CN105490814B - A kind of ticketing service real name identification method and system based on three-dimension code - Google Patents

A kind of ticketing service real name identification method and system based on three-dimension code Download PDF

Info

Publication number
CN105490814B
CN105490814B CN201510895632.3A CN201510895632A CN105490814B CN 105490814 B CN105490814 B CN 105490814B CN 201510895632 A CN201510895632 A CN 201510895632A CN 105490814 B CN105490814 B CN 105490814B
Authority
CN
China
Prior art keywords
information
dimension code
scan
module
ticket
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510895632.3A
Other languages
Chinese (zh)
Other versions
CN105490814A (en
Inventor
秦波
陈鹏
石文昌
陈李昌豪
王嘉炜
吴旭锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Zhongke Chuangzhi Data Technology Co.,Ltd.
Original Assignee
Renmin University of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Renmin University of China filed Critical Renmin University of China
Priority to CN201510895632.3A priority Critical patent/CN105490814B/en
Publication of CN105490814A publication Critical patent/CN105490814A/en
Application granted granted Critical
Publication of CN105490814B publication Critical patent/CN105490814B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Abstract

The present invention relates to a kind of ticketing service real-name authentication real name identification method and system based on three-dimension code, including the following contents:1) start three-dimension code and generate server, draw safe three-dimension code;2) end of scan is scanned safe three-dimension code;3) start the request that authentication server processing end of scan is sent;4) it after end of scan receives the data packet that authentication server is sent, is decrypted with private key, and on the screen by the specifying information of nominal value and the printing of the identity information of bearer, completes the real-name authentication of ticketing service.The present invention can be widely applied in ticketing service real-name authentication.

