CN105939196A - Identity authentication method and system - Google Patents
Identity authentication method and system Download PDFInfo
- Publication number
- CN105939196A CN105939196A CN201610146855.4A CN201610146855A CN105939196A CN 105939196 A CN105939196 A CN 105939196A CN 201610146855 A CN201610146855 A CN 201610146855A CN 105939196 A CN105939196 A CN 105939196A
- Authority
- CN
- China
- Prior art keywords
- information
- user
- safety device
- identity card
- user identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/16—Human faces, e.g. facial parts, sketches or expressions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention provides an identity authentication method and system. The identity authentication method comprises the steps of carrying out associated storage for identification information of an information security device and user identification card information by an authentication server; reminding a user to input a personal identification code and verifying whether the personal identification code input by the user is correct by the information security device; receiving login information input by the user by an application program; receiving the login information and judging whether the login information is correct by an application server; by a terminal, generating an identity authentication request and sending the identity authentication request to an authentication server; receiving the identity authentication request and authenticating the user identification card information by the authentication server; generating to-be-authenticated information by the authentication server; by the information security, obtaining the to-be-authenticated information device and generating an identification image by using the to-be-authentication information; by the terminal, obtaining a group photo image and sending the group photo image to the authentication server; and by the authentication server, receiving the group photo image and authenticating the identification image and a face image in the group photo image.
Description
Technical field
The present invention relates to field of identity authentication, particularly for the identity identifying method during remotely opening an account and system
Background technology
Traditional, in order to open an account, people need to business hall to go to handle account opening procedure.Such as, when handling stock account,
Securities broker company, in order to verify the identity of account holder, needs user to handle account opening procedure to securities broker company scene;When handling bank card,
Bank, in order to verify the identity of account holder, needs user to handle account opening procedure to bank counter scene.
Along with the development of electronic technology, in the life having begun to enter people of remotely opening an account, people begin attempt to by network real
The most remotely open an account.But, at present, how to realize during remotely opening an account the authentication of user being the skill needing solution at present badly
Art problem.
Summary of the invention
Present invention seek to address that the problems referred to above/one of.
A kind of identity identifying method of offer is provided;
Another object of the present invention is to provide a kind of identity authorization system;
For reaching above-mentioned purpose, technical scheme is specifically achieved in that
One aspect of the present invention provides a kind of identity identifying method, including: certificate server by the identification information of information safety device with
User identity card information be associated storage, wherein, user identity card information include resident identification card number, name, the date of birth,
Address, card service life and/or the face image of user;Information safety device access terminal, information safety device powers on, and
Communication connection is set up with terminal;Information safety device prompting user inputs PIN;Information safety device receives user's input
PIN, and verify that the PIN that user inputs is the most correct, if incorrect, then prompting user re-enters
PIN;Terminal is after user opens the application program for carrying out authentication, and prompting user inputs log-on message;Should
Receive the log-on message of user's input by program, and the log-on message received is sent to application server;Application server connects
Receiving log-on message, and judge that log-on message is the most correct, if correctly, terminal allows user's login application program, if the most just
Really, then terminal notifying user re-enters log-on message;Terminal generates ID authentication request by application program, and identity is recognized
Card request sends to certificate server, wherein, carries subscriber identity information in ID authentication request, and subscriber identity information includes:
User identity card information and the identification information of information safety device;Certificate server receives ID authentication request, and to user identity
Card information is authenticated;User identity card information is authenticated by rear by certificate server, uses the algorithm preset to user's body
Part information carries out calculating generation information to be certified;Information safety device obtains information to be certified, and using information to be certified as input
Parameter, according to identification image generation strategy set in advance, generates identification image;Information safety device is by display screen display mark
Know image;After information safety device generates identification image, terminal notifying user uploads the face image and identification image comprising user
Group photo image;Terminal obtains group photo image, and sends group photo image to certificate server;Certificate server receives group photo figure
Picture, and the identification image in group photo image and face image are authenticated.
Additionally, generated before ID authentication request by application program in terminal, method also includes: identity card read module from
Family resident identification card reads user identity card information;Information safety device obtains user identity card information, and uses the first encryption
Double secret key user identity card information is encrypted, and generates the user identity card information of encryption, and sends subscriber identity information to end
End, wherein, subscriber identity information includes: the user identity card information of encryption and the identification information of information safety device;Certification takes
Business device receives after ID authentication request, and before being authenticated user identity card information, also includes: certificate server utilizes
The user identity card information of first decruption key encryption to receiving is decrypted, and obtains user identity card information.
Additionally, after information safety device generates the user identity card information of encryption, and subscriber identity information was sent to end
Before end, method also includes: the user identity that information safety device uses hashing algorithm to calculate encryption demonstrate,proves the hash data of information,
And use the private key self stored that hash data is encrypted calculating, generate the first data;Subscriber identity information also includes: the
One data;Before certificate server utilizes the user identity card information of first decruption key encryption to receiving to be decrypted, also
Use the PKI of information safety device that the first data received are decrypted including: certificate server and obtain hash data, and
The user identity using hashing algorithm to calculate the encryption received demonstrate,proves the hash data of information, then the hash that comparison public key decryptions obtains
Data are the most identical with the calculated hash data of hash.
Additionally, user identity card information is authenticated by certificate server, including: certificate server is according to information safety device
Identification information obtains the user identity card information corresponding with identification information prestored;The user identity that certificate server will obtain
The user identity card information that card information and deciphering obtain compares, if it does, then the certification to user identity card information is passed through,
Otherwise terminate authentication.
Additionally, the identification image in group photo image and face image are authenticated, including: certificate server is according to the mark preset
Know in image recognition strategy identification image from group photo image and identify information to be certified, and the information to be certified that will identify that with
The information to be certified self generated is compared, if identical, then the certification to identification image is passed through;Identification image is being recognized
Demonstrate,prove by the case of, the face image in the user identity card information that certificate server comparison prestores and the group photo received
Whether the face image in image mates, if it does, authentication is passed through.
Another aspect of the present invention provides a kind of identity authorization system, it is characterised in that system includes: information safety device, terminal,
Certificate server and application server;Wherein, certificate server, for by the identification information of information safety device and user identity
Card information be associated storage, wherein, user identity card information include resident identification card number, name, the date of birth, address,
Card service life and/or the face image of user;Information safety device, for access terminal, and sets up communication connection with terminal;
It is additionally operable to point out user to input PIN, and receives the PIN that user inputs, and verify individual's knowledge that user inputs
Other code is the most correct, if incorrect, is additionally operable to point out user to re-enter PIN;Terminal, for opening user
After the application program carrying out authentication, prompting user inputs log-on message;Application server, is used for receiving application program
The log-on message sent, wherein, log-on message is that application program is obtained by the log-on message receiving user's input;Application clothes
Business device, is additionally operable to judge that log-on message is the most correct, if correctly, terminal is additionally operable to allow user's login application program, if
Incorrect, terminal is additionally operable to point out user to re-enter log-on message;Terminal, is additionally operable to generate authentication by application program
Request, and ID authentication request is sent to certificate server, wherein, ID authentication request carries subscriber identity information,
Subscriber identity information includes: user identity card information and the identification information of information safety device;Certificate server, is additionally operable to receive
ID authentication request, and user identity card information is authenticated;It is additionally operable to be authenticated by rear to user identity card information,
The algorithm preset is used to carry out subscriber identity information calculating generation information to be certified;Information safety device, is additionally operable to obtain and waits to recognize
Card information, and using information to be certified as input parameter, according to identification image generation strategy set in advance, generate identification image,
And show identification image by display screen;Terminal, is additionally operable to after information safety device generates identification image, and prompting user uploads
Comprise the face image of user and the group photo image of identification image;It is additionally operable to obtain group photo image, and group photo image is sent to recognizing
Card server;Certificate server, is additionally operable to receive group photo image, and carries out the identification image in group photo image and face image
Certification.
Additionally, system also includes identity card read module;Identity card read module, for reading user's body from resident identification card
Part card information;Information safety device, is additionally operable to obtain user identity card information, and uses the first encryption key to demonstrate,prove user identity
Information is encrypted, and generates the user identity card information of encryption, and sends subscriber identity information to terminal, wherein, and Yong Hushen
Part information includes: the user identity card information of encryption and the identification information of information safety device;Certificate server, is used for utilizing
The user identity card information of one decruption key encryption to receiving is decrypted, and obtains user identity card information.
Additionally, information safety device, it is also used for the hash data that hashing algorithm calculates the user identity card information of encryption, and
The private key using self to store is encrypted calculating to hash data, generates the first data;Certificate server, is also used for letter
The first data received are decrypted and obtain hash data by the PKI of breath safety device, and use hashing algorithm calculating to receive
The hash data of user identity card information of encryption, then the hash data that obtains of comparison public key decryptions is calculated with hash dissipates
Column data is the most identical.
