | 山东神思电子技术有限公司 | Network checking method for identity card validation |
CN104639538A (en) * | 2015-01-15 | 2015-05-20 | 李明 | Identity card information obtaining method and system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005057447A1 (en) * | 2003-12-09 | 2005-06-23 | Matsushita Electric Industrial Co., Ltd. | Authentication system, authentication device, and recording medium |
-
2015
- 2015-11-19 CN CN201510799008.3A patent/CN105488367B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101123010A (en) * | 2007-08-17 | 2008-02-13 | 山东神思电子技术有限公司 | Network checking method for identity card validation |
CN104639538A (en) * | 2015-01-15 | 2015-05-20 | 李明 | Identity card information obtaining method and system |
Also Published As
Publication number | Publication date |
---|---|
CN105488367A (en) | 2016-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105488367B (en) | A kind of guard method, backstage and the system of SAM device | |
CN104618115B (en) | ID card information acquisition methods and system | |
CN101778099B (en) | Architecture accessing trusted network for tolerating untrusted components and access method thereof | |
CN106027457B (en) | A kind of ID card information transmission method and system | |
CN109040139A (en) | A kind of identity authorization system and method based on block chain and intelligent contract | |
CN106027475B (en) | The transmission method and system of a kind of key acquisition method, ID card information | |
CN106027251B (en) | A kind of identity card card-reading terminal and cloud authentication platform data transmission method and system | |
CN105991650B (en) | A kind of transmission method and system of ID card information | |
CN103312691A (en) | Method and system for authenticating and accessing cloud platform | |
CN106027473B (en) | Identity card card-reading terminal and cloud authentication platform data transmission method and system | |
CN110267270A (en) | A kind of substation's inner sensor terminal access Border Gateway authentication intelligence contract | |
CN106156677B (en) | Identity card card reading method and system | |
CN105391555B (en) | A kind of method, backstage and system accessing SAM device | |
CN109729046A (en) | Two-dimensional code scanning method and terminal, authentication method and server and service system | |
CN109831311A (en) | A kind of server validation method, system, user terminal and readable storage medium storing program for executing | |
CN105024813A (en) | Server, user equipment and interactive method of the user equipment and the server | |
CN103391194B (en) | The method and system that the safety equipment of user are unlocked | |
CN107392001A (en) | A kind of authorization method, system and card | |
CN106027249A (en) | Identity card reading method and system | |
CN110929231A (en) | Digital asset authorization method and device and server | |
CN109617678A (en) | Intelligent lock system and password store method, device, equipment, computer media | |
CN106027256B (en) | A kind of identity card card reading response system | |
CN106027465B (en) | A kind of processing method of authentication ids information process request | |
CN105991649B (en) | A kind of scheduling system of reading identity card | |
CN105991648B (en) | A kind of dispatching method of reading identity card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220413 Address after: Tiantianrong building, No. 1, Zhongguancun, Beiqing Road, Haidian District, Beijing 100094 Patentee after: TENDYRON Corp. Address before: 100086 room 603, building 12, taiyueyuan, Haidian District, Beijing Patentee before: Li Ming |