Description

A kind of ticketing service real name identification method and system based on three-dimension code
Technical field
The present invention relates to ticketing service authentication techniques fields, especially with regard to a kind of ticketing service real name identification method based on three-dimension code And system.
Background technology
As bill forges the continuous improvement of technology, how to carry out bill anti-counterfeit and effective ticketing service certification is increasingly becoming society It can focus of attention.In recent years, the appearance of real-name authentication is so that the booking environment of consumer has obtained significantly ensureing.So And although currently used real name identification method can efficiently accomplish the verification of bill and the certification to holder's identity, The design defect of its own makes the privacy of user face the risk of leakage.The peace of criminal manipulation is carried out for information on bill at present Total event is appeared in the newspapers end repeatly, and the privacy of user cannot get sufficiently effective protection.
Mainly there is the safety problem of the following aspects currently based on the real-name authentication mechanism of Quick Response Code:1) due to Quick Response Code Reading it is often offline, lack certification to recognizing apparatus identity, any terminal can without stint read Quick Response Code, As soon as criminal only needs a smart mobile phone, the privacy information of bearer can be obtained from Quick Response Code at par, this is extremely Dangerous;2) ticket has timeliness, expired to need to cancel, but Quick Response Code at par is permanent effectively, this is clearly lance Shield, for the ticket of an expired failure, Quick Response Code at par remains to be read, and the user privacy information of storage is easy to meet with To leakage, or even it can be utilized by criminal and be engaged in criminal activity;3) Quick Response Code capacity is limited, it is difficult to encode complicated user's letter Breath and authentication data, while its generating algorithm discloses, anyone can generate easily, therefore Quick Response Code cannot achieve anti-fake work( Energy.
Invention content
In view of the above-mentioned problems, the object of the present invention is to provide it is a kind of can effectively prevent leakage of private information based on three-dimensional The ticketing service real name identification method and system of code.
To achieve the above object, the present invention takes following technical scheme:A kind of ticketing service real-name authentication side based on three-dimension code Method, it is characterised in that include the following steps:1) start three-dimension code and generate server, draw safe three-dimension code;2) end of scan pair Safe three-dimension code is scanned;3) start the request that authentication server processing end of scan is sent;4) end of scan receives The data packet that authentication server is sent is decrypted with private key, and the identity of the specifying information of nominal value and bearer are believed Breath printing on the screen, completes the real-name authentication of ticketing service.
Further, described 1) to start three-dimension code generation server, safe three-dimension code is drawn, detailed process is:1.1) enter Select generating mode in the generation interface of three-dimension code;1.2) input needs the text message stored, including founder's information and privacy " position " that information is stored in the database;1.3) certificate photo of the ticket holder of storage is wanted in selection, clicks " generation ";1.4) three Dimension code generates server and relevant information is organized to generate BLS digital signature automatically, draws safe three-dimension code.
Further, 2) end of scan is scanned safe three-dimension code, and detailed process is:2.1) three-dimension code is scanned, The boundary for determining three-dimension code obtains text message and picture by three-dimension code;2.2) cryptographic Hash for calculating the information obtained, is used in combination Three-dimension code generates the public key verifications BLS digital signature of server, if signature verification does not pass through, " signature verification fails, should for display Three-dimension code is illegal " information entered step 2.3) if be proved to be successful;2.3) end of scan obtains the mark of ticket in the database After knowledge number, get_mac_address () function is called to obtain the addresses mac of itself, and TOTP is generated according to the key of oneself Dynamic password calculates information cryptographic Hash, data packet is broken into after all information is carried out BLS digital signature, after rsa encryption It is sent to authentication server.
Further, 3) request for starting authentication server processing end of scan and sending, detailed process are:3.1) Progress RSA decrypts to obtain in plain text after authentication server receives request data package, first verifies that BLS signs, and calculates original and believes The cryptographic Hash of breath, if signature verification fails, packet discard, and to the message of end of scan transmission " authentication failed ", if It is proved to be successful, enters step 3.2);3.2) authentication server extracts the identity of end of scan from request data package The mark of mac and ticket, and according to these information inquiry databases, obtain timestamp and generate dynamic password, by comparing dynamic Whether password is consistent, judges whether the end of scan has permission the personal hidden of the specific ticket information and bearer for obtaining the ticket If private sends the message of " without corresponding authority ", and termination to end of scan, otherwise enters without relevant permission Step 3.3);3.3) authentication server inquires database, and whether the information to check end of scan request is effective, if letter Breath failure, authentication server send the message of " information has failed " to end of scan, and fail message is deleted, if Information does not fail, and authentication server is sent to end of scan after encrypting the information that end of scan is asked, and in number According to the state for the relevant information that timely updates in library.