Additionally, certificate server, be additionally operable to the identification information according to information safety device obtain prestore with identification information pair
The user identity card information answered;The user identity card information by the user identity card information of acquisition and deciphering obtain that is additionally operable to compares
Relatively, if it does, then the certification to user identity card information is passed through, authentication is otherwise terminated.
Additionally, certificate server, it is additionally operable in basis default identification image recognition strategy identification image from group photo image know
Do not go out information to be certified, and the information to be certified that the information to be certified that will identify that generates with self is compared, if identical,
Then the certification to identification image is passed through;Certificate server, is additionally operable in the case of passing through the certification of identification image, and comparison is pre-
Whether the face image in the user identity card information first stored mates with the face image in the group photo image received, if
Joining, authentication is passed through.
As seen from the above technical solution provided by the invention, the invention provides a kind of identity identifying method and system.Pass through
Above-mentioned identity identifying method, certificate server associates storage by the identification information of information safety device and user identity card information,
Realizing the certification to user identity card information, in the case of preventing information safety device or identity card from losing, illegal molecule is pretended to be out
Family;It addition, information to be certified is generated identification image by information safety device, certificate server is to the identification image in group photo image
It is authenticated, it is possible to achieve the certification to information safety device;It addition, certificate server is to the face figure of user in group photo image
As being authenticated, in the case of being possible to prevent identity card and information safety device all to lose, illegal molecule is pretended to be and is opened an account.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, the required accompanying drawing used in embodiment being described below
It is briefly described, it should be apparent that, the accompanying drawing in describing below is only some embodiments of the present invention, for this area
From the point of view of those of ordinary skill, on the premise of not paying creative work, it is also possible to obtain other accompanying drawings according to these accompanying drawings.
The flow chart of a kind of identity identifying method that Fig. 1 provides for the embodiment of the present invention 1;
The system block diagram of a kind of identity authorization system that Fig. 2 provides for the embodiment of the present invention 3;
The system block diagram of the another kind of identity authorization system that Fig. 3 provides for the embodiment of the present invention 3.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described,
Obviously, described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Reality based on the present invention
Execute example, the every other embodiment that those of ordinary skill in the art are obtained under not making creative work premise, broadly fall into
Protection scope of the present invention.
In describing the invention, it is to be understood that term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ",
Orientation or the position relationship of the instruction such as " afterwards ", "left", "right", " vertically ", " level ", " top ", " end ", " interior ", " outward " are base
In orientation shown in the drawings or position relationship, it is for only for ease of the description present invention and simplifies description rather than instruction or hint institute
The device that refers to or element must have specific orientation, with specific azimuth configuration and operation, therefore it is not intended that to the present invention
Restriction.Additionally, term " first ", " second " are only used for describing purpose, and it is not intended that instruction or hint relative importance
Or quantity or position.
In describing the invention, it should be noted that unless otherwise clearly defined and limited, term " install ", " being connected ",
" connect " and should be interpreted broadly, connect for example, it may be fixing, it is also possible to be to removably connect, or be integrally connected;Permissible
It is to be mechanically connected, it is also possible to be electrical connection;Can be to be joined directly together, it is also possible to be indirectly connected to by intermediary, can be two
The connection of individual element internal.For the ordinary skill in the art, can understand that above-mentioned term is in the present invention with concrete condition
In concrete meaning.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Embodiment 1
A kind of identity identifying method flow chart that Fig. 1 provides for the present embodiment.As it is shown in figure 1, a kind of body that the present embodiment provides
Identity authentication method comprises the following steps:
Step 101: the identification information of information safety device is associated storage with user identity card information by certificate server, its
In, user identity card information includes resident identification card number, name, date of birth, address, card service life and/or user
Face image;
In the present embodiment, the identification information of information safety device can be the digital certificate of information safety device, can also be letter
The serial number of breath safety device.The present embodiment is not specifically limited, as long as this identification information can uniquely represent information security
Device is i.e. within protection scope of the present invention.
In the present embodiment, user identity card information includes that resident identification card number, name, date of birth, address, card use
The time limit and/or the face image of user.Certainly, the ID card information of user can also include finger print information or out of Memory.Preferably
, user identity card information at least includes the face image of user, to facilitate the follow-up face image to taking a group photo in image to carry out
Certification.
In the present embodiment, certificate server refers to for storing user profile or the clothes being authenticated the user profile received
Business device, the identification information of information safety device is associated storage with user identity card information by certificate server.Such as, user
Before remotely opening an account, need to handle one in bank and be specifically designed to the information safety device (such as U-shield) opened an account.Doing
When managing this information safety device, user's body that serial number or the digital certificate of information safety device are provided by certificate server with user
The ID card information of part card is associated storage.After user handled this information safety device, it is possible to use this information safety device
Remotely open an account.After the identification information of information safety device is associated storage with user identity card information by certificate server,
User can use information safety device to realize authentication to user, to carry out remotely opening an account repeatedly, need not carry out every time
Dou Qu bank or securities broker company when of remotely opening an account.
In the present embodiment, information safety device can be the equipment with authentication, digital signature function, such as USBKEY
(such as industrial and commercial bank's U-shield, agricultural bank K precious), audio frequency KEY, there is the equipment such as smart card of electronic signature functionality, naturally it is also possible to
It it is E-token dynamic password card.
Step 102: information safety device access terminal, information safety device powers on, and sets up communication connection with terminal;
In the present embodiment, terminal can be computer or mobile phone etc..Information safety device can access terminal, example in a wired fashion
As, information safety device passes through USB interface or audio interface access terminal.Certainly, information safety device can also be with wireless parties
Formula access terminal, such as, information safety device is accessed by modes such as bluetooth, infrared, NFC near-field communication or visible light communications
Terminal.Information safety device access terminal, sets up communication connection with terminal, it is possible to achieve between information safety device and terminal
Data are transmitted.
Step 103: information safety device prompting user inputs PIN;
In the present embodiment, PIN refers to the start PIN code of information safety device.Concrete, on information safety device
After electricity, enter starting-up interface, and point out user to input PIN.Input PIN by prompting user can confirm that
The identity of user, it is ensured that the safety that information safety device uses, after preventing user from losing information safety device, illegal molecule profit
The information safety device lost with user is remotely opened an account.
Step 104: information safety device receives the PIN of user's input, and verifies that the PIN that user inputs is
No correctly, if incorrect, then prompting user re-enter PIN;
In the present embodiment, after information safety device prompting user inputs PIN, user can pass through information safety device
Input PIN;Certainly, user can be by the terminal input PIN being connected with information safety device, and terminal is again
The PIN that user inputs is sent to information safety device.
In the present embodiment, after information safety device receives the PIN of user's input, by the PIN that receives with
In information safety device, the PIN of storage is compared the most identical, if it is different, then individual's knowledge of explanation user's input
Other code is incorrect, and prompting user re-enters PIN.If identical, then the PIN of explanation user input is correct,
Then opening the function privilege of information safety device, user remotely can be opened an account by this information safety device.
Step 105: terminal is after user opens the application program for carrying out authentication, and prompting user inputs log-on message;
In the present embodiment, application program refer to for that open an account, the computer program of interface alternation can be carried out with user.Step on
Record information can be the password of the login application program of user;It is of course also possible to be logged on account information and the login of application program
Password.
In the present embodiment, after the PIN verifying user's input is correct, user opens for carrying out answering of authentication
By program, after the application program that terminal recognition to user is opened for carrying out authentication, prompting user inputs log-on message.
Wherein, terminal can automatically identify user's login account information according to the information safety device accessed and show, and points out user to input
Log-on message, such as terminal, according to the serial number of the information safety device accessed, obtain login through network from certificate server end
Account information, and point out user to input log-on message, now, log-on message refers to login password;Certainly, terminal can not basis
When the information safety device accessed identifies the login account information of user automatically, the log-on message of prompting user's input includes logging in account
Number information and login password.
Step 106: application program receives the log-on message of user's input, and sends the log-on message received to application service
Device;
In the present embodiment, application server is the server for storing login account information and login password.Can as one
The embodiment of choosing, login account information and login password may be alternatively stored in certificate server, and application program receives user's input
Log-on message after, the log-on message that receives is sent to certificate server.
