CN105490814B - A kind of ticketing service real name identification method and system based on three-dimension code - Google Patents
A kind of ticketing service real name identification method and system based on three-dimension code Download PDFInfo
- Publication number
- CN105490814B CN105490814B CN201510895632.3A CN201510895632A CN105490814B CN 105490814 B CN105490814 B CN 105490814B CN 201510895632 A CN201510895632 A CN 201510895632A CN 105490814 B CN105490814 B CN 105490814B
- Authority
- CN
- China
- Prior art keywords
- information
- dimension code
- scan
- module
- ticket
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Abstract
The present invention relates to a kind of ticketing service real-name authentication real name identification method and system based on three-dimension code, including the following contents:1) start three-dimension code and generate server, draw safe three-dimension code;2) end of scan is scanned safe three-dimension code;3) start the request that authentication server processing end of scan is sent;4) it after end of scan receives the data packet that authentication server is sent, is decrypted with private key, and on the screen by the specifying information of nominal value and the printing of the identity information of bearer, completes the real-name authentication of ticketing service.The present invention can be widely applied in ticketing service real-name authentication.
Description
Technical field
The present invention relates to ticketing service authentication techniques fields, especially with regard to a kind of ticketing service real name identification method based on three-dimension code
And system.
Background technology
As bill forges the continuous improvement of technology, how to carry out bill anti-counterfeit and effective ticketing service certification is increasingly becoming society
It can focus of attention.In recent years, the appearance of real-name authentication is so that the booking environment of consumer has obtained significantly ensureing.So
And although currently used real name identification method can efficiently accomplish the verification of bill and the certification to holder's identity,
The design defect of its own makes the privacy of user face the risk of leakage.The peace of criminal manipulation is carried out for information on bill at present
Total event is appeared in the newspapers end repeatly, and the privacy of user cannot get sufficiently effective protection.
Mainly there is the safety problem of the following aspects currently based on the real-name authentication mechanism of Quick Response Code:1) due to Quick Response Code
Reading it is often offline, lack certification to recognizing apparatus identity, any terminal can without stint read Quick Response Code,
As soon as criminal only needs a smart mobile phone, the privacy information of bearer can be obtained from Quick Response Code at par, this is extremely
Dangerous;2) ticket has timeliness, expired to need to cancel, but Quick Response Code at par is permanent effectively, this is clearly lance
Shield, for the ticket of an expired failure, Quick Response Code at par remains to be read, and the user privacy information of storage is easy to meet with
To leakage, or even it can be utilized by criminal and be engaged in criminal activity;3) Quick Response Code capacity is limited, it is difficult to encode complicated user's letter
Breath and authentication data, while its generating algorithm discloses, anyone can generate easily, therefore Quick Response Code cannot achieve anti-fake work(
Energy.
Invention content
In view of the above-mentioned problems, the object of the present invention is to provide it is a kind of can effectively prevent leakage of private information based on three-dimensional
The ticketing service real name identification method and system of code.
To achieve the above object, the present invention takes following technical scheme:A kind of ticketing service real-name authentication side based on three-dimension code
Method, it is characterised in that include the following steps:1) start three-dimension code and generate server, draw safe three-dimension code;2) end of scan pair
Safe three-dimension code is scanned;3) start the request that authentication server processing end of scan is sent;4) end of scan receives
The data packet that authentication server is sent is decrypted with private key, and the identity of the specifying information of nominal value and bearer are believed
Breath printing on the screen, completes the real-name authentication of ticketing service.
Further, described 1) to start three-dimension code generation server, safe three-dimension code is drawn, detailed process is:1.1) enter
Select generating mode in the generation interface of three-dimension code;1.2) input needs the text message stored, including founder's information and privacy
" position " that information is stored in the database;1.3) certificate photo of the ticket holder of storage is wanted in selection, clicks " generation ";1.4) three
Dimension code generates server and relevant information is organized to generate BLS digital signature automatically, draws safe three-dimension code.