A kind of ticketing service real-name authentication system based on the above method, which is characterized in that including a three-dimension code generate server, At least one end of scan, an authentication server and a database;The three-dimension code generates server organization relevant information Digital signature is generated, safe three-dimension code is completed and draws;The end of scan obtains text message and certificate for scanning three-dimension code According to verification digital signature asks specific ticket to differentiate the three-dimension code true and false to the authentication server transmission data packet The identity information of face information and bearer;The authentication server handles the data packet request that the end of scan is sent, Scope check is authenticated and carried out to the identity of the end of scan, sends message to the end of scan, while updating institute State database.
Further, it includes that an information organization module, a Digital Signature module and one are three-dimensional that the three-dimension code, which generates server, Code drafting module, described information molded tissue block are used for tissue related news by founder's information, " position " of privacy information, user The Digital Signature module is sent to after certificate photo information integration, the Digital Signature module calculates the cryptographic Hash of the information received And generation BLS digital signature is encrypted to cryptographic Hash using privacy key and is attached to behind corresponding information;The three-dimension code Drafting module is for drawing safe three-dimension code.
Further, the end of scan includes a scan module, a data obtaining module and a signature verification module, described The boundary of scan module three-dimension code for identification, obtain version, color lump colouring information and it will be obtained be sent to described information and obtain Modulus block;Described information acquisition module calls transfer function to convert color lump to byte stream acquisition information and sends out the information of acquisition It is sent to the signature verification module, the signature verification module verification signature is to complete the verification to three-dimension code, if signature is tested Card failure is then refused to send to authentication server and be asked, if signature verification success, takes out ticket from three-dimension code information Identification number obtains the addresses mac of itself, Production development password, and extracts the calculating cryptographic Hash of information, and all information are carried out BLS digital signature breaks into data packet, and the authentication server is sent to after rsa encryption.
Further, the authentication server includes an authentication module, a scope check module and a database Management module, the authentication module are decrypted it after receiving the request data package that end of scan is sent, and verification is asked The digital signature and dynamic password in data packet are sought, the verification to end of scan identity is completed, if authentication failed, refusal is corresponding Request inquire database, inspection if being proved to be successful the scope check module according to the identity of sender and the information of request Look into whether sender has the permission for obtaining the information, if end of scan can will be sent to after encrypted request message, instead by checking Refusal;The database management module for timely updating database, including delete outdated information, modification dynamic password and Remove hash.
Further, the database includes Authority tables, Scanners tables, Ticket tables and ticket_info Table, wherein Authority tables are for recording the information whether a certain end of scan can be read certain ticket, Scanners tables The key InitalizationKey, Ticket shared with each end of scan for recording the authentication server Number can be read in the expired time, ticket checking state, residue that table is used to record ticket, and ticket_info tables are for recording the detailed of nominal value The identity information of thin information and bearer.