Step 107: application server receives log-on message, and judges that log-on message is the most correct, if correctly, terminal allows
User's login application program, if incorrect, then terminal notifying user re-enters log-on message;
In the present embodiment, after application server receives log-on message, it is judged that the log-on message received and himself storage
Log-on message is the most identical, if identical, then application server judges that log-on message is correct, and application server sends to terminal and steps on
The response signal that record information is correct, after terminal receives the correct response signal of log-on message that application server sends, terminal permits
Family allowable login application program, if it is different, then application server judges that log-on message is incorrect, application service district is sent out to terminal
Send log-on message incorrect response signal, after terminal receives the log-on message incorrect response signal of application server side,
Terminal notifying user re-enters log-on message.
Step 108: terminal generates ID authentication request by application program, and sends ID authentication request to certificate server,
Wherein, carrying subscriber identity information in ID authentication request, subscriber identity information includes: user identity card information and information peace
The identification information of full device;
In the present embodiment, user identity card information includes that resident identification card number, name, date of birth, address, card use
The time limit and/or the face image of user.Certainly, the ID card information of user can also include finger print information or out of Memory.Preferably
, user identity card information at least includes the face image of user, to facilitate the follow-up face image to taking a group photo in image to carry out
Certification.
As the optional embodiment of one of the present embodiment, before terminal generates ID authentication request by application program, identity card
Read module reads user identity card information from the resident identification card of user;Information safety device obtains user identity card information,
And use the first encryption key that user identity card information is encrypted, generate the user identity card information of encryption, and by user's body
Part information sends to terminal, and wherein, subscriber identity information includes: the user identity card information of encryption and the mark of information safety device
Knowledge information.Concrete, before terminal generates ID authentication request by application program, identity card read module is from the resident of user
Reading user identity card information in identity card, wherein, identity card read module can be arranged on information safety device, certain body
Part card read module can also be arranged in terminal.If identity card reads and is arranged on information safety device, information safety device
User identity card information is obtained by identity card read module;If identity card read module is arranged in terminal, terminal passes through body
Part card read module reads after user identity card information, and the user identity card information obtained is sent to information safety device by terminal,
Information safety device obtains user identity card information.After information safety device obtains user identity card information, use the first encryption close
Key to user identity card information be encrypted, generate encryption user identity card information, and by encryption user identity card information and
The identification information of information safety device sends to terminal as subscriber identity information.Certainly, identity card read module can also be arranged
On miscellaneous equipment, after miscellaneous equipment reads user identity card information, information safety device, information security can be sent directly to
After device obtains user identity card information, use the first encryption key that user identity card information is encrypted, generate the use of encryption
Family ID card information, and the user identity card information of encryption and the identification information of information safety device are sent out as subscriber identity information
Deliver to terminal;The user identity card information read can also be sent to terminal by miscellaneous equipment, and user identity is demonstrate,proved information by terminal again
Send to information safety device, after information safety device obtains user identity card information, use the first encryption key to user identity
Card information is encrypted, and generates the user identity card information of encryption, and the user identity of encryption is demonstrate,proved information and information safety device
Identification information as subscriber identity information send to terminal.Wherein, the first encryption key can be unsymmetrical key, such as, recognize
The PKI of card server, it is of course also possible to be symmetric key, the present embodiment is not specifically limited, as long as can realize identity card
Information is encrypted, i.e. within protection scope of the present invention.Owing to legal identity card can only be carried out by identity card read module
Read, read user identity card information by identity card read module and can be verified the true and false of user identity card by certificate server.
It addition, information safety device sends to certificate server after being encrypted user identity card information, it is ensured that user identity is demonstrate,proved
The safety of information transmission.
As the optional embodiment of one of the present embodiment, after information safety device generates the user identity card information of encryption,
And subscriber identity information was being sent before terminal, also include: information safety device uses hashing algorithm to calculate the user of encryption
The hash data of ID card information, and use the private key self stored that hash data is encrypted calculating, generate the first data;
Subscriber identity information also includes: the first data.Concrete, after information safety device generates the ID card information of encryption, use
Hashing algorithm (such as, HASH algorithm) calculates the hash data (such as, summary) of the ID card information of encryption, calculates and generates
After hash data, utilize the private key self stored that hash data is encrypted, generate the first data (such as, signed data),
And the identification information of the first data, the ID card information of encryption and information safety device is sent to terminal as subscriber identity information.
By the user identity of encryption card information is calculated hash data and generates first data transmission, it is possible to prevent illegal molecule to distort and adds
Close user identity card information.
In the present embodiment, after terminal obtains subscriber identity information, terminal generates ID authentication request by application program, and will
The subscriber identity information obtained carries and sends to certificate server in ID authentication request.
Step 109: certificate server receives ID authentication request, and is authenticated user identity card information;
In the present embodiment, user identity card information is authenticated including by certificate server: certificate server is according to information security
The identification information of device obtains the user identity card information corresponding with identification information prestored;The use that certificate server will obtain
The user identity card information that family ID card information and deciphering obtain compares, if it does, then recognize user identity card information
Card passes through, and otherwise, terminates authentication.When specifically applying, when the subscriber identity information carried in ID authentication request includes body
When part demonstrate,proves the identification information of information and information safety device, certificate server obtains and mark according to the identification information of information safety device
Know information association storage ID card information, and comparison ID authentication request is carried user identity card information with associate store
User identity card information is the most identical, if it is different, then the authentification failure of the identity card to user, terminates flow for authenticating ID,
If identical, the certification to user identity card information is passed through.By user identity card information is authenticated, user can be avoided
Identity card or electronic cipher device losses after falsely used by other people and to open an account, when the electronic cipher equipment only used mates with identity card,
Just can open an account.
As the optional embodiment of one of the present embodiment, after certificate server receives ID authentication request, and to user identity
Before card information is authenticated, also include: certificate server utilizes the user identity of first decruption key encryption to receiving to demonstrate,prove
Information is decrypted, and obtains user identity card information.When specifically applying, when the subscriber identity information carried in ID authentication request
During including ID card information and the identification information of information safety device of encryption, certificate server utilizes corresponding with the first encryption key
The ID card information of first decruption key encryption to receiving be decrypted, obtain user identity card information;Certificate server
After obtaining user identity card information, user identity card information is authenticated.User identity card information is carried out by certificate server
The detailed process of certification repeats no more.
As the optional embodiment of one of the present embodiment, certificate server utilizes the use of first decruption key encryption to receiving
Family ID card information is decrypted, and also includes: certificate server uses the PKI of information safety device the first data to receiving
It is decrypted and obtains hash data, and the user identity using hashing algorithm to calculate the encryption received demonstrate,proves the hash data of information,
The hash data that comparison public key decryptions obtains again is the most identical with the calculated hash data of hash.When specifically applying, work as identity
The subscriber identity information carried in certification request includes the mark letter of the first data, the ID card information of encryption and information safety device
During breath, certificate server receives after ID authentication request, and certificate server uses the PKI of information safety device to receiving
First data are decrypted and obtain hash data, and use hashing algorithm to calculate the hash number of the ID card information of encryption received
According to, then the hash data that comparison public key decryptions obtains is the most identical with the calculated hash data of hash, if identical, then profit
It is decrypted with the ID card information of first decruption key encryption to receiving, obtains the ID card information of user, and to user
ID card information be authenticated.The detailed process that user identity card information is authenticated by certificate server repeats no more.
Step 110: user identity card information is authenticated by rear by certificate server, uses the algorithm preset to user identity
Information carries out calculating generation information to be certified;
In the present embodiment, the algorithm preset can use any one algorithm following: (1) AES: DES, 3DES or
AES;(2) symmetrical MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;(3) HASH algorithm: MD5,
SHA1;(4) hmac algorithm: HMAC-MD5, HMAC-SHA1.
In the present embodiment, the information to be certified generated can directly be sent to information safety device by certificate server.Certainly,
As a kind of optional embodiment, the information to be certified generated can also first first be sent to terminal by certificate server, and terminal will again
Information to be certified sends to information safety device.
As the optional embodiment of one of the present embodiment, being authenticated by rear to user identity card information, certificate server is raw
Become information to be certified, and treat and transmit again to information safety device after authentication information is encrypted;Certainly, certificate server also may be used
Transmitting to information safety device after the information to be certified encrypted is encrypted and is signed, the present embodiment is not specifically limited again.Logical
Cross and transmit again to information safety device after the information to be certified to encryption is encrypted and signs, on the one hand can ensure that letter to be certified
Breath safety in transmitting procedure, is on the other hand possible to prevent illegal molecule to distort information to be certified.
Step 111: information safety device obtains information to be certified, and using information to be certified as input parameter, according to setting in advance
Fixed identification image generation strategy, generates identification image;
In the present embodiment, identification image can be image in 2 D code, it is also possible to be bar code image, of course, it is possible to be other
Image, the present embodiment is not specifically limited, as long as can represent that the image of information to be certified is all in protection scope of the present invention.Logical
Cross and information to be certified is generated identification image, certificate server follow-up identification information to be certified can be facilitated.