Further, 2) end of scan is scanned safe three-dimension code, and detailed process is:2.1) three-dimension code is scanned,
The boundary for determining three-dimension code obtains text message and picture by three-dimension code;2.2) cryptographic Hash for calculating the information obtained, is used in combination
Three-dimension code generates the public key verifications BLS digital signature of server, if signature verification does not pass through, " signature verification fails, should for display
Three-dimension code is illegal " information entered step 2.3) if be proved to be successful;2.3) end of scan obtains the mark of ticket in the database
After knowledge number, get_mac_address () function is called to obtain the addresses mac of itself, and TOTP is generated according to the key of oneself
Dynamic password calculates information cryptographic Hash, data packet is broken into after all information is carried out BLS digital signature, after rsa encryption
It is sent to authentication server.
Further, 3) request for starting authentication server processing end of scan and sending, detailed process are:3.1)
Progress RSA decrypts to obtain in plain text after authentication server receives request data package, first verifies that BLS signs, and calculates original and believes
The cryptographic Hash of breath, if signature verification fails, packet discard, and to the message of end of scan transmission " authentication failed ", if
It is proved to be successful, enters step 3.2);3.2) authentication server extracts the identity of end of scan from request data package
The mark of mac and ticket, and according to these information inquiry databases, obtain timestamp and generate dynamic password, by comparing dynamic
Whether password is consistent, judges whether the end of scan has permission the personal hidden of the specific ticket information and bearer for obtaining the ticket
If private sends the message of " without corresponding authority ", and termination to end of scan, otherwise enters without relevant permission
Step 3.3);3.3) authentication server inquires database, and whether the information to check end of scan request is effective, if letter
Breath failure, authentication server send the message of " information has failed " to end of scan, and fail message is deleted, if
Information does not fail, and authentication server is sent to end of scan after encrypting the information that end of scan is asked, and in number
According to the state for the relevant information that timely updates in library.
A kind of ticketing service real-name authentication system based on the above method, which is characterized in that including a three-dimension code generate server,
At least one end of scan, an authentication server and a database;The three-dimension code generates server organization relevant information
Digital signature is generated, safe three-dimension code is completed and draws;The end of scan obtains text message and certificate for scanning three-dimension code
According to verification digital signature asks specific ticket to differentiate the three-dimension code true and false to the authentication server transmission data packet
The identity information of face information and bearer;The authentication server handles the data packet request that the end of scan is sent,
Scope check is authenticated and carried out to the identity of the end of scan, sends message to the end of scan, while updating institute
State database.
Further, it includes that an information organization module, a Digital Signature module and one are three-dimensional that the three-dimension code, which generates server,
Code drafting module, described information molded tissue block are used for tissue related news by founder's information, " position " of privacy information, user
The Digital Signature module is sent to after certificate photo information integration, the Digital Signature module calculates the cryptographic Hash of the information received
And generation BLS digital signature is encrypted to cryptographic Hash using privacy key and is attached to behind corresponding information;The three-dimension code
Drafting module is for drawing safe three-dimension code.
Further, the end of scan includes a scan module, a data obtaining module and a signature verification module, described
The boundary of scan module three-dimension code for identification, obtain version, color lump colouring information and it will be obtained be sent to described information and obtain
Modulus block;Described information acquisition module calls transfer function to convert color lump to byte stream acquisition information and sends out the information of acquisition
It is sent to the signature verification module, the signature verification module verification signature is to complete the verification to three-dimension code, if signature is tested
Card failure is then refused to send to authentication server and be asked, if signature verification success, takes out ticket from three-dimension code information
Identification number obtains the addresses mac of itself, Production development password, and extracts the calculating cryptographic Hash of information, and all information are carried out
BLS digital signature breaks into data packet, and the authentication server is sent to after rsa encryption.
Further, the authentication server includes an authentication module, a scope check module and a database
Management module, the authentication module are decrypted it after receiving the request data package that end of scan is sent, and verification is asked
The digital signature and dynamic password in data packet are sought, the verification to end of scan identity is completed, if authentication failed, refusal is corresponding
Request inquire database, inspection if being proved to be successful the scope check module according to the identity of sender and the information of request
Look into whether sender has the permission for obtaining the information, if end of scan can will be sent to after encrypted request message, instead by checking
Refusal;The database management module for timely updating database, including delete outdated information, modification dynamic password and
Remove hash.
Further, the database includes Authority tables, Scanners tables, Ticket tables and ticket_info
Table, wherein Authority tables are for recording the information whether a certain end of scan can be read certain ticket, Scanners tables
The key InitalizationKey, Ticket shared with each end of scan for recording the authentication server
Number can be read in the expired time, ticket checking state, residue that table is used to record ticket, and ticket_info tables are for recording the detailed of nominal value
The identity information of thin information and bearer.