The invention adopts the above technical scheme, which has the following advantages:1, the present invention is deposited using three-dimension code is powerful Energy storage power, storage " position ", user certificate photograph and the digital signature of founder's information, sensitive data in the database etc. is all Multi information is stored in three-dimension code, recognizes verification by the end of scan authorized, verification process is transparent to user, in three-dimension code no longer Sensitive personal information is stored, and is deposited into server, and limits identification number, is innovatively realized " after reading i.e. Ruin " function, fundamentally prevented the leakage of information, the privacy for the user that adequately protects.2, the present invention successfully signs BLS For the verification of three-dimension code, the insertion of digital signature not only ensure that the integrality of three-dimension code information, while realize to creating The certification of person's identity has prevented the possibility that three-dimension code is forged.3, data packet of the invention is all made of RSA public key encryption algorithms, Key has also selected the 1024bit keys of high security.The double authentication scheme of TOTP dynamic passwords and BLS signatures realizes salubrity While part certification, it ensure that the integrality of communication data, enable a system to resist Replay Attack, further enhance and communicated The safety of journey, compared with traditional ticketing service real-name authentication scheme, ticketing service real name identification method of the invention is to carry with three-dimension code Body, by the on-line storage of sensitive information and the ID authentication mechanism of safety, the privacy information for the user that adequately protects is created simultaneously Realize " readding rear destroyed " of privacy information and the control to end of scan number to new property so that the mistake of entire ticketing service certification Cheng Gengjia is safe and reliable.The present invention can be widely applied in ticketing service real-name authentication.
Description of the drawings
Fig. 1 is the three-dimension code product process schematic diagram of the present invention;
Fig. 2 is the three-dimension code verification flow diagram of the present invention;
Fig. 3 is the data packet construction flow diagram of the present invention;
Fig. 4 is the end of scan flow for authenticating ID schematic diagram of the present invention;
Fig. 5 is the request data package scope check flow diagram of the present invention;
Fig. 6 is the ticketing service real-name authentication system hardware structure schematic diagram of the present invention;
Fig. 7 is the ticketing service real-name authentication system architecture schematic diagram of the present invention.
Specific implementation mode
Come to carry out detailed description to the present invention below in conjunction with attached drawing.It should be appreciated, however, that attached drawing has been provided only more Understand the present invention well, they should not be interpreted as limitation of the present invention.
Ticketing service real name identification method provided by the invention based on three-dimension code, includes the following steps:
1, start three-dimension code and generate server, draw safe three-dimension code, detailed process is:
1.1) the generation interface for entering three-dimension code, it includes picture, word and ticketing service Three models to generate interface, selects ticketing service Pattern (also known as " mixed mode ", i.e., information includes text and picture);
1.2) input needs the text message that stores, including founder's information is stored in the database with privacy information " position " (identification number), such as " China railway 00000001 ";
1.3) certificate photo of the ticket holder of storage is wanted in selection, clicks " generation ";
1.4) it organizes relevant information to generate BLS digital signature automatically as shown in Figure 1, three-dimension code generates server, draws peace Full three-dimension code, detailed process are:
(1) it converts text message to corresponding ASCII value, then changes into corresponding 8 bit, produce text envelope Cease corresponding 01 character string M1;
(2) pictorial information is converted, specific method is to regard picture as text file, opens picture file, once 1 character is read, its ASCII value is converted to 8 bits, reads the end of file, picture has been changed into 01 character string M2.
(3) connection string M1, M2 obtains character string M3 (M3=M1||M2), the private of server is generated using three-dimension code Key generates the BLS signature S (being similarly 01 character string) of M3, and digital signature is attached to behind M3, ultimately generates 01 character string M4 (M4=M3||S).
(4) according to the corresponding three-dimension code of 01 rendering character strings.
By taking four color three-dimension codes as an example, detailed process is the present embodiment:Error correcting code is added in character string first, generates new Character string M5, and the length L (being indicated with 16 two-stage system numbers) of new character strings M5 is counted, it is attached to (L&#124 before new character strings M5;| M5).Since comprising four kinds of different colors, needing two bits to carry out marker color, (if " 00 " indicates red, " 01 " indicates Green, " 10 " indicate that purple, " 11 " indicate green).For new character strings, two two-stage system numbers are read every time, generate corresponding face The color lump of color terminates until reading, and three-dimension code is drawn successfully.
The BLS short signature schemes that the present invention uses are briefly described below, BLS signatures are one kind using Bilinear map construction Short signature scheme has very extensive application in ID-based cryptosystem and based on Bilinear map cryptography.With traditional RSA Signature scheme is compared, and signature length is shorter, only 160bit, and detailed process is:
Key generates:Randomly choose XL∈Zp, calculate YL=XLP, YLAs public key, XLAs private key;
Signature generates:Input message m, calculate the signature sig=XLHash(m);
Signature verification:Input information m and signature sig, judges e (Hash (m), YLWhether)=e (sig, P) is true, because If message is not tampered with, it should have e (Hash (m), YL)=e (Hash (m), P)XL=e (XLHash (m), P)=e (sig, P)。