In the present embodiment, identification image generation strategy set in advance is algorithm information to be certified being calculated and generating identification image.
Such as, information to be certified is calculated and generates image in 2 D code by certificate server;Or, information to be certified is calculated by certificate server
Generate bar code image.
In the present embodiment, the mode of information safety device acquisition information to be certified is: information to be certified is sent by certificate server
To information safety device, information safety device receives and obtains information to be certified.As the optional embodiment of one, certification takes
After business device generates information to be certified, sending information to be certified to terminal or other terminal unit (such as mobile phone), user again will eventually
The information to be certified of end or other terminal demonstration inputs to information safety device.As the optional embodiment of another kind, certification takes
User identity card information is authenticated by rear by business device, sends response signal to information safety device, and information safety device receives
To response signal after, certificate server with information safety device based on identical basic dynamic parameter (such as time parameter, transaction
Count parameter etc.) generate information to be certified.
Step 112: information safety device shows identification image by display screen;
Step 113: after information safety device generates identification image, terminal notifying user uploads the face image and mark comprising user
Know the group photo image of image;
In the present embodiment, group photo image can be the photo of face image and the identification image including user, naturally it is also possible to
It is the video of face image and the identification image including user, here, the present embodiment does not limits.
In the present embodiment, after information safety device generates identification image, the sound having generated identification image can be sent to terminal
Induction signal, after terminal receives response signal, prompting user uploads the group photo image of the face image comprising user and identification image.
Step 114: terminal obtains group photo image, and sends group photo image to certificate server;
In the present embodiment, the identification image of display on the face of user and information safety device is taken pictures or records video by terminal together,
Obtain group photo image.It is of course also possible to be other external equipment by the mark figure of display on the face of user and information safety device
After taking pictures or record video together, generating group photo image, group photo image is sent to terminal by other external equipment again, and terminal obtains
Group photo image.
Step 115: certificate server receives group photo image, and is authenticated the identification image in group photo image and face image.
In the present embodiment, the identification image in group photo image and face image are authenticated including by certificate server: certification takes
Business device identifies information to be certified according in the identification image recognition strategy preset identification image from group photo image, and will identification
The information to be certified that the information to be certified gone out generates with self is compared, if identical, then the certification to identification image is passed through.
When specifically applying, the identification image preset in certificate server is corresponding with the identification image generation strategy preset in information safety device
Corresponding, certificate server according to preset identification image recognition strategy from group photo image identification image in identify to be certified
Information, and the information to be certified that the information to be certified that will identify that generates with self compares, if identical, then to mark figure
The certification of picture is passed through, if it is different, then the authentification failure to identification image, terminates authentication.By the mark figure to user
As being authenticated realizing the certification to information safety device.
In the present embodiment, in the case of passing through identification image certification, certificate server comparison prestores the identity of user
Whether the face image in card information mates, if it does, authentication is passed through with the face image received in group photo image.
When specifically applying, in the case of passing through identification image certification, certificate server obtains according to the identification information of information safety device
Take the user identity card information of storage corresponding with identification information, and by the face image in user identity card information and the conjunction received
Face image in shadow image compares, if it does, then the certification to face image is passed through, authentication is passed through, if
Do not mate, terminate authentication.By the certification to face image, can confirm that whether this information safety device belongs to this true
Account holder's, in the case of preventing identity card and information safety device from losing, illegal molecule is pretended to be and is opened an account simultaneously.
Certainly, the face image in group photo image also can be first authenticated by certificate server, and to the face in group photo image
In the case of image authentication passes through, the identification image in group photo image is authenticated.To group photo image in identification image and
Face image is time all certification is passed through, and the authentication to user is passed through.
By above-mentioned identity identifying method, certificate server is by the pass of the identification information of information safety device with user identity card information
Connection storage, it is achieved the certification to user identity card information, in the case of preventing information safety device or identity card from losing, illegally divides
Eclampsia gravidarum fills opens an account;It addition, information to be certified is generated identification image by information safety device, certificate server is in group photo image
Identification image is authenticated, it is possible to achieve the certification to information safety device;It addition, certificate server is to user in group photo image
Face-image be authenticated, in the case of being possible to prevent identity card and information safety device all to lose, illegal molecule is pretended to be and is opened an account.
Embodiment 2
The present embodiment provides a kind of remotely account-opening method, uses the identity identifying method in above-described embodiment 1 to enter the identity of user
Row certification, authentication is by the most remotely opening an account.User remotely can be opened an account by real-time performance, is that one is opened easily
Family method, opens an account furthermore it is possible to prevent illegal molecule from pretending to be.
It should be noted that authentication is by afterwards, can be that certificate server is the most remotely opened an account, it is also possible to be work
Make personnel control certificate server remotely to open an account.
Embodiment 3
Fig. 2 provides a kind of identity authorization system for the present embodiment, as in figure 2 it is shown, described identity authorization system includes information security
Device 201, terminal 202, certificate server 203 and application server 204.Wherein, certificate server 203, for believing
The identification information of breath safety device 201 and user identity card information are associated storage, and wherein, user identity card information includes occupying
People's identification card number, name, date of birth, address, card service life and/or the face image of user;Information safety device 201,
For access terminal 202, and set up communication connection with terminal 202;It is additionally operable to point out user to input PIN, and receives
The PIN of user's input, and verify that the PIN that user inputs is the most correct, if incorrect, it is additionally operable to prompting
User re-enters PIN;Terminal 202, after opening the application program for carrying out authentication user, carries
Show that user inputs log-on message;Application server 204, for receiving the log-on message that application program sends, wherein, logs in letter
Breath is that application program is obtained by the log-on message receiving user's input;Application server 204, is additionally operable to judge log-on message
The most correct, if correctly, terminal 202 is additionally operable to allow user's login application program, if incorrect, terminal 202 is also used
Log-on message is re-entered in prompting user;Terminal 202, is additionally operable to generate ID authentication request by application program, and by body
Part certification request sends to certificate server 203, wherein, carries subscriber identity information, user identity in ID authentication request
Information includes: user identity card information and the identification information of information safety device 201;Certificate server 203, is additionally operable to receive
ID authentication request, and user identity card information is authenticated;It is additionally operable to be authenticated by rear to user identity card information,
The algorithm preset is used to carry out subscriber identity information calculating generation information to be certified;Information safety device 201, is additionally operable to obtain
Information to be certified, and using information to be certified as input parameter, according to identification image generation strategy set in advance, generate mark
Image, and show identification image by display screen;Terminal 202, is additionally operable to after information safety device 201 generates identification image,
Prompting user uploads the group photo image of the face image comprising user and identification image;It is additionally operable to obtain group photo image, and will group photo
Image sends to certificate server 203;Certificate server 203, is additionally operable to receive group photo image, and to the mark in group photo image
Image and face image are authenticated.
In the present embodiment, the identification information of information safety device 201 can be the digital certificate, also of information safety device 201
It can be the serial number of information safety device 201.The present embodiment is not specifically limited, as long as this identification information can be unique
Represent that information safety device 201 is i.e. within protection scope of the present invention.
In the present embodiment, user identity card information includes that resident identification card number, name, date of birth, address, card use
The time limit and/or the face image of user.Certainly, the ID card information of user can also include finger print information or out of Memory.Preferably
, user identity card information at least includes the face image of user, to facilitate the follow-up face image to taking a group photo in image to carry out
Certification.
In the present embodiment, certificate server 203 refers to for storing user profile or be authenticated the user profile received
Server, the identification information of information safety device 201 and user identity card information is associated storage by certificate server 203.
Such as, user, before remotely opening an account, needs to handle one in bank and is specifically designed to the information safety device 201 (example opened an account
Such as U-shield).When handling this information safety device 201, certificate server 203 by the serial number of information safety device 201 or
The ID card information of the user identity card that digital certificate and user provide is associated storage.User handled this information safety device
After 201, it is possible to use this information safety device 201 is remotely opened an account.Certificate server 203 is by information safety device 201
Identification information and user identity card information be associated storage after, user can use information safety device 201 to realize user
Authentication, to carry out remotely opening an account repeatedly, Dou Qu bank or securities broker company when of need not the most remotely opening an account.
In the present embodiment, information safety device 201 can be the equipment with authentication, digital signature function, as
USBKEY (such as industrial and commercial bank's U-shield, agricultural bank K precious), audio frequency KEY, there is the equipment such as smart card of electronic signature functionality, when
It can also be so E-token dynamic password card.