The invention adopts the above technical scheme, which has the following advantages:1, the present invention is deposited using three-dimension code is powerful
Energy storage power, storage " position ", user certificate photograph and the digital signature of founder's information, sensitive data in the database etc. is all
Multi information is stored in three-dimension code, recognizes verification by the end of scan authorized, verification process is transparent to user, in three-dimension code no longer
Sensitive personal information is stored, and is deposited into server, and limits identification number, is innovatively realized " after reading i.e.
Ruin " function, fundamentally prevented the leakage of information, the privacy for the user that adequately protects.2, the present invention successfully signs BLS
For the verification of three-dimension code, the insertion of digital signature not only ensure that the integrality of three-dimension code information, while realize to creating
The certification of person's identity has prevented the possibility that three-dimension code is forged.3, data packet of the invention is all made of RSA public key encryption algorithms,
Key has also selected the 1024bit keys of high security.The double authentication scheme of TOTP dynamic passwords and BLS signatures realizes salubrity
While part certification, it ensure that the integrality of communication data, enable a system to resist Replay Attack, further enhance and communicated
The safety of journey, compared with traditional ticketing service real-name authentication scheme, ticketing service real name identification method of the invention is to carry with three-dimension code
Body, by the on-line storage of sensitive information and the ID authentication mechanism of safety, the privacy information for the user that adequately protects is created simultaneously
Realize " readding rear destroyed " of privacy information and the control to end of scan number to new property so that the mistake of entire ticketing service certification
Cheng Gengjia is safe and reliable.The present invention can be widely applied in ticketing service real-name authentication.
Description of the drawings
Fig. 1 is the three-dimension code product process schematic diagram of the present invention;
Fig. 2 is the three-dimension code verification flow diagram of the present invention;
Fig. 3 is the data packet construction flow diagram of the present invention;
Fig. 4 is the end of scan flow for authenticating ID schematic diagram of the present invention;
Fig. 5 is the request data package scope check flow diagram of the present invention;
Fig. 6 is the ticketing service real-name authentication system hardware structure schematic diagram of the present invention;
Fig. 7 is the ticketing service real-name authentication system architecture schematic diagram of the present invention.
Specific implementation mode
Come to carry out detailed description to the present invention below in conjunction with attached drawing.It should be appreciated, however, that attached drawing has been provided only more
Understand the present invention well, they should not be interpreted as limitation of the present invention.
Ticketing service real name identification method provided by the invention based on three-dimension code, includes the following steps:
1, start three-dimension code and generate server, draw safe three-dimension code, detailed process is:
1.1) the generation interface for entering three-dimension code, it includes picture, word and ticketing service Three models to generate interface, selects ticketing service
Pattern (also known as " mixed mode ", i.e., information includes text and picture);
1.2) input needs the text message that stores, including founder's information is stored in the database with privacy information
" position " (identification number), such as " China railway 00000001 ";
1.3) certificate photo of the ticket holder of storage is wanted in selection, clicks " generation ";
1.4) it organizes relevant information to generate BLS digital signature automatically as shown in Figure 1, three-dimension code generates server, draws peace
Full three-dimension code, detailed process are:
(1) it converts text message to corresponding ASCII value, then changes into corresponding 8 bit, produce text envelope
Cease corresponding 01 character string M1;
(2) pictorial information is converted, specific method is to regard picture as text file, opens picture file, once
1 character is read, its ASCII value is converted to 8 bits, reads the end of file, picture has been changed into 01 character string M2.
(3) connection string M1, M2 obtains character string M3 (M3=M1||M2), the private of server is generated using three-dimension code
Key generates the BLS signature S (being similarly 01 character string) of M3, and digital signature is attached to behind M3, ultimately generates 01 character string
M4 (M4=M3||S).
(4) according to the corresponding three-dimension code of 01 rendering character strings.
By taking four color three-dimension codes as an example, detailed process is the present embodiment:Error correcting code is added in character string first, generates new
Character string M5, and the length L (being indicated with 16 two-stage system numbers) of new character strings M5 is counted, it is attached to (L| before new character strings M5;|
M5).Since comprising four kinds of different colors, needing two bits to carry out marker color, (if " 00 " indicates red, " 01 " indicates
Green, " 10 " indicate that purple, " 11 " indicate green).For new character strings, two two-stage system numbers are read every time, generate corresponding face
The color lump of color terminates until reading, and three-dimension code is drawn successfully.
The BLS short signature schemes that the present invention uses are briefly described below, BLS signatures are one kind using Bilinear map construction
Short signature scheme has very extensive application in ID-based cryptosystem and based on Bilinear map cryptography.With traditional RSA
Signature scheme is compared, and signature length is shorter, only 160bit, and detailed process is:
Key generates:Randomly choose XL∈Zp, calculate YL=XLP, YLAs public key, XLAs private key;
Signature generates:Input message m, calculate the signature sig=XLHash(m);
Signature verification:Input information m and signature sig, judges e (Hash (m), YLWhether)=e (sig, P) is true, because
If message is not tampered with, it should have e (Hash (m), YL)=e (Hash (m), P)XL=e (XLHash (m), P)=e (sig,
P)。
2, as shown in Fig. 2, end of scan is scanned safe three-dimension code, detailed process is:
2.1) three-dimension code is scanned, determines the boundary of three-dimension code, the size of the three-dimension code of acquisition, version information and color lump
Color etc., and call transfer function to convert color lump to byte stream and obtain text message and picture;
2.2) cryptographic Hash (SHA-256) for calculating the information (including text message, certificate photo) obtained, is used in combination three-dimension code to give birth to
At the public key verifications BLS digital signature of server, if signature verification does not pass through, illustrate the three-dimension code system forge or information it is complete
Whole property is destroyed, 2.3) information of display " signature verification fails, and the three-dimension code is illegal " enters step if be proved to be successful;
2.3) as shown in figure 3, after the identification number (id) of end of scan acquisition ticket in the database, get_mac_ is called
Address () function obtains the addresses mac of itself, and generates TOTP dynamic passwords (password), meter according to the key of oneself
All information is carried out BLS by the cryptographic Hash (SHA-256) for calculating these information (addresses identification number+mac+TOTP dynamic passwords)
Data packet is broken into after digital signature, and authentication server is sent to after rsa encryption;Wherein, all end of scan are to body
The request that part certificate server is sent will be packaged into the data packet of unified format, to pass through the body of authentication server
Part certification, the format of data packet are as follows:
Identity | Dynamic password | Want the sequence number of the ticket obtained | Digital signature |
3, start the request that authentication server processing end of scan is sent, detailed process is:
3.1) as shown in figure 4, progress RSA decrypts to obtain (packet in plain text after authentication server receives request data package
Include prime information and digital signature), it first verifies that BLS signs, the cryptographic Hash (SHA-256) of prime information is calculated, if signature verification
Failure, packet discard, and entered step 3.2) to the message of end of scan transmission " authentication failed " if be proved to be successful;
3.2) authentication server extracts the identity mac of end of scan and the mark of ticket from request data package
Know, and according to these information inquiry databases, obtains timestamp and generate dynamic password, it is whether consistent by comparing dynamic password,
Judge whether the end of scan has permission the individual privacy of the specific ticket information and bearer that obtain the ticket, if without phase
The permission of pass sends the message of " without corresponding authority ", and termination to end of scan, otherwise enters step 3.3);
3.3) as shown in figure 5, authentication server inquires database, to check whether the information of end of scan request has
Effect (ticket information is expired, the remaining number that can be read is 0 to think that the information has failed), if information fails, authentication clothes
Business device sends the message of " information has failed " to end of scan, and fail message is deleted, if information does not fail, identity
Certificate server is sent to end of scan after encrypting the information that end of scan is asked, and the correlation that timely updates in the database
The state (such as residue can be read number and subtract one) of information;
4, it after end of scan receives the data packet of authentication server transmission, is decrypted with private key, and by nominal value
Specifying information and the printing of the identity information of bearer on the screen, complete the real-name authentication of ticketing service.
The structure of the database of ticketing service real name identification method the present invention is based on three-dimension code is described below in detail, it is of the invention
Database includes Authority tables, Scanners tables, Ticket tables and ticket_info tables, wherein Authority tables are used
In the information that records a certain end of scan and whether can be read certain ticket, Scanners tables for record authentication server with it is each
Shared key Inital izationKey, the Ticket tables of a end of scan be used to record the expired time of ticket, ticket checking state,
Residue can be read number, ticket_info tables be used to record nominal value details (identification number, departure place, destination, admission fee,
Train number, departure time, seat information) and bearer identity information, the function of each table specific implementation is described below:
(1) recognition end of scan is controlled by authority tables:Judge that can a certain end of scan read the letter of certain ticket
Breath, what is relied primarily on is the inquiry operation to authority tables, when having respective entries in authority tables, indicates scanning end
End possesses reading permission;It is on the contrary then cannot read.Therefore illegal end of scan can not read three-dimension code, to control privacy letter
The flow direction of breath.
(2) recognition number is controlled by ticket tables:Whenever authentication server detects end of scan to certain ticket
The primary of information successfully read, authentication server can update the data the ticket tables in library, be remained to corresponding three-dimension code
The remaining number that can be read does the operation that subtracts one.When residue degree is 0, any mobile device can not all read the three-dimension code, do so
Purpose be to reduce the relevant information risk that is maliciously read and abused.
(3) pass through ticket tables control " after reading destroyed ":When certain ticket completes ticket checking work, authentication server update
Corresponding ticket state is updated to " ticket checking " by ticket tables, and end of scan any in this way can not all read again the three-dimension code,
Information is equivalent to " to erase " from three-dimension code.
(4) expired automatic calcellation is controlled by ticket tables and ticket_info tables:Ticket has timeliness, is more than to use
Time limit should cancel, and can effectively prevent the privacy information that criminal illegally obtains bearer from expired ticket, identity in this way
Certificate server obtains the service life of corresponding ticket by inquiring ticket tables, to judge whether ticket is expired.If expired, more
New ticket_info tables, delete expired ticket information, and three-dimension code corresponding in this way is also just entirely ineffective, so as to avoid because
Expired ticket lose and caused by leakage of private information.
According to the above-mentioned ticketing service real name identification method based on three-dimension code, as shown in fig. 6, the present invention also sets up ticketing service reality
Name Verification System, including a three-dimension code generate server 1, at least one end of scan 2, an authentication server 3 and one number
According to library;Three-dimension code generates server 1 and relevant information is organized to generate digital signature, completes safe three-dimension code and draws;End of scan 2 is used
In scanning three-dimension code, text message and certificate photo are obtained, verification digital signature takes to differentiate the three-dimension code true and false to authentication
Business 3 transmission data packet of device asks specific ticket information and the identity information of bearer;The processing of authentication server 3 scanning is eventually
The data packet request that end 2 is sent, is authenticated the identity of end of scan and carries out scope check, disappears to end of scan transmission
Breath, while updating the data library.
In a preferred embodiment, as shown in fig. 7, three-dimension code generate server 1 include an information organization module 11,
One Digital Signature module 12 and a three-dimension code drafting module 13.Wherein, information organization module 11 (is needed for tissue related news
The information being stored in three-dimension code includes the identification number etc. of founder's information, ticket) by founder's information, " position of privacy information
Set " (identification number of ticket), user certificate according to etc. be sent to Digital Signature module 12 after information integrations;Digital Signature module 12 calculates
The cryptographic Hash (SHA-256) of the information of reception, and using privacy key, (storage is used to generate BLS signatures on the server)
Generation BLS digital signature is encrypted to cryptographic Hash to be attached to behind corresponding information;Three-dimension code drafting module 13 is calculated using corresponding
Method draws safe three-dimension code.
In a preferred embodiment, as shown in fig. 7, end of scan 2 includes a scan module 21, an acquisition of information mould
Block 22 and a signature verification module 23, wherein the boundary of the three-dimension code for identification of scan module 21 obtains the face of version, color lump
The information such as color simultaneously will obtain it and be sent to data obtaining module 22;Data obtaining module 22 calls transfer function to convert color lump to word
Throttling obtains information and the information of acquisition is sent to signature verification module 23;Signature verification module 23 isolates digital signature,
Verification signature is to complete the verification to three-dimension code, if signature verification failure (forgery of three-dimension code system), refuses to authentication
Server sends request, if signature verification success, the identification number (id) of ticket is taken out from three-dimension code information, obtains itself
The addresses mac, Production development password (password), and calculate Hash (mac||password||Id BLS digital signature)) is generated
It is attached to behind information, and authentication server 3 is sent to using data packet is broken into after the public key of server progress rsa encryption.
In a preferred embodiment, authentication server 3 includes an authentication module 31, a scope check mould
Block 32 and a database management module 33, wherein after authentication module 31 receives the request data package of end of scan transmission
It is decrypted, the digital signature in checking request data packet and dynamic password, completes the verification to 2 identity of end of scan,
If authentication failed, refuse corresponding request, if being proved to be successful identity and request of the scope check module 32 according to sender
Information, inquire database, check sender whether have obtain the information permission, if by check can be by encrypted request message
After be sent to end of scan 2, otherwise refusal;Database management module 3 is for the database that timely updates, including deletes expired letter
Breath, modification dynamic password and removing hash.
The various embodiments described above are merely to illustrate the present invention, wherein the structure of each component, connection type and manufacture craft etc. are all
It can be varied from, every equivalents carried out based on the technical solution of the present invention and improvement should not exclude
Except protection scope of the present invention.
Claims (8)
1. a kind of ticketing service real name identification method based on three-dimension code, it is characterised in that include the following steps:
1) start three-dimension code and generate server, draw safe three-dimension code;
2) end of scan is scanned safe three-dimension code, and detailed process is:
2.1) three-dimension code is scanned, determines the boundary of three-dimension code, text message and picture are obtained by three-dimension code;
2.2) cryptographic Hash for calculating the information obtained is used in combination three-dimension code to generate the public key verifications BLS digital signature of server, if
Signature verification does not pass through, and the information of display " signature verification fails, and the three-dimension code is illegal " enters step if be proved to be successful
2.3);
2.3) after end of scan obtains the identification number of ticket in the database, get_mac_address () function is called to be obtained from
The addresses mac of body, and TOTP dynamic passwords are generated according to the key of oneself, information cryptographic Hash is calculated, all information is carried out
Data packet is broken into after BLS digital signature, authentication server is sent to after rsa encryption;
3) start the request that authentication server processing end of scan is sent;
4) end of scan receives the data packet of authentication server transmission and is decrypted with private key, and by the specifying information of nominal value
And the identity information printing of bearer is on the screen, completes the real-name authentication of ticketing service.
2. a kind of ticketing service real name identification method based on three-dimension code as described in claim 1, which is characterized in that described 1) to start
Three-dimension code generates server, draws safe three-dimension code, detailed process is:
1.1) generating mode is selected in the generation interface for entering three-dimension code;
1.2) input needs the text message stored, including " the position that founder's information is stored in the database with privacy information
It sets ";
1.3) certificate photo of the ticket holder of storage is wanted in selection, clicks " generation ";
1.4) three-dimension code generates server and organizes relevant information generation BLS digital signature automatically, draws safe three-dimension code.
3. a kind of ticketing service real name identification method based on three-dimension code as claimed in claim 1 or 2, which is characterized in that it is described 3)
Start the request that authentication server processing end of scan is sent, detailed process is:
3.1) progress RSA decrypts to obtain in plain text after authentication server receives request data package, first verifies that BLS signs,
The cryptographic Hash of prime information is calculated, if signature verification fails, packet discard, and send disappearing for " authentication failed " to end of scan
3.2) breath, if be proved to be successful, enters step;
3.2) authentication server extracts the identity mac of end of scan and the mark of ticket from request data package, and
It according to these information inquiry databases, obtains timestamp and generates dynamic password, whether consistent by comparing dynamic password, judging should
Whether end of scan has permission the individual privacy of the specific ticket information and bearer that obtain the ticket, if without relevant power
Limit sends the message of " without corresponding authority ", and termination to end of scan, otherwise enters step 3.3);
3.3) authentication server inquires database, and whether the information to check end of scan request is effective, if information is lost
Effect, authentication server send the message of " information has failed " to end of scan, and fail message is deleted, if information
It does not fail, authentication server is sent to end of scan after encrypting the information that end of scan is asked, and in database
In timely update the state of relevant information.
4. a kind of ticketing service real-name authentication system realized such as claims 1 to 3 any one of them ticketing service real name identification method,
It is characterized in that, including a three-dimension code generates server, at least one end of scan, an authentication server and a database;
The three-dimension code generates server organization relevant information and generates digital signature, completes safe three-dimension code and draws;The end of scan
For scanning three-dimension code, text message and certificate photo are obtained, verification digital signature is to differentiate the three-dimension code true and false, and to the identity
Certificate server transmission data packet asks specific ticket information and the identity information of bearer;At the authentication server
The data packet request that the end of scan is sent is managed, scope check is authenticated and carried out to the identity of the end of scan, to
The end of scan sends message, while updating the database.
5. a kind of ticketing service real-name authentication system based on three-dimension code as claimed in claim 4, which is characterized in that the three-dimension code
It includes an information organization module, a Digital Signature module and a three-dimension code drafting module, described information tissue mould to generate server
Block is for tissue related news by founder's information, " position " of privacy information, user certificate according to being sent to institute after information integration
Digital Signature module is stated, the Digital Signature module calculates the cryptographic Hash of the information received and using privacy key to cryptographic Hash
Generation BLS digital signature is encrypted to be attached to behind corresponding information;The three-dimension code drafting module is for drawing safe three-dimensional
Code.
6. a kind of ticketing service real-name authentication system based on three-dimension code as described in claim 4 or 5, which is characterized in that described to sweep
It includes that a scan module, a data obtaining module and a signature verification module, the scan module are three-dimensional for identification to retouch terminal
The boundary of code, obtain version, color lump colouring information and it will be obtained be sent to described information acquisition module;Described information obtains mould
Block calls transfer function to convert color lump to byte stream acquisition information and the information of acquisition is sent to the signature verification module,
The signature verification module verification signature, if signature verification fails, is refused to recognize to identity to complete the verification to three-dimension code
It demonstrate,proves server and sends request, if signature verification success, the identification number of ticket is taken out from three-dimension code information, obtains the mac of itself
Address, Production development password, and the calculating cryptographic Hash of information is extracted, all information progress BLS digital signature is broken into data packet,
The authentication server is sent to after rsa encryption.
7. a kind of ticketing service real-name authentication system based on three-dimension code as described in claim 4 or 5, which is characterized in that the body
Part certificate server includes an authentication module, a scope check module and a database management module, the authentication
Module receive end of scan transmission request data package after it is decrypted, the digital signature in checking request data packet and
Dynamic password completes the verification to end of scan identity, if authentication failed, refuses corresponding request, if being proved to be successful described
Scope check module inquires database according to the identity of sender and the information of request, checks whether sender has acquisition should
The permission of information, if by checking end of scan can will be sent to after encrypted request message, on the contrary refusal;The data base administration
Module is for the database that timely updates, including deletes outdated information, modification dynamic password and remove hash.
8. a kind of ticketing service real-name authentication system based on three-dimension code as described in claim 4 or 5, which is characterized in that the number
Include Authority tables, Scanners tables, Ticket tables and ticket_info tables according to library, wherein Authority tables are used for
The information whether a certain end of scan can be read certain ticket is recorded, Scanners tables are for recording the identity authentication service
Key InitalizationKey, the Ticket table that device and each end of scan are shared be used to record ticket expired time,
Number can be read in ticket checking state, residue, and ticket_info tables are used to record the details of nominal value and the identity letter of bearer
Breath.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510895632.3A CN105490814B (en) | 2015-12-08 | 2015-12-08 | A kind of ticketing service real name identification method and system based on three-dimension code |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510895632.3A CN105490814B (en) | 2015-12-08 | 2015-12-08 | A kind of ticketing service real name identification method and system based on three-dimension code |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105490814A CN105490814A (en) | 2016-04-13 |
CN105490814B true CN105490814B (en) | 2018-10-26 |
Family
ID=55677561
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510895632.3A Active CN105490814B (en) | 2015-12-08 | 2015-12-08 | A kind of ticketing service real name identification method and system based on three-dimension code |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105490814B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106169192A (en) * | 2016-07-15 | 2016-11-30 | 北京万社科技有限公司 | Ticket checking method, Apparatus and system |
CN107481376B (en) * | 2017-08-21 | 2020-01-10 | 三维码(厦门)网络科技有限公司 | Three-dimensional code unlocking method based on intelligent application |
CN108446748A (en) * | 2018-03-21 | 2018-08-24 | 广州纳丽生物科技有限公司 | With the super authentication method for receiving crystallite of the super intelligent skin beautifying apparatus for receiving crystallite and skin beautifying apparatus |
CN108876375B (en) * | 2018-06-29 | 2020-09-08 | 全链通有限公司 | Block chain real name participation method and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1818961A (en) * | 2005-02-07 | 2006-08-16 | 刘瑞祯 | Electronic billing system |
CN102760242A (en) * | 2012-05-16 | 2012-10-31 | 孟智平 | Encoding and decoding method for three-dimensional codes and using method |
CN102970140A (en) * | 2012-11-15 | 2013-03-13 | 郑铭浚 | Electronic authentication system for enterprise or personal authorization information |
CN103269269A (en) * | 2013-05-08 | 2013-08-28 | 吴伟 | File encryption transmission method based on two-dimensional bar code technology |
CN104077625A (en) * | 2014-06-19 | 2014-10-01 | 中国科学院信息工程研究所 | Two-dimension code content verifying method based on electronic signature |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030184811A1 (en) * | 1998-07-08 | 2003-10-02 | John Overton | Automated system for image archiving |
-
2015
- 2015-12-08 CN CN201510895632.3A patent/CN105490814B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1818961A (en) * | 2005-02-07 | 2006-08-16 | 刘瑞祯 | Electronic billing system |
CN102760242A (en) * | 2012-05-16 | 2012-10-31 | 孟智平 | Encoding and decoding method for three-dimensional codes and using method |
CN102970140A (en) * | 2012-11-15 | 2013-03-13 | 郑铭浚 | Electronic authentication system for enterprise or personal authorization information |
CN103269269A (en) * | 2013-05-08 | 2013-08-28 | 吴伟 | File encryption transmission method based on two-dimensional bar code technology |
CN104077625A (en) * | 2014-06-19 | 2014-10-01 | 中国科学院信息工程研究所 | Two-dimension code content verifying method based on electronic signature |
Also Published As
Publication number | Publication date |
---|---|
CN105490814A (en) | 2016-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108229188B (en) | Method for signing file and verifying file by using identification key | |
US7362869B2 (en) | Method of distributing a public key | |
CN1565117B (en) | Data certification method and apparatus | |
US7278017B2 (en) | Method and device for secure wireless transmission of information | |
JP4638990B2 (en) | Secure distribution and protection of cryptographic key information | |
JP4776245B2 (en) | Opinion registration application for universal pervasive transaction framework | |
CN101789067B (en) | electronic document signature protecting method and system | |
CN108833114A (en) | A kind of decentralization identity authorization system and method based on block chain | |
CN107493273A (en) | Identity identifying method, system and computer-readable recording medium | |
JP2005010826A (en) | Authentication terminal device, biometrics information authentication system and biometrics information acquisition system | |
CN103679436A (en) | Electronic contract security system and method based on biological information identification | |
CN107209821A (en) | For the method and authentication method being digitally signed to e-file | |
CN1835434B (en) | Electronic mail system and method based on CPK safety authentication | |
JP2015537431A (en) | How to use an analog digital (AD) signature with additional confirmation to sign a document | |
CN105490814B (en) | A kind of ticketing service real name identification method and system based on three-dimension code | |
CN1283827A (en) | Universal electronic information network authentication system and method | |
US11303433B2 (en) | Method and device for generating HD wallet name card and method and device for generating HD wallet trusted address | |
US10706406B2 (en) | Method and a system for authenticating and identifying the location of a communication device | |
CN105656920A (en) | Method and system for encryption and decryption of mailing data based on expressage | |
CN112507300A (en) | Electronic signature system based on eID and electronic signature verification method | |
JPH10135943A (en) | Portable information storage medium, verification method and verification system | |
CN108710931B (en) | Mailing address information privacy protection method based on two-dimensional code | |
CN110213232A (en) | A kind of fingerprint characteristic and key double verification method and apparatus | |
WO2020114597A1 (en) | Technique for cryptographic document protection and verification | |
CN108400874A (en) | The method that the digital signature function of terminal is authenticated printed text is verified using seal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20230719 Address after: Room 1302, Building 1, No. 16, Keji 4th Road, Songshan Lake Park, Dongguan, Guangdong 523000 Patentee after: Guangdong Zhongke Chuangzhi Data Technology Co.,Ltd. Address before: 100872, Renmin University of China, 59 Zhongguancun Avenue, Beijing, Haidian District Patentee before: RENMIN University OF CHINA |
|
TR01 | Transfer of patent right |