2, as shown in Fig. 2, end of scan is scanned safe three-dimension code, detailed process is:
2.1) three-dimension code is scanned, determines the boundary of three-dimension code, the size of the three-dimension code of acquisition, version information and color lump Color etc., and call transfer function to convert color lump to byte stream and obtain text message and picture;
2.2) cryptographic Hash (SHA-256) for calculating the information (including text message, certificate photo) obtained, is used in combination three-dimension code to give birth to At the public key verifications BLS digital signature of server, if signature verification does not pass through, illustrate the three-dimension code system forge or information it is complete Whole property is destroyed, 2.3) information of display " signature verification fails, and the three-dimension code is illegal " enters step if be proved to be successful;
2.3) as shown in figure 3, after the identification number (id) of end of scan acquisition ticket in the database, get_mac_ is called Address () function obtains the addresses mac of itself, and generates TOTP dynamic passwords (password), meter according to the key of oneself All information is carried out BLS by the cryptographic Hash (SHA-256) for calculating these information (addresses identification number+mac+TOTP dynamic passwords) Data packet is broken into after digital signature, and authentication server is sent to after rsa encryption;Wherein, all end of scan are to body The request that part certificate server is sent will be packaged into the data packet of unified format, to pass through the body of authentication server Part certification, the format of data packet are as follows:
Identity Dynamic password Want the sequence number of the ticket obtained Digital signature
3, start the request that authentication server processing end of scan is sent, detailed process is:
3.1) as shown in figure 4, progress RSA decrypts to obtain (packet in plain text after authentication server receives request data package Include prime information and digital signature), it first verifies that BLS signs, the cryptographic Hash (SHA-256) of prime information is calculated, if signature verification Failure, packet discard, and entered step 3.2) to the message of end of scan transmission " authentication failed " if be proved to be successful;
3.2) authentication server extracts the identity mac of end of scan and the mark of ticket from request data package Know, and according to these information inquiry databases, obtains timestamp and generate dynamic password, it is whether consistent by comparing dynamic password, Judge whether the end of scan has permission the individual privacy of the specific ticket information and bearer that obtain the ticket, if without phase The permission of pass sends the message of " without corresponding authority ", and termination to end of scan, otherwise enters step 3.3);
3.3) as shown in figure 5, authentication server inquires database, to check whether the information of end of scan request has Effect (ticket information is expired, the remaining number that can be read is 0 to think that the information has failed), if information fails, authentication clothes Business device sends the message of " information has failed " to end of scan, and fail message is deleted, if information does not fail, identity Certificate server is sent to end of scan after encrypting the information that end of scan is asked, and the correlation that timely updates in the database The state (such as residue can be read number and subtract one) of information;
4, it after end of scan receives the data packet of authentication server transmission, is decrypted with private key, and by nominal value Specifying information and the printing of the identity information of bearer on the screen, complete the real-name authentication of ticketing service.
The structure of the database of ticketing service real name identification method the present invention is based on three-dimension code is described below in detail, it is of the invention Database includes Authority tables, Scanners tables, Ticket tables and ticket_info tables, wherein Authority tables are used In the information that records a certain end of scan and whether can be read certain ticket, Scanners tables for record authentication server with it is each Shared key Inital izationKey, the Ticket tables of a end of scan be used to record the expired time of ticket, ticket checking state, Residue can be read number, ticket_info tables be used to record nominal value details (identification number, departure place, destination, admission fee, Train number, departure time, seat information) and bearer identity information, the function of each table specific implementation is described below:
(1) recognition end of scan is controlled by authority tables:Judge that can a certain end of scan read the letter of certain ticket Breath, what is relied primarily on is the inquiry operation to authority tables, when having respective entries in authority tables, indicates scanning end End possesses reading permission;It is on the contrary then cannot read.Therefore illegal end of scan can not read three-dimension code, to control privacy letter The flow direction of breath.
(2) recognition number is controlled by ticket tables:Whenever authentication server detects end of scan to certain ticket The primary of information successfully read, authentication server can update the data the ticket tables in library, be remained to corresponding three-dimension code The remaining number that can be read does the operation that subtracts one.When residue degree is 0, any mobile device can not all read the three-dimension code, do so Purpose be to reduce the relevant information risk that is maliciously read and abused.