In the present embodiment, terminal 202 can be computer or mobile phone etc..Information safety device 201 can access in a wired fashion
Terminal 202, such as, information safety device 201 is by USB interface or audio interface access terminal 202.Certainly, information peace
Full device 201 can also wirelessly access terminal 202, such as, information safety device 201 is by bluetooth, infrared, NFC
The mode access terminal such as near-field communication or visible light communication 202.Information safety device 201 access terminal 202, builds with terminal 202
Vertical communication connection, it is possible to achieve the data transmission between information safety device 201 and terminal 202.
In the present embodiment, PIN refers to the start PIN code of information safety device 201.Concrete, information security fills
Put 201 power on after, enter starting-up interface, and point out user to input PIN.PIN is inputted by prompting user
Can confirm that the identity of user, it is ensured that the safety that information safety device 201 uses, prevent user from losing information safety device 201
After, the information safety device 201 that illegal molecule utilizes user to lose remotely is opened an account.
In the present embodiment, after information safety device 201 points out user to input PIN, user can pass through information security
Device 201 inputs PIN;Certainly, user can input individual by the terminal 202 being connected with information safety device 201
People's identification code, the PIN that user inputs is sent to information safety device 201 by terminal 202 again.
In the present embodiment, after information safety device 201 receives the PIN of user's input, the individual's identification that will receive
Code is compared the most identical with the PIN of storage in information safety device 201, if it is different, then explanation user's input
PIN incorrect, prompting user re-enter PIN.If identical, then individual's knowledge of explanation user input
Other code is correct, then open the function privilege of information safety device 201, and user can be carried out remotely by this information safety device 201
Open an account.
In the present embodiment, application program refer to for that open an account, the computer program of interface alternation can be carried out with user.Step on
Record information can be the password of the login application program of user;It is of course also possible to be logged on account information and the login of application program
Password.
In the present embodiment, after the PIN verifying user's input is correct, user opens for carrying out answering of authentication
By program, recognizing user in terminal 202 and open after the application program carrying out authentication, prompting user inputs login letter
Breath.Wherein, terminal 202 can automatically identify user's login account information according to the information safety device 201 accessed and show, and
Prompting user inputs log-on message, such as terminal 202 according to the serial number of information safety device 201 accessed, through network from
Certificate server 203 end obtains login account information, and points out user to input log-on message, and now, log-on message refers to log in
Password;Certainly, when terminal 202 can not automatically identify the login account information of user according to the information safety device 201 accessed,
The log-on message of prompting user's input includes login account information and login password.
In the present embodiment, application server 204 is the server for storing login account information and login password.As one
Planting optional embodiment, login account information and login password may be alternatively stored in certificate server 203, and application program receives
After the log-on message of user's input, the log-on message received is sent to certificate server 203.
In the present embodiment, after application server 204 receives log-on message, it is judged that the log-on message received is deposited with himself
The log-on message of storage is the most identical, if identical, then application server 204 judges that log-on message is correct, application server 204
Sending, to terminal 202, the response signal that log-on message is correct, terminal 202 receives the log-on message that application server 204 sends
After correct response signal, terminal 202 allows user's login application program, if it is different, then application server 204 judges to step on
Record information is incorrect, and application service district sends log-on message incorrect response signal to terminal 202, and terminal 202 receives should
After the log-on message incorrect response signal of server 204 side, terminal 202 points out user to re-enter log-on message.
In the present embodiment, user identity card information includes that resident identification card number, name, date of birth, address, card use
The time limit and/or the face image of user.Certainly, the ID card information of user can also include finger print information or out of Memory.Preferably
, user identity card information at least includes the face image of user, to facilitate the follow-up face image to taking a group photo in image to carry out
Certification.
As the optional embodiment of one of the present embodiment, as it is shown on figure 3, described identity authorization system also includes that identity card reads
Module 205, before terminal 202 generates ID authentication request by application program, identity card read module 205, for from user
Resident identification card in read user identity card information;Information safety device 201, is additionally operable to obtain user identity card information, and
Use the first encryption key that user identity card information is encrypted, generate the user identity card information of encryption, and by user identity
Information sends to terminal 202, and wherein, subscriber identity information includes: the user identity card information of encryption and information safety device 201
Identification information.Concrete, before terminal 202 generates ID authentication request by application program, identity card read module 205
Reading user identity card information from the resident identification card of user, wherein, identity card read module 205 can be arranged on information peace
On full device 201, certain identity card read module 205 can also be arranged in terminal 202.If identity card reads and is arranged on
On information safety device 201, information safety device 201 obtains user identity card information by identity card read module 205;As
Really identity card read module 205 is arranged in terminal 202, and terminal 202 reads user identity by identity card read module 205
After card information, the user identity card information obtained is sent to information safety device 201, information safety device 201 by terminal 202
Obtain user identity card information.After information safety device 201 obtains user identity card information, use the first encryption key to user
ID card information is encrypted, and generates the user identity card information of encryption, and the user identity of encryption is demonstrate,proved information and information security
The identification information of device 201 sends to terminal 202 as subscriber identity information.Certainly, identity card read module 205 can also
It is arranged on miscellaneous equipment, after miscellaneous equipment reads user identity card information, information safety device 201 can be sent directly to,
After information safety device 201 obtains user identity card information, use the first encryption key that user identity card information is encrypted,
Generate the user identity card information of encryption, and the user identity card information of encryption and the identification information of information safety device 201 are made
Send to terminal 202 for subscriber identity information;The user identity card information read can also be sent to terminal 202 by miscellaneous equipment,
User identity is demonstrate,proved information and is sent to information safety device 201 by terminal 202 again, and information safety device 201 obtains user identity card
After information, use the first encryption key that user identity card information is encrypted, generate the user identity card information of encryption, and will
The user identity card information of encryption and the identification information of information safety device 201 send to terminal 202 as subscriber identity information.
Wherein, the first encryption key can be unsymmetrical key, such as the PKI of certificate server 203, it is of course also possible to be symmetrical
Key, the present embodiment is not specifically limited, as long as can realize being encrypted ID card information, i.e. in protection scope of the present invention
Within.Owing to legal identity card can only be read out by identity card read module 205, read by identity card read module 205
Taking family ID card information, can be verified that user identity is demonstrate,proved by certificate server 203 true and false.It addition, information safety device 201
Send to certificate server 203 after user identity card information is encrypted, it is ensured that the safety of user identity card information transmission
Property.
As the optional embodiment of one of the present embodiment, information safety device 201 generate encryption user identity card information it
After, and subscriber identity information was being sent before terminal 202, information safety device 201, it is also used for hashing algorithm meter
Calculate the hash data of the user identity card information of encryption, and use the private key self stored that hash data is encrypted calculating, raw
Become the first data;Subscriber identity information also includes: the first data.Concrete, information safety device 201 generates the identity of encryption
After card information, hashing algorithm (such as, HASH algorithm) is used to calculate the hash data of the ID card information encrypted (such as,
Summary), calculate after generating hash data, utilize the private key self stored that hash data is encrypted, generate the first data (example
As, signed data), and using the identification information of the first data, the ID card information of encryption and information safety device 201 as user
Identity information sends to terminal 202.By the user identity of encryption card information is calculated hash data and generates first data transmission,
It is possible to prevent illegal molecule to distort the user identity card information of encryption.
In the present embodiment, after terminal 202 obtains subscriber identity information, terminal 202 generates authentication by application program please
Ask, and the subscriber identity information of acquisition is carried send in ID authentication request to certificate server 203.
In the present embodiment, when user identity card information is authenticated by certificate server 203, certificate server 203, also use
The user identity card information corresponding with identification information prestored is obtained in the identification information according to information safety device 201;Also
User identity card information for the user identity of acquisition card information and deciphering being obtained compares, if it does, then to user
The certification of ID card information is passed through, and otherwise, terminates authentication.When specifically applying, as the user carried in ID authentication request
When identity information includes the identification information of ID card information and information safety device 201, certificate server 203 is according to information security
The identification information of device 201 obtains and associates the ID card information stored with identification information, and comparison ID authentication request is carried
To demonstrate,prove information the most identical with associate the user identity stored for user identity card information, if it is different, then recognizing the identity card of user
Demonstrate,proving unsuccessfully, terminate flow for authenticating ID, if identical, the certification to user identity card information is passed through.By user identity is demonstrate,proved
Information is authenticated, and is falsely used by other people and opens an account, only use after can avoiding the identity card of user or electronic cipher device losses
When electronic cipher equipment mates with identity card, just can open an account.
As the optional embodiment of one of the present embodiment, after certificate server 203 receives ID authentication request, and to user
Before ID card information is authenticated, certificate server 203, it is additionally operable to the use of the encryption utilizing the first decruption key to receiving
Family ID card information is decrypted, and obtains user identity card information.When specifically applying, as the user carried in ID authentication request
When identity information includes ID card information and the identification information of information safety device 201 of encryption, certificate server 203 utilize with
The ID card information of the first decruption key corresponding to the first encryption key encryption to receiving is decrypted, and obtains user identity card
Information;After certificate server 203 obtains user identity card information, user identity card information is authenticated.Certificate server
The detailed process that 203 pairs of user identity card information is authenticated repeats no more.
As the optional embodiment of one of the present embodiment, certificate server 203, it is also used for information safety device 201
The first data received are decrypted and obtain hash data by PKI, and use hashing algorithm to calculate the user of the encryption received
The hash data of ID card information, then the comparison private key hash data that obtains of deciphering and the calculated hash data of hash whether phase
With.When specifically applying, when the subscriber identity information carried in ID authentication request includes the ID card information of the first data, encryption
During with the identification information of information safety device 201, after certificate server 203 receives ID authentication request, certificate server 203
The first data received are decrypted and obtain hash data by the PKI using information safety device 201, and use hashing algorithm
Calculate the hash data of the ID card information of the encryption received, then the hash data that comparison public key decryptions obtains calculates with hash
The hash data arrived is the most identical, if identical, then utilizes the ID card information of first decruption key encryption to receiving to carry out
Deciphering, obtains the ID card information of user, and is authenticated the ID card information of user.Certificate server 203 is to user's body
The detailed process that part card information is authenticated repeats no more.
In the present embodiment, the algorithm preset can use any one algorithm following: (1) AES: DES, 3DES or
AES;(2) symmetrical MAC algorithm: DES-CBC, 3DES-CBC, AES-CBC;(3) HASH algorithm: MD5,
SHA1;(4) hmac algorithm: HMAC-MD5, HMAC-SHA1.
In the present embodiment, the information to be certified generated can directly be sent to information safety device 201 by certificate server 203.
Certainly, as a kind of optional embodiment, the information to be certified generated can also first first be sent to terminal by certificate server 203
202, information to be certified is sent to information safety device 201 by terminal 202 again.
As the optional embodiment of one of the present embodiment, user identity card information is authenticated by rear, certificate server 203
Generate information to be certified, and treat and transmit again to information safety device 201 after authentication information is encrypted;Certainly, authentication service
Device 203 also can transmit to information safety device 201 after the information to be certified of encryption is encrypted and is signed again, and the present embodiment is not
It is specifically limited.By transmitting again to information safety device 201, a side after the information to be certified of encryption is encrypted and signs
Face can ensure that the information to be certified safety in transmitting procedure, is on the other hand possible to prevent illegal molecule to distort information to be certified.
In the present embodiment, identification image can be image in 2 D code, it is also possible to be bar code image, of course, it is possible to be other
Image, the present embodiment is not specifically limited, as long as can represent that the image of information to be certified is all in protection scope of the present invention.Logical
Cross and information to be certified is generated identification image, certificate server 203 follow-up identification information to be certified can be facilitated.
In the present embodiment, identification image generation strategy set in advance is algorithm information to be certified being calculated and generating identification image.
Such as, information to be certified is calculated and generates image in 2 D code by certificate server 203;Or, certificate server 203 is by be certified
Information calculates and generates bar code image.
In the present embodiment, information safety device 201 obtains the mode of information to be certified and is: certificate server 203 is by be certified
Information sends to information safety device 201, and information safety device 201 receives and obtain information to be certified.Optional as one
Embodiment, after certificate server 203 generates information to be certified, sends information to be certified to terminal 202 or other terminal 202
Equipment (such as mobile phone), the information to be certified that terminal 202 or other terminal 202 are shown by user again inputs to information safety device
201.As the optional embodiment of another kind, user identity card information is authenticated by rear by certificate server 203, Xiang Xin
Breath safety device 201 sends response signal, after information safety device 201 receives response signal, and certificate server 203 and letter
Breath safety device 201 generates letter to be certified based on identical basic dynamic parameter (such as time parameter, transaction count parameter etc.)
Breath.
In the present embodiment, group photo image can be the photo of face image and the identification image including user, naturally it is also possible to
It is the video of face image and the identification image including user, here, the present embodiment does not limits.
In the present embodiment, after information safety device 201 generates identification image, can send to terminal 202 and generate mark
The response signal of image, after terminal 202 receives response signal, prompting user uploads the face image comprising user and mark figure
The group photo image of picture.
In the present embodiment, the identification image of display on the face of user and information safety device 201 is taken pictures by terminal 202 together
Or record video, obtain group photo image.It is of course also possible to be other external equipment by the face of user and information safety device 201
After the identification image of upper display is taken pictures together or recorded video, generating group photo image, group photo image is sent extremely by other external equipment again
Terminal 202, terminal 202 obtains group photo image.
In the present embodiment, when the identification image in group photo image and face image are authenticated by certificate server 203, certification
Server 203, be additionally operable to according to preset identification image recognition strategy from group photo image identification image in identify to be certified
Information, and the information to be certified that the information to be certified that will identify that generates with self compares, if identical, then to mark figure
The certification of picture is passed through.When specifically applying, the identification image preset in certificate server 203 and information safety device 201 are preset
Identification image generation strategy correspondence corresponding, certificate server 203 according to default identification image recognition strategy from group photo image
In identification image in identify information to be certified, and the information to be certified that the information to be certified that will identify that generates with self is carried out
Comparison, if identical, then the certification to identification image is passed through, if it is different, then the authentification failure to identification image, terminates body
Part certification.By being authenticated realizing the certification to information safety device 201 to the identification image of user.
In the present embodiment, certificate server 203, it is additionally operable in the case of identification image certification is passed through, comparison is deposited in advance
Whether the face image in the ID card information of storage user mates with the face image received in group photo image, if it does, body
Part certification is passed through.When specifically applying, in the case of passing through identification image certification, certificate server 203 is according to information security
The identification information of device 201 obtains the user identity card information of storage corresponding with identification information, and by user identity card information
Face image compares with the face image in the group photo image received, if it does, then the certification to face image is passed through,
Authentication is passed through, if do not mated, terminates authentication.By the certification to face image, can confirm that this information security
Whether device 201 belongs to this true account holder, in the case of preventing identity card and information safety device 201 from losing, non-simultaneously
Method molecule is pretended to be and is opened an account.
Certainly, the face image in group photo image also can be first authenticated by certificate server 203, and in group photo image
In the case of face image certification is passed through, the identification image in group photo image is authenticated.To the mark figure in group photo image
Picture and face image are time all certification is passed through, and the authentication to user is passed through.
By above-mentioned identity authorization system, the identification information of information safety device 201 is demonstrate,proved by certificate server 203 with user identity
The association storage of information, it is achieved the certification to user identity card information, prevents the feelings that information safety device 201 or identity card are lost
Under condition, illegal molecule is pretended to be and is opened an account;It addition, information to be certified is generated identification image, authentication service by information safety device 201
Identification image in group photo image is authenticated by device 203, it is possible to achieve the certification to information safety device 201;It addition, recognize
The face-image of user in group photo image is authenticated by card server 203, is possible to prevent identity card and information safety device 201
In the case of all losing, illegal molecule is pretended to be and is opened an account.
Embodiment 4
The present embodiment provides a kind of remotely account opening system, uses the identity authorization system in above-described embodiment 3 to enter the identity of user
Row certification, after passing through the authentication of user, certificate server 203 is remotely opened an account.User can be remote by real-time performance
Journey is opened an account, and is a kind of account-opening method easily, opens an account furthermore it is possible to prevent illegal molecule from pretending to be
It should be noted that authentication is by afterwards, can be that certificate server 203 is the most remotely opened an account, it is also possible to
It is that staff controls certificate server 203 and remotely opens an account.
Any process described otherwise above or method describe and are construed as in flow chart or at this, represent include one or
The module of code, fragment or the part of the executable instruction of the more steps for realizing specific logical function or process, and
The scope of the preferred embodiment of the present invention includes other realization, wherein can not be by order that is shown or that discuss, including root
According to involved function by basic mode simultaneously or in the opposite order, performing function, this should be by embodiments of the invention institute
Belong to those skilled in the art to be understood.
Should be appreciated that each several part of the present invention can realize by hardware, software, firmware or combinations thereof.In above-mentioned enforcement
In mode, multiple steps or method can be with storing the software or firmware that in memory and be performed by suitable instruction execution system
Realize.Such as, if realized with hardware, with the most the same, available following technology well known in the art
In any one or their combination realize: have and patrol for the discrete of logic gates that data signal is realized logic function
Collect circuit, there is the special IC of suitable combination logic gate circuit, programmable gate array (PGA), field programmable gate
Array (FPGA) etc..
Those skilled in the art are appreciated that it is permissible for realizing all or part of step that above-described embodiment method carries
Instruct relevant hardware by program to complete, program can be stored in a kind of computer-readable recording medium, this program exists
During execution, including one or a combination set of the step of embodiment of the method.