(3) pass through ticket tables control " after reading destroyed ":When certain ticket completes ticket checking work, authentication server update Corresponding ticket state is updated to " ticket checking " by ticket tables, and end of scan any in this way can not all read again the three-dimension code, Information is equivalent to " to erase " from three-dimension code.
(4) expired automatic calcellation is controlled by ticket tables and ticket_info tables:Ticket has timeliness, is more than to use Time limit should cancel, and can effectively prevent the privacy information that criminal illegally obtains bearer from expired ticket, identity in this way Certificate server obtains the service life of corresponding ticket by inquiring ticket tables, to judge whether ticket is expired.If expired, more New ticket_info tables, delete expired ticket information, and three-dimension code corresponding in this way is also just entirely ineffective, so as to avoid because Expired ticket lose and caused by leakage of private information.
According to the above-mentioned ticketing service real name identification method based on three-dimension code, as shown in fig. 6, the present invention also sets up ticketing service reality Name Verification System, including a three-dimension code generate server 1, at least one end of scan 2, an authentication server 3 and one number According to library;Three-dimension code generates server 1 and relevant information is organized to generate digital signature, completes safe three-dimension code and draws;End of scan 2 is used In scanning three-dimension code, text message and certificate photo are obtained, verification digital signature takes to differentiate the three-dimension code true and false to authentication Business 3 transmission data packet of device asks specific ticket information and the identity information of bearer;The processing of authentication server 3 scanning is eventually The data packet request that end 2 is sent, is authenticated the identity of end of scan and carries out scope check, disappears to end of scan transmission Breath, while updating the data library.
In a preferred embodiment, as shown in fig. 7, three-dimension code generate server 1 include an information organization module 11, One Digital Signature module 12 and a three-dimension code drafting module 13.Wherein, information organization module 11 (is needed for tissue related news The information being stored in three-dimension code includes the identification number etc. of founder's information, ticket) by founder's information, " position of privacy information Set " (identification number of ticket), user certificate according to etc. be sent to Digital Signature module 12 after information integrations;Digital Signature module 12 calculates The cryptographic Hash (SHA-256) of the information of reception, and using privacy key, (storage is used to generate BLS signatures on the server) Generation BLS digital signature is encrypted to cryptographic Hash to be attached to behind corresponding information;Three-dimension code drafting module 13 is calculated using corresponding Method draws safe three-dimension code.
In a preferred embodiment, as shown in fig. 7, end of scan 2 includes a scan module 21, an acquisition of information mould Block 22 and a signature verification module 23, wherein the boundary of the three-dimension code for identification of scan module 21 obtains the face of version, color lump The information such as color simultaneously will obtain it and be sent to data obtaining module 22;Data obtaining module 22 calls transfer function to convert color lump to word Throttling obtains information and the information of acquisition is sent to signature verification module 23;Signature verification module 23 isolates digital signature, Verification signature is to complete the verification to three-dimension code, if signature verification failure (forgery of three-dimension code system), refuses to authentication Server sends request, if signature verification success, the identification number (id) of ticket is taken out from three-dimension code information, obtains itself The addresses mac, Production development password (password), and calculate Hash (mac||password||Id BLS digital signature)) is generated It is attached to behind information, and authentication server 3 is sent to using data packet is broken into after the public key of server progress rsa encryption.
In a preferred embodiment, authentication server 3 includes an authentication module 31, a scope check mould Block 32 and a database management module 33, wherein after authentication module 31 receives the request data package of end of scan transmission It is decrypted, the digital signature in checking request data packet and dynamic password, completes the verification to 2 identity of end of scan, If authentication failed, refuse corresponding request, if being proved to be successful identity and request of the scope check module 32 according to sender Information, inquire database, check sender whether have obtain the information permission, if by check can be by encrypted request message After be sent to end of scan 2, otherwise refusal;Database management module 3 is for the database that timely updates, including deletes expired letter Breath, modification dynamic password and removing hash.
The various embodiments described above are merely to illustrate the present invention, wherein the structure of each component, connection type and manufacture craft etc. are all It can be varied from, every equivalents carried out based on the technical solution of the present invention and improvement should not exclude Except protection scope of the present invention.