Additionally, each functional unit in each embodiment of the present invention can be integrated in a processing module, it is also possible to be each
Unit is individually physically present, it is also possible to two or more unit are integrated in a module.Above-mentioned integrated module is the most permissible
The form using hardware realizes, it would however also be possible to employ the form of software function module realizes.If integrated module is with software function mould
The form of block realizes and as independent production marketing or when using, it is also possible to be stored in a computer read/write memory medium.
Storage medium mentioned above can be read only memory, disk or CD etc..
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " concrete example ",
Or specific features, structure, material or the feature that the description of " some examples " etc. means to combine this embodiment or example describes comprises
In at least one embodiment or example of the present invention.In this manual, the schematic representation to above-mentioned term not necessarily refers to
It is identical embodiment or example.And, the specific features of description, structure, material or feature can at any one or
Multiple embodiments or example combine in an appropriate manner.
Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is exemplary,
Being not considered as limiting the invention, those of ordinary skill in the art is in the case of without departing from the principle of the present invention and objective
Above-described embodiment can be changed within the scope of the invention, revise, replace and modification.The scope of the present invention is by appended power
Profit requires and equivalent limits.
Claims (10)
1. an identity identifying method, it is characterised in that including:
The identification information of information safety device is associated storage, wherein, described use with user identity card information by certificate server
Family ID card information includes face's figure of resident identification card number, name, date of birth, address, card service life and/or user
Picture;
Described information safety device access terminal, described information safety device powers on, and sets up communication connection with described terminal;
Described information safety device prompting user inputs PIN;
Described information safety device receives the described PIN of described user input, and verify that described user input described individual
People's identification code is the most correct, if incorrect, then prompting user re-enters PIN;
Described terminal, after user opens the application program for carrying out authentication, points out described user to input log-on message;
Described application program receives the described log-on message of described user input, and sends the described log-on message received to answering
Use server;
Described application server receives described log-on message, and judges that described log-on message is the most correct, if correctly, and described end
End allow described user log in described application program, if incorrect, user described in the most described terminal notifying re-enter described in step on
Record information;
Described terminal generates ID authentication request by described application program, and sends described ID authentication request to described certification
Server, wherein, carries subscriber identity information in described ID authentication request, described subscriber identity information includes: Yong Hushen
Part card information and the identification information of information safety device;
Described certificate server receives described ID authentication request, and is authenticated user identity card information;
User identity card information is authenticated by rear by described certificate server, uses the algorithm preset to believe described user identity
Breath carries out calculating generation information to be certified;
Described information safety device obtains described information to be certified, and using described information to be certified as input parameter, according in advance
The identification image generation strategy set, generates identification image;
Described information safety device shows described identification image by display screen;
Described information safety device generates after identification image, user described in described terminal notifying upload the face image comprising user and
The group photo image of described identification image;
Described terminal obtains described group photo image, and sends described group photo image to described certificate server;
Described certificate server receives described group photo image, and schemes the described identification image in described group photo image and described face
As being authenticated.
Method the most according to claim 1, it is characterised in that
Before described terminal generates ID authentication request by described application program, described method also includes: identity card reads mould
Block reads user identity card information from user's resident identification card;Described information safety device obtains described user identity card information,
And use the first encryption key that described user identity card information is encrypted, generate the user identity card information of encryption, and will use
Family identity information sends to described terminal, and wherein, described subscriber identity information includes: the user identity card information of described encryption and
The identification information of described information safety device;
Described certificate server receives after described ID authentication request, and before being authenticated user identity card information, also wraps
Include: described certificate server utilizes the user identity card information of the first decruption key described encryption to receiving to be decrypted,
Information is demonstrate,proved to user identity.
Method the most according to claim 2, it is characterised in that generate the user identity of encryption at described information safety device
After card information, and being sent before described terminal by subscriber identity information, described method also includes: described information security fills
Put the user identity using hashing algorithm to calculate described encryption and demonstrate,prove the hash data of information, and use the private key self stored to described
Hash data is encrypted calculating, generates the first data;
Described subscriber identity information also includes: described first data;
Described certificate server utilizes the user identity card information of the first decruption key described encryption to receiving to be decrypted it
Before, also include: described certificate server uses the PKI of described information safety device to solve described first data received
Close obtain described hash data, and use described hashing algorithm to calculate the hash of user identity card information of the described encryption received
Data, the more described hash data that comparison public key decryptions obtains is the most identical with the calculated described hash data of hash.
4. according to the method described in any one of claims 1 to 3, it is characterised in that user identity is demonstrate,proved by described certificate server
Information is authenticated, including:
Described certificate server obtains prestore corresponding with described identification information according to the identification information of described information safety device
User identity card information;
The user identity card information that the described user identity obtained card information and deciphering are obtained by described certificate server compares,
If it does, then the certification to user identity card information is passed through, otherwise terminate described authentication.
5. according to the method described in any one of Claims 1-4, it is characterised in that to the described mark in described group photo image
Image and described face image are authenticated, including:
Described certificate server identifies institute according in the identification image recognition strategy identification image from described group photo image preset
State information to be certified, and the information described to be certified that the information described to be certified that will identify that generates with self is compared, if
Identical, then the certification to described identification image is passed through;
In the case of the certification of described identification image is passed through, the user identity card letter that described certificate server comparison prestores
Whether the described face image in breath mates with the described face image in the described group photo image received, if it does, described
Authentication is passed through.
6. an identity authorization system, it is characterised in that described system includes: information safety device, terminal, certificate server
And application server;Wherein,
Described certificate server, for the identification information of information safety device is associated storage with user identity card information, its
In, described user identity card information includes resident identification card number, name, date of birth, address, card service life and/or use
The face image at family;
Described information safety device, for access terminal, and sets up communication connection with described terminal;It is additionally operable to point out user input
PIN, and receive the described PIN of described user input, and verify that the PIN that described user inputs is
No correctly, if incorrect, be additionally operable to point out user re-enter PIN;
Described terminal, after opening the application program for carrying out authentication user, prompting user inputs log-on message;
Described application server, for receiving the log-on message that described application program sends, wherein, described log-on message is described
Application program is obtained by the log-on message receiving described user input;
Described application server, is additionally operable to judge that described log-on message is the most correct, if correctly, described terminal is additionally operable to allow
User logs in described application program, if incorrect, described terminal is additionally operable to point out described user to re-enter described log-on message;
Described terminal, is additionally operable to generate ID authentication request by described application program, and described ID authentication request is sent extremely
Described certificate server, wherein, carries subscriber identity information in described ID authentication request, described subscriber identity information includes:
User identity card information and the identification information of information safety device;
Described certificate server, is additionally operable to receive described ID authentication request, and is authenticated user identity card information;Also use
In being authenticated by rear to user identity card information, the algorithm preset is used to carry out described subscriber identity information calculating generation
Information to be certified;
Described information safety device, is additionally operable to obtain described information to be certified, and using described information to be certified as input parameter,
According to identification image generation strategy set in advance, generate identification image, and show described identification image by display screen;
Described terminal, is additionally operable to, after described information safety device generates identification image, point out described user to upload and comprise user's
The group photo image of face image and described identification image;It is additionally operable to obtain described group photo image, and described group photo image is sent extremely
Described certificate server;
Described certificate server, is additionally operable to receive described group photo image, and to the described identification image in described group photo image and institute
State face image to be authenticated.
System the most according to claim 6, it is characterised in that described system also includes identity card read module;
Described identity card read module, for reading user identity card information from resident identification card;
Described information safety device, is additionally operable to obtain described user identity card information, and uses the first encryption key to user identity
Card information is encrypted, and generates the user identity card information of encryption, and sends subscriber identity information to described terminal, wherein,
Described subscriber identity information includes: the user identity card information of described encryption and the identification information of described information safety device;
Described certificate server, for utilizing the user identity card information of first decruption key encryption to receiving to be decrypted,
Obtain user identity card information.
System the most according to claim 7, it is characterised in that
Described information safety device, is also used for the hash data that hashing algorithm calculates the user identity card information of described encryption,
And use the private key self stored that hash data is encrypted calculating, generate the first data;
Described certificate server, the first data received are decrypted by the PKI being also used for described information safety device
To described hash data, and the user identity using described hashing algorithm to calculate the encryption received demonstrate,proves the hash data of information, then
The described hash data that comparison public key decryptions obtains is the most identical with the calculated described hash data of hash.
9. according to the system described in any one of claim 6 to 8, it is characterised in that
Described certificate server, is additionally operable to identification information according to described information safety device and obtains that prestore with described mark
The user identity card information that information is corresponding;It is additionally operable to the user identity card described user identity obtained card information and deciphering obtained
Information compares, if it does, then the certification to user identity card information is passed through, otherwise terminates described authentication.