Claims (8)

1. a kind of ticketing service real name identification method based on three-dimension code, it is characterised in that include the following steps:
1) start three-dimension code and generate server, draw safe three-dimension code;
2) end of scan is scanned safe three-dimension code, and detailed process is:
2.1) three-dimension code is scanned, determines the boundary of three-dimension code, text message and picture are obtained by three-dimension code;
2.2) cryptographic Hash for calculating the information obtained is used in combination three-dimension code to generate the public key verifications BLS digital signature of server, if Signature verification does not pass through, and the information of display " signature verification fails, and the three-dimension code is illegal " enters step if be proved to be successful 2.3);
2.3) after end of scan obtains the identification number of ticket in the database, get_mac_address () function is called to be obtained from The addresses mac of body, and TOTP dynamic passwords are generated according to the key of oneself, information cryptographic Hash is calculated, all information is carried out Data packet is broken into after BLS digital signature, authentication server is sent to after rsa encryption;
3) start the request that authentication server processing end of scan is sent;
4) end of scan receives the data packet of authentication server transmission and is decrypted with private key, and by the specifying information of nominal value And the identity information printing of bearer is on the screen, completes the real-name authentication of ticketing service.
2. a kind of ticketing service real name identification method based on three-dimension code as described in claim 1, which is characterized in that described 1) to start Three-dimension code generates server, draws safe three-dimension code, detailed process is:
1.1) generating mode is selected in the generation interface for entering three-dimension code;
1.2) input needs the text message stored, including " the position that founder's information is stored in the database with privacy information It sets ";
1.3) certificate photo of the ticket holder of storage is wanted in selection, clicks " generation ";
1.4) three-dimension code generates server and organizes relevant information generation BLS digital signature automatically, draws safe three-dimension code.
3. a kind of ticketing service real name identification method based on three-dimension code as claimed in claim 1 or 2, which is characterized in that it is described 3) Start the request that authentication server processing end of scan is sent, detailed process is:
3.1) progress RSA decrypts to obtain in plain text after authentication server receives request data package, first verifies that BLS signs, The cryptographic Hash of prime information is calculated, if signature verification fails, packet discard, and send disappearing for " authentication failed " to end of scan 3.2) breath, if be proved to be successful, enters step;
3.2) authentication server extracts the identity mac of end of scan and the mark of ticket from request data package, and It according to these information inquiry databases, obtains timestamp and generates dynamic password, whether consistent by comparing dynamic password, judging should Whether end of scan has permission the individual privacy of the specific ticket information and bearer that obtain the ticket, if without relevant power Limit sends the message of " without corresponding authority ", and termination to end of scan, otherwise enters step 3.3);
3.3) authentication server inquires database, and whether the information to check end of scan request is effective, if information is lost Effect, authentication server send the message of " information has failed " to end of scan, and fail message is deleted, if information It does not fail, authentication server is sent to end of scan after encrypting the information that end of scan is asked, and in database In timely update the state of relevant information.
4. a kind of ticketing service real-name authentication system realized such as claims 1 to 3 any one of them ticketing service real name identification method, It is characterized in that, including a three-dimension code generates server, at least one end of scan, an authentication server and a database; The three-dimension code generates server organization relevant information and generates digital signature, completes safe three-dimension code and draws;The end of scan For scanning three-dimension code, text message and certificate photo are obtained, verification digital signature is to differentiate the three-dimension code true and false, and to the identity Certificate server transmission data packet asks specific ticket information and the identity information of bearer;At the authentication server The data packet request that the end of scan is sent is managed, scope check is authenticated and carried out to the identity of the end of scan, to The end of scan sends message, while updating the database.
5. a kind of ticketing service real-name authentication system based on three-dimension code as claimed in claim 4, which is characterized in that the three-dimension code It includes an information organization module, a Digital Signature module and a three-dimension code drafting module, described information tissue mould to generate server Block is for tissue related news by founder's information, " position " of privacy information, user certificate according to being sent to institute after information integration Digital Signature module is stated, the Digital Signature module calculates the cryptographic Hash of the information received and using privacy key to cryptographic Hash Generation BLS digital signature is encrypted to be attached to behind corresponding information;The three-dimension code drafting module is for drawing safe three-dimensional Code.
6. a kind of ticketing service real-name authentication system based on three-dimension code as described in claim 4 or 5, which is characterized in that described to sweep It includes that a scan module, a data obtaining module and a signature verification module, the scan module are three-dimensional for identification to retouch terminal The boundary of code, obtain version, color lump colouring information and it will be obtained be sent to described information acquisition module;Described information obtains mould Block calls transfer function to convert color lump to byte stream acquisition information and the information of acquisition is sent to the signature verification module, The signature verification module verification signature, if signature verification fails, is refused to recognize to identity to complete the verification to three-dimension code It demonstrate,proves server and sends request, if signature verification success, the identification number of ticket is taken out from three-dimension code information, obtains the mac of itself Address, Production development password, and the calculating cryptographic Hash of information is extracted, all information progress BLS digital signature is broken into data packet, The authentication server is sent to after rsa encryption.
7. a kind of ticketing service real-name authentication system based on three-dimension code as described in claim 4 or 5, which is characterized in that the body Part certificate server includes an authentication module, a scope check module and a database management module, the authentication Module receive end of scan transmission request data package after it is decrypted, the digital signature in checking request data packet and Dynamic password completes the verification to end of scan identity, if authentication failed, refuses corresponding request, if being proved to be successful described Scope check module inquires database according to the identity of sender and the information of request, checks whether sender has acquisition should The permission of information, if by checking end of scan can will be sent to after encrypted request message, on the contrary refusal;The data base administration Module is for the database that timely updates, including deletes outdated information, modification dynamic password and remove hash.
8. a kind of ticketing service real-name authentication system based on three-dimension code as described in claim 4 or 5, which is characterized in that the number Include Authority tables, Scanners tables, Ticket tables and ticket_info tables according to library, wherein Authority tables are used for The information whether a certain end of scan can be read certain ticket is recorded, Scanners tables are for recording the identity authentication service Key InitalizationKey, the Ticket table that device and each end of scan are shared be used to record ticket expired time, Number can be read in ticket checking state, residue, and ticket_info tables are used to record the details of nominal value and the identity letter of bearer Breath.
CN201510895632.3A 2015-12-08 2015-12-08 A kind of ticketing service real name identification method and system based on three-dimension code Active CN105490814B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510895632.3A CN105490814B (en) 2015-12-08 2015-12-08 A kind of ticketing service real name identification method and system based on three-dimension code

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510895632.3A CN105490814B (en) 2015-12-08 2015-12-08 A kind of ticketing service real name identification method and system based on three-dimension code

Publications (2)

Publication Number Publication Date
CN105490814A CN105490814A (en) 2016-04-13
CN105490814B true CN105490814B (en) 2018-10-26

Family

ID=55677561

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510895632.3A Active CN105490814B (en) 2015-12-08 2015-12-08 A kind of ticketing service real name identification method and system based on three-dimension code

Country Status (1)

Country Link
CN (1) CN105490814B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106169192A (en) * 2016-07-15 2016-11-30 北京万社科技有限公司 Ticket checking method, Apparatus and system
CN107481376B (en) * 2017-08-21 2020-01-10 三维码(厦门)网络科技有限公司 Three-dimensional code unlocking method based on intelligent application
CN108446748A (en) * 2018-03-21 2018-08-24 广州纳丽生物科技有限公司 With the super authentication method for receiving crystallite of the super intelligent skin beautifying apparatus for receiving crystallite and skin beautifying apparatus
CN108876375B (en) * 2018-06-29 2020-09-08 全链通有限公司 Block chain real name participation method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1818961A (en) * 2005-02-07 2006-08-16 刘瑞祯 Electronic billing system
CN102760242A (en) * 2012-05-16 2012-10-31 孟智平 Encoding and decoding method for three-dimensional codes and using method
CN102970140A (en) * 2012-11-15 2013-03-13 郑铭浚 Electronic authentication system for enterprise or personal authorization information
CN103269269A (en) * 2013-05-08 2013-08-28 吴伟 File encryption transmission method based on two-dimensional bar code technology
CN104077625A (en) * 2014-06-19 2014-10-01 中国科学院信息工程研究所 Two-dimension code content verifying method based on electronic signature

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030184811A1 (en) * 1998-07-08 2003-10-02 John Overton Automated system for image archiving

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1818961A (en) * 2005-02-07 2006-08-16 刘瑞祯 Electronic billing system
CN102760242A (en) * 2012-05-16 2012-10-31 孟智平 Encoding and decoding method for three-dimensional codes and using method
CN102970140A (en) * 2012-11-15 2013-03-13 郑铭浚 Electronic authentication system for enterprise or personal authorization information
CN103269269A (en) * 2013-05-08 2013-08-28 吴伟 File encryption transmission method based on two-dimensional bar code technology
CN104077625A (en) * 2014-06-19 2014-10-01 中国科学院信息工程研究所 Two-dimension code content verifying method based on electronic signature

Also Published As

Publication number Publication date
CN105490814A (en) 2016-04-13

Similar Documents

Publication Publication Date Title
CN108229188B (en) Method for signing file and verifying file by using identification key
US7362869B2 (en) Method of distributing a public key
CN1565117B (en) Data certification method and apparatus
US7278017B2 (en) Method and device for secure wireless transmission of information
JP4638990B2 (en) Secure distribution and protection of cryptographic key information
JP4776245B2 (en) Opinion registration application for universal pervasive transaction framework
CN101789067B (en) electronic document signature protecting method and system
CN108833114A (en) A kind of decentralization identity authorization system and method based on block chain
CN107493273A (en) Identity identifying method, system and computer-readable recording medium
JP2005010826A (en) Authentication terminal device, biometrics information authentication system and biometrics information acquisition system
CN103679436A (en) Electronic contract security system and method based on biological information identification
CN107209821A (en) For the method and authentication method being digitally signed to e-file
CN1835434B (en) Electronic mail system and method based on CPK safety authentication
JP2015537431A (en) How to use an analog digital (AD) signature with additional confirmation to sign a document
CN105490814B (en) A kind of ticketing service real name identification method and system based on three-dimension code
CN1283827A (en) Universal electronic information network authentication system and method
US11303433B2 (en) Method and device for generating HD wallet name card and method and device for generating HD wallet trusted address
US10706406B2 (en) Method and a system for authenticating and identifying the location of a communication device
CN105656920A (en) Method and system for encryption and decryption of mailing data based on expressage
CN112507300A (en) Electronic signature system based on eID and electronic signature verification method
JPH10135943A (en) Portable information storage medium, verification method and verification system
CN108710931B (en) Mailing address information privacy protection method based on two-dimensional code
CN110213232A (en) A kind of fingerprint characteristic and key double verification method and apparatus
WO2020114597A1 (en) Technique for cryptographic document protection and verification
CN108400874A (en) The method that the digital signature function of terminal is authenticated printed text is verified using seal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230719

Address after: Room 1302, Building 1, No. 16, Keji 4th Road, Songshan Lake Park, Dongguan, Guangdong 523000

Patentee after: Guangdong Zhongke Chuangzhi Data Technology Co.,Ltd.

Address before: 100872, Renmin University of China, 59 Zhongguancun Avenue, Beijing, Haidian District

Patentee before: RENMIN University OF CHINA

TR01 Transfer of patent right