10. according to the system described in any one of claim 6 to 9, it is characterised in that
Described certificate server, is additionally operable in basis default identification image recognition strategy identification image from described group photo image
Identify described information to be certified, and the information described to be certified that the information described to be certified that will identify that generates with self compares
Right, if identical, then the certification to described identification image is passed through;
Described certificate server, is additionally operable in the case of passing through the certification of described identification image, the user that comparison prestores
Whether the described face image in ID card information mates with the described face image in the described group photo image received, if
Joining, described authentication is passed through.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610146855.4A CN105939196B (en) | 2016-03-15 | 2016-03-15 | Identity identifying method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610146855.4A CN105939196B (en) | 2016-03-15 | 2016-03-15 | Identity identifying method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105939196A true CN105939196A (en) | 2016-09-14 |
CN105939196B CN105939196B (en) | 2019-02-12 |
Family
ID=57151284
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610146855.4A Active CN105939196B (en) | 2016-03-15 | 2016-03-15 | Identity identifying method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105939196B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106453341A (en) * | 2016-10-21 | 2017-02-22 | 腾讯科技(北京)有限公司 | Information processing method and device |
CN106528669A (en) * | 2016-10-31 | 2017-03-22 | 青岛海信电器股份有限公司 | Identification information processing method for terminal device, and device and system |
CN108985409A (en) * | 2018-07-18 | 2018-12-11 | 金联汇通信息技术有限公司 | ID card information read method, device and electronic equipment |
CN109388447A (en) * | 2017-08-08 | 2019-02-26 | 深圳市腾讯计算机系统有限公司 | A kind of interface is drawn and image processing method, device, terminal and server |
CN109951423A (en) * | 2017-12-20 | 2019-06-28 | 金联汇通信息技术有限公司 | System, method, apparatus and the server of authentication |
CN111586023A (en) * | 2020-04-30 | 2020-08-25 | 广州市百果园信息技术有限公司 | Authentication method, authentication equipment and storage medium |
CN111818028A (en) * | 2020-06-28 | 2020-10-23 | 北京思特奇信息技术股份有限公司 | Identity authentication method and system |
CN112969182A (en) * | 2021-02-26 | 2021-06-15 | 北京小米移动软件有限公司 | PIN code setting method and device and terminal equipment |
TWI775460B (en) * | 2021-06-01 | 2022-08-21 | 重量科技股份有限公司 | Risk information exchange system and method with privacy protection |
EP3646247B1 (en) | 2017-06-30 | 2023-09-13 | Cryptomathic Ltd | User authentication based on rfid-enabled identity document and gesture challenge-response protocol |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2065798A1 (en) * | 2007-11-26 | 2009-06-03 | BIOMETRY.com AG | Method for performing secure online transactions with a mobile station and a mobile station |
CN104504321A (en) * | 2015-01-05 | 2015-04-08 | 湖北微模式科技发展有限公司 | Method and system for authenticating remote user based on camera |
CN104935553A (en) * | 2014-03-19 | 2015-09-23 | 北京安讯奔科技有限责任公司 | Unified identity authentication platform and authentication method |
CN105245340A (en) * | 2015-09-07 | 2016-01-13 | 天地融科技股份有限公司 | Identity authentication method based on remote account opening and system |
-
2016
- 2016-03-15 CN CN201610146855.4A patent/CN105939196B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2065798A1 (en) * | 2007-11-26 | 2009-06-03 | BIOMETRY.com AG | Method for performing secure online transactions with a mobile station and a mobile station |
CN104935553A (en) * | 2014-03-19 | 2015-09-23 | 北京安讯奔科技有限责任公司 | Unified identity authentication platform and authentication method |
CN104504321A (en) * | 2015-01-05 | 2015-04-08 | 湖北微模式科技发展有限公司 | Method and system for authenticating remote user based on camera |
CN105245340A (en) * | 2015-09-07 | 2016-01-13 | 天地融科技股份有限公司 | Identity authentication method based on remote account opening and system |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106453341B (en) * | 2016-10-21 | 2019-11-15 | 腾讯科技(北京)有限公司 | Information processing method and device |
CN106453341A (en) * | 2016-10-21 | 2017-02-22 | 腾讯科技(北京)有限公司 | Information processing method and device |
CN106528669A (en) * | 2016-10-31 | 2017-03-22 | 青岛海信电器股份有限公司 | Identification information processing method for terminal device, and device and system |
CN106528669B (en) * | 2016-10-31 | 2019-09-17 | 青岛海信电器股份有限公司 | The identification information processing method of terminal device, apparatus and system |
EP3646247B1 (en) | 2017-06-30 | 2023-09-13 | Cryptomathic Ltd | User authentication based on rfid-enabled identity document and gesture challenge-response protocol |
CN109388447A (en) * | 2017-08-08 | 2019-02-26 | 深圳市腾讯计算机系统有限公司 | A kind of interface is drawn and image processing method, device, terminal and server |
CN109951423B (en) * | 2017-12-20 | 2021-09-10 | 金联汇通信息技术有限公司 | System, method and device for identity authentication and server |
CN109951423A (en) * | 2017-12-20 | 2019-06-28 | 金联汇通信息技术有限公司 | System, method, apparatus and the server of authentication |
CN108985409A (en) * | 2018-07-18 | 2018-12-11 | 金联汇通信息技术有限公司 | ID card information read method, device and electronic equipment |
CN108985409B (en) * | 2018-07-18 | 2022-04-26 | 金联汇通信息技术有限公司 | Identity card information reading method and device and electronic equipment |
CN111586023B (en) * | 2020-04-30 | 2022-05-31 | 广州市百果园信息技术有限公司 | Authentication method, authentication equipment and storage medium |
CN111586023A (en) * | 2020-04-30 | 2020-08-25 | 广州市百果园信息技术有限公司 | Authentication method, authentication equipment and storage medium |
CN111818028A (en) * | 2020-06-28 | 2020-10-23 | 北京思特奇信息技术股份有限公司 | Identity authentication method and system |
CN111818028B (en) * | 2020-06-28 | 2022-09-02 | 北京思特奇信息技术股份有限公司 | Identity authentication method and system |
CN112969182A (en) * | 2021-02-26 | 2021-06-15 | 北京小米移动软件有限公司 | PIN code setting method and device and terminal equipment |
CN112969182B (en) * | 2021-02-26 | 2023-09-26 | 北京小米移动软件有限公司 | PIN code setting method, PIN code setting device and terminal equipment |
TWI775460B (en) * | 2021-06-01 | 2022-08-21 | 重量科技股份有限公司 | Risk information exchange system and method with privacy protection |
Also Published As
Publication number | Publication date |
---|---|
CN105939196B (en) | 2019-02-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105939196A (en) | Identity authentication method and system | |
CN105933280B (en) | Identity identifying method and system | |
US10606997B2 (en) | Remote identity authentication method and system and remote account opening method and system | |
CN105050081B (en) | Method, device and system for connecting network access device to wireless network access point | |
CN106130982B (en) | Intelligent household appliance remote control method based on PKI system | |
US7552322B2 (en) | Using a portable security token to facilitate public key certification for devices in a network | |
WO2017197974A1 (en) | Biometric characteristic-based security authentication method, device and electronic equipment | |
US20160323272A1 (en) | Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method | |
US20100042848A1 (en) | Personalized I/O Device as Trusted Data Source | |
CN105141615A (en) | Method and system for opening account remotely, authentication method and system | |
CN105939197B (en) | A kind of identity identifying method and system | |
CN103532719B (en) | Dynamic password generation method, dynamic password generation system, as well as processing method and processing system of transaction request | |
CN109150535A (en) | A kind of identity identifying method, equipment, computer readable storage medium and device | |
CN109920100B (en) | Unlocking method and system of intelligent lock | |
CN110299996A (en) | Authentication method, equipment and system | |
CN111080858A (en) | Bluetooth key logout method and device | |
CN106022081A (en) | Card reading method for identity-card card-reading terminal, and terminal and system for identity-card card-reading | |
CN106056419A (en) | Method, system and device for realizing independent transaction by using electronic signature equipment | |
CN106878122A (en) | A kind of method for network access and system | |
CN111065081A (en) | Bluetooth-based information interaction method and device | |
CN106027464B (en) | A kind of security information control method and identity card card-reading terminal | |
CN110445782A (en) | A kind of multi-media safety broadcast control system and method | |
CN106027256B (en) | A kind of identity card card reading response system | |
CN111127715A (en) | Bluetooth key replacement method and device | |
CN111147501A (en) | Bluetooth key inquiry method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |