CN105991649A - Scheduling system for reading identity card - Google Patents
Scheduling system for reading identity card Download PDFInfo
- Publication number
- CN105991649A CN105991649A CN201610041590.1A CN201610041590A CN105991649A CN 105991649 A CN105991649 A CN 105991649A CN 201610041590 A CN201610041590 A CN 201610041590A CN 105991649 A CN105991649 A CN 105991649A
- Authority
- CN
- China
- Prior art keywords
- identity card
- reading terminal
- card reading
- authentication
- control module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 claims description 105
- 238000012795 verification Methods 0.000 claims description 92
- 238000011217 control strategy Methods 0.000 claims description 70
- 230000002159 abnormal effect Effects 0.000 claims description 39
- 238000012790 confirmation Methods 0.000 claims description 20
- 238000012545 processing Methods 0.000 claims description 16
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000000034 method Methods 0.000 description 45
- 230000005540 biological transmission Effects 0.000 description 41
- 230000004083 survival effect Effects 0.000 description 35
- 230000008569 process Effects 0.000 description 14
- 230000004044 response Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000005856 abnormality Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a scheduling system for reading an identity card. The scheduling system for reading the identity card comprises an authentication database which is used for storing the working state of all the authentication security control modules in the system and the ciphertext of the encryption key of the identity card reading terminal of the system; and a scheduling server which is used for acquiring identification information of the identity card reading terminal and judging permission of reading the identity card of the identity card reading terminal according to the identification information of the identity card reading terminal; scheduling the working state of the authentication security control modules after receiving a card searching request transmitted by the identity card reading terminal under the condition that reading the identity card is permitted; selecting one authentication security control module according to the principle of work task balancing and transmitting the identification information of the selected authentication security control module to the identity card reading terminal; acquiring the ciphertext of the encryption key of the identity card reading terminal; and transmitting data information to the selected authentication security control module, wherein the selected authentication security control module is used for obtaining the encryption key of the identity card reading terminal.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a scheduling system for reading an identity card.
Background
The existing front-end identity card reading terminal is provided with at least two modules, including a reading module and a resident identity card verification safety control module. Because each front-end identity card reading terminal is provided with the resident identity card verification safety control module, the manufacturing cost of the existing front-end identity card reading terminal is high; moreover, the resident identification card authentication security control module can only authenticate the resident identification card information read by one reading module, so that the utilization rate of the existing front-end identification card reading terminal is low.
The solutions given in the related art are: the resident identification card verification safety control module is removed from the front-end resident identification card reading terminal, the front-end resident identification card reading terminal only has the function of reading the identification information, the identification verification is completed by the background resident identification card verification safety control module, so that the cost of the front-end resident identification card reading terminal can be reduced, and a plurality of front-end resident identification card reading terminals can be verified by the same background resident identification card verification safety control module, so that the utilization rate of the background resident identification card verification safety control module is improved. By adopting the scheme, because the identity of the front-end identity card reading terminal is uncertain, unsafe factors can be brought to the background resident identity card verification safety control module, and further the resident identity card is illegally used.
Disclosure of Invention
The present invention is directed to solving one of the problems set forth above.
The invention mainly aims to provide a scheduling system for reading an identity card.
The scheduling system for reading the identity card provided by the invention comprises: the system comprises an authentication database, a scheduling server and n authentication security control modules, wherein n is an integer greater than or equal to 1, and the authentication database comprises: the authentication database is used for storing working states of all authentication security control modules in the system and ciphertext of an encryption key of each identity card reading terminal in the system, wherein the ciphertext of the encryption key of each identity card reading terminal is obtained by encrypting the encryption key of each identity card reading terminal by using a protection key of the authentication database; a dispatch server to: acquiring identification information of an identity card reading terminal, and judging whether the identity card reading terminal is allowed to read the identity card or not according to the identification information of the identity card reading terminal; under the condition that the identity card reading terminal is allowed to read the identity card, after a card searching request sent by the identity card reading terminal is received, the working state of an authentication security control module in the jurisdiction range of the scheduling server is obtained from an authentication database; selecting one authentication security control module according to the working state of each authentication security control module in the jurisdiction range of the scheduling server, and sending the identification information of the selected authentication security control module to the identity card reading terminal; acquiring a ciphertext of an encryption key of the identity card reading terminal from an authentication database according to the identification information of the identity card reading terminal, wherein the ciphertext is obtained by encrypting the encryption key of the identity card reading terminal by using a protection key of the authentication database; sending data information to the selected authentication security control module, wherein the data information comprises: the cipher text of the encryption key of the identity card reading terminal; and the selected authentication security control module is used for receiving the data information, decrypting the ciphertext of the encryption key of the identity card reading terminal by using the protection key of the authentication database, and obtaining the encryption key of the identity card reading terminal.
Optionally, the scheduling server obtains the identification information of the identity card reading terminal by: the scheduling server receives an access request sent by the identity card reading terminal and acquires identification information of the identity card reading terminal from the access request; or the scheduling server receives an identity card request sent by the identity card reading terminal, and acquires identification information of the identity card reading terminal from the identity card request, wherein the identity card request carries a card searching request and the identification information of the identity card reading terminal.
Optionally, the identification information of the identity card reading terminal includes: a digital certificate of an identity card reading terminal; the scheduling server judges whether the identity card reading terminal is allowed to read the identity card or not through the following modes: judging whether the digital certificate of the identity card reading terminal is abnormal or not, if so, determining that the identity card reading terminal is not allowed to read the identity card, otherwise, judging whether the digital certificate of the identity card reading terminal is in a blacklist or a control list, wherein the blacklist records the digital certificate of the identity card reading terminal which is not allowed to read the identity card, and the control list records the digital certificate of the identity card reading terminal which is required to be controlled to read the identity card according to a preset control strategy; under the condition that the digital certificate of the identity card reading terminal is judged to be in the blacklist, the identity card reading terminal is not allowed to read the identity card, and the request of the identity card reading terminal is refused; and under the condition that the digital certificate of the identity card reading terminal is judged to be in the control list, judging whether the identity card reading terminal is allowed to read the identity card according to a preset control strategy.
Optionally, the identification information of the identity card reading terminal includes: the serial number of the identity card reading terminal and the digital certificate of the identity card reading terminal; the scheduling server judges whether the identity card reading terminal is allowed to read the identity card or not through the following modes: judging whether a digital certificate of an identity card reading terminal is abnormal or not, if so, determining that the identity card reading terminal is not allowed to read the identity card, otherwise, judging whether the digital certificate of the identity card reading terminal or a serial number of the identity card reading terminal is in a blacklist or a control list, wherein identification information of the identity card reading terminal which is not allowed to read the identity card is recorded in the blacklist, and identification information of the identity card reading terminal which needs to control the operation of reading the identity card according to a preset control strategy is recorded in the control list; under the condition that the digital certificate of the identity card reading terminal or the serial number of the identity card reading terminal is judged to be in the blacklist, the identity card reading terminal is not allowed to read the identity card, and the request of the identity card reading terminal is refused; and under the condition that the digital certificate of the identity card reading terminal or the serial number of the identity card reading terminal is judged to be in the control list, judging whether the identity card reading terminal is allowed to read the identity card according to a preset control strategy.
Optionally, under the condition that the identification information of the identity card reading terminal is judged to be in the control list, whether the identity card reading terminal is allowed to read the identity card is judged at least according to one of the following modes: judging whether the identity card reading terminal is currently in an allowed position range or not according to a preset control strategy, if so, allowing the identity card reading terminal to read the identity card, otherwise, not allowing the identity card reading terminal to read the identity card, and rejecting a request of the identity card reading terminal, wherein the preset control strategy records the allowed position range of the identity card reading terminal; judging whether the current time is within a time range allowing the identity card reading terminal to read the identity card or not according to a preset control strategy, if so, allowing the identity card reading terminal to read the identity card, otherwise, not allowing the identity card reading terminal to read the identity card and rejecting a request of the identity card reading terminal, wherein the preset control strategy records the time range allowing the identity card reading terminal to read the identity card; judging whether the historical card reading times of the identity card reading terminal exceed a preset time threshold value or not in a preset time period according to a preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration of the preset time period and the preset time threshold value; according to a preset control strategy, judging whether the distance between the positions of two consecutive card readings of the identity card reading terminal exceeds a preset distance or not within a preset time period, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration of the preset time period and the preset distance; and judging whether the time interval of continuous twice card reading of the identity card reading terminal exceeds a preset value or not according to a preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration of a preset time period and a preset distance.
Optionally, the selected authentication security control module is further configured to receive the encrypted identification information of the identity card, decrypt the encrypted identification information of the identity card, and return the decrypted identification information of the identity card to the scheduling server; the scheduling server is further configured to determine whether to add the identification information of the identity card reading terminal to a blacklist or a control list at least according to the identification information of the identity card, the identification information of the identity card reading terminal, and a preset policy.
Optionally, the scheduling server is further configured to determine whether the identification information of the identity card is in an identity card blacklist, and if so, send indication information to the selected authentication security control module to indicate that the identity card read by the identity card reading terminal is illegal.
Optionally, the system further comprises: the system comprises n authentication safety control modules, wherein one authentication safety control module is correspondingly connected with one verification safety control module, and the verification safety control modules connected with different authentication safety control modules are different; the selected authentication security control module is also used for acquiring a card searching request, wherein the card searching request is ciphertext data obtained by encrypting by using an encryption key of the identity card reading terminal; decrypting the card searching request by using an encryption key of the identity card reading terminal, and sending the decrypted card searching request to a correspondingly connected verification safety control module; the verification safety control module is correspondingly connected and used for confirming the receipt of the card searching request and sending the confirmation information to the selected authentication safety control module; the selected authentication security control module is also used for acquiring a session key, encrypting the confirmation information by using the session key and sending the encrypted confirmation information to the identity card reading terminal.
Optionally, the dispatch server is further configured to generate an authentication code after selecting one of the authentication security control modules, and send the authentication code to the id card reading terminal and the authentication database, respectively.
Optionally, the system further includes an authorization server, where the scheduling server is further configured to send data to be signed to the selected authentication security control module when the selected authentication security control module is powered on; the selected authentication security control module is also used for signing the data to be signed by using the signature private key to obtain signature data, and returning the authentication data comprising the signature data, a signature public key certificate corresponding to the signature private key and an encrypted public key certificate of the selected authentication security control module to the scheduling server; the dispatching server is also used for receiving the authentication data returned by the selected authentication security control module and judging whether the signature public key certificate and the encryption public key certificate are in abnormal state or not; under the condition that the signature public key certificate and the encryption public key certificate are judged not to be in an abnormal processing state, sending the data to be signed and the authentication data to an authorization server; the authorization server is used for verifying whether the signature public key certificate and the encryption public key certificate are distributed to the same identity card reading terminal through the connected authorization electronic signature equipment, if so, verifying whether signature data are correct, if so, passing the identity authentication of the selected authentication security control module, otherwise, failing to pass the identity authentication of the selected authentication security module; the authorization server is also used for encrypting the protection key of the authentication database by the authorization electronic signature device and then sending the encrypted protection key to the scheduling server under the condition that the identity authentication of the selected authentication security control module passes; and issuing warning information under the condition that the identity authentication of the selected authentication security control module is not passed; the dispatching server is also used for sending the encrypted protection key of the authentication database to the selected authentication security control module; the selected authentication security control module is also used for decrypting the encrypted protection key of the authentication database to obtain the protection key of the authentication database.
Optionally, the selected authentication security control module is further configured to store the obtained protection key of the authentication database in the RAM, and prohibit the protection key of the authentication database from being saved in the flash.
Optionally, the scheduling server is further configured to update the operating status of the selected authentication security control module stored in the authentication database after selecting one authentication server.
Optionally, the dispatch server is further configured to instruct to turn on or turn off some of the authentication security control modules according to the working states of all the authentication security control modules in the current system.
Optionally, the scheduling server is further configured to monitor a working state of each authentication security control in real time, and output alarm information when monitoring that the authentication security control module is abnormal.
According to the technical scheme provided by the invention, the dispatching server judges the identity card reading terminal before selecting the authentication security control module for the identity card reading terminal, judges whether the identity card reading terminal is allowed to read the identity card or not, and selects one authentication security control module for the identity card reading terminal only under the condition that the identity card reading terminal is allowed to read the identity card, so that the illegal identity card reading terminal is prevented from attacking the authentication security control module, and the security of the resident identity card is ensured. In addition, in the invention, the scheduling server acquires the encryption key of the identity card reading terminal from the authentication database and sends the ciphertext of the encryption key of the identity card reading terminal to the selected authentication security control module, so that the selected authentication security control module can decrypt the encrypted data sent by the identity card reading terminal, and the security of the identity card data transmission process is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a scheduling system for reading an identity card according to embodiment 1 of the present invention;
fig. 2 is a schematic structural diagram of a scheduling system for optionally reading an identity card according to embodiment 1 of the present invention;
fig. 3 is a flowchart of a scheduling method for reading an identity card according to embodiment 2 of the present invention;
fig. 4 is a schematic structural diagram of a dispatch server applied to identity card reading according to embodiment 3 of the present invention;
fig. 5 is a flowchart of a key obtaining method according to embodiment 4 of the present invention;
fig. 6 is a flowchart of a key obtaining method according to embodiment 5 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
The embodiment provides a scheduling system for reading an identity card.
Fig. 1 is a schematic diagram of an architecture of a scheduling system for reading an identity card provided in this embodiment, as shown in fig. 1, the system mainly includes: the system comprises an authentication database 101, a scheduling server 102 and n authentication security control modules (103-1, 103-2, … …, 103-n), wherein n is an integer greater than or equal to 1.
In this embodiment, the authentication database 101 is configured to store the operating states of all authentication security control modules (103-1, 103-2, … …, and 103-n) in the system and ciphertext of an encryption key of each id card reading terminal in the system, where the ciphertext of the encryption key of each id card reading terminal is obtained by encrypting the encryption key of each id card reading terminal with a protection key of the authentication database 101. In an alternative implementation of the embodiment of the present invention, the authentication database 101 may maintain a working state table that records at least whether each authentication security control module (103-1, 103-2, … …, 103-n) is currently in an idle state or a busy state. The dispatch server 102 may determine whether an authentication security control module is currently idle or busy based on the operating state table. Further, if the current status of a certain authentication security control module is busy, the number of the identity card reading terminals currently processed by the authentication security control module may be further maintained in the authentication database 101, so as to facilitate the dispatch of the server 101 according to the load balancing principle.
The scheduling server 102 is configured to obtain identification information of the identity card reading terminal, and determine whether to allow the identity card reading terminal to read the identity card according to the identification information of the identity card reading terminal; under the condition that the identity card reading terminal is allowed to read the identity card, after a card searching request sent by the identity card reading terminal is received, the working states of all authentication security control modules (103-1, 103-2, … … and 103-n) in the jurisdiction range of the scheduling server 102 are obtained from the authentication database 101; according to the working states of the authentication security control modules (103-1, 103-2, … …, 103-n) in the jurisdiction of the scheduling server 102, selecting one authentication security control module (in the embodiment, for convenience of description, the authentication security control module selected by the scheduling server 102 is assumed to be the authentication security control module 103-1), and sending the identification information (for example, the serial number of the authentication security control module 103-1) of the selected authentication security control module 103-1 to the identity card reading terminal; acquiring a ciphertext of an encryption key of the identity card reading terminal from the authentication database 101 according to the identification information of the identity card reading terminal, wherein the ciphertext of the encryption key is obtained by encrypting the encryption key of the identity card reading terminal by using a protection key of the authentication database 101; sending data information to the selected authentication security control module 103-1, wherein the data information comprises: and (4) the cipher text of the encryption key of the identity card reading terminal.
In this embodiment, the encryption key of the identity card reading terminal may be stored in the authentication database 101 when the user applies for the identity card reading terminal and writes the encryption key into the identity card reading terminal, and in order to ensure the storage security of the encryption key, the authentication database 101 may further encrypt the encryption key, for example, the encryption key may be encrypted by using a protection key of the authentication database 101, and the authentication database 101 stores the encrypted encryption key. In a specific application, the authentication database 101 may store the encryption key of the identity card reading terminal in a key value manner, that is, the identification information of the identity card reading terminal is used as a key, and the encryption key ciphertext of the identity card reading terminal is a value of the piece of data.
In an optional implementation of the embodiment of the present invention, the encryption key of the identity card reading terminal may be a symmetric key or an asymmetric key, and if the encryption key is an asymmetric key, the encryption key is stored in the authentication database 101 and may be a public key of the identity card reading terminal.
The selected authentication security control module 103-1 is configured to receive the data information, decrypt the ciphertext of the encryption key of the id card reading terminal using the protection key of the authentication database 101, and obtain the encryption key of the id card reading terminal. In this embodiment, the authentication security control module is an external interface of the verification security control module, the verification security control module is responsible for decrypting the ciphertext stored in the identity card, and the authentication security control module is responsible for encryption, decryption and authentication to ensure the security of the data sent to the verification security control module. In this embodiment, the verification security control module may be implemented by using an existing resident identification card verification security control module (i.e., a resident identification card verification security control module authenticated by the public security department). After the authentication security control module 103-1 obtains the encryption key of the identity card reading terminal, the data encrypted by the identity card reading terminal using the encryption key can be decrypted, so in this embodiment, when the identity card reading terminal sends data to the network side for the first time, the data to be sent can be encrypted using the encryption key, and the authentication security control module 103-1 decrypts the data sent by the identity card reading terminal using the encryption key of the identity card reading terminal, so that the data sent by the identity card reading terminal can be obtained, and the security of data transmission is ensured.
According to the scheduling system for reading the identity card provided by the embodiment, when the identity card reading terminal searches for the identity card and sends a card searching request to the network side, the scheduling server 102 firstly judges whether the identity card reading terminal is allowed to read the identity card or not after receiving the card searching request, and only under the condition that the identity card reading terminal is allowed to read the identity card, the authentication security control module is allocated to the identity card reading terminal, so that the attack of an illegal identity card reading terminal on the authentication security control module is avoided, and the security of reading the identity card is improved.
In an optional implementation of the embodiment of the present invention, the dispatch server 102 may obtain the identification information of the id card reading terminal at least in one of the following manners:
(1) the scheduling server 102 receives an access request sent by the identity card reading terminal, and acquires identification information of the identity card reading terminal from the access request. In the mode, the scheduling server 102 allows the identity card reading terminal to access after judging that the identity card reading terminal is allowed to read the identity card, can protect long connection after the identity card reading terminal is accessed, and sends a card searching request to the scheduling server 102 after searching the identity card; in an optional implementation manner of this embodiment, in order to ensure data transmission security, after allowing the access of the id card reading terminal, the scheduling server 102 may establish a secure channel with the id card reading terminal, for example, negotiate a transmission key with the id card reading terminal, and after finding an id card, the id card reading terminal may send a card finding request to the scheduling server 102 through the secure channel, that is, encrypt the card finding request by using the transmission key, and after receiving the encrypted card finding request, the scheduling server 102 decrypts by using the transmission key to obtain the card finding request, and allocates an authentication security control module to the id card reading terminal. Through this mode, can verify identity card reading terminal when identity card reading terminal access, to the identity card reading terminal of relative safety (for example, set up the identity card reading terminal at the bank), can adopt this kind of mode, can reduce the number of times of verifying to identity card reading terminal, raise the efficiency.
(2) The scheduling server 102 receives an identity card request sent by an identity card reading terminal, and acquires identification information of the identity card reading terminal from the identity card request, wherein the identity card request carries a card searching request and the identification information of the identity card reading terminal. In this manner, each time the identity card is read by the identity card reading terminal, the scheduling server 102 verifies the identity card once, the identity card reading terminal sends a card searching request to the network side after searching the identity card, and the scheduling server 102 obtains the identification information of the identity card reading terminal after receiving the card searching request. By the mode, the identity card reading terminal can be verified when the identity card reading terminal reads one identity card every time, and for the identity card reading terminal which is relatively insecure (for example, the identity card reading terminal arranged at a personal merchant), the mode can be adopted to ensure the safety.
In an optional implementation of the embodiment of the present invention, the identification information of the identity card reading terminal may include: a digital certificate of an identity card reading terminal; the dispatch server 102 determines whether to allow the identification card reading terminal to read the identification card by: judging whether the digital certificate of the identity card reading terminal is abnormal or not, if so, determining that the identity card reading terminal is not allowed to read the identity card, otherwise, judging whether the digital certificate of the identity card reading terminal is in a blacklist or a control list, wherein the blacklist records the digital certificate of the identity card reading terminal which is not allowed to read the identity card, and the control list records the digital certificate of the identity card reading terminal which is required to be controlled to read the identity card according to a preset control strategy; under the condition that the digital certificate of the identity card reading terminal is judged to be in the blacklist, the identity card reading terminal is not allowed to read the identity card, and the request of the identity card reading terminal is refused; and under the condition that the digital certificate of the identity card reading terminal is judged to be in the control list, judging whether the identity card reading terminal is allowed to read the identity card according to a preset control strategy.
Or, in another optional implementation manner of the embodiment of the present invention, the identification information of the identity card reading terminal may include: the serial number of the identity card reading terminal and the digital certificate of the identity card reading terminal; the dispatch server 102 may determine whether to allow the identification card reading terminal to read the identification card by: judging whether a digital certificate of an identity card reading terminal is abnormal or not, if so, determining that the identity card reading terminal is not allowed to read the identity card, otherwise, judging whether the digital certificate of the identity card reading terminal or a serial number of the identity card reading terminal is in a blacklist or a control list, wherein identification information of the identity card reading terminal which is not allowed to read the identity card is recorded in the blacklist, and identification information of the identity card reading terminal which needs to control the operation of reading the identity card according to a preset control strategy is recorded in the control list; under the condition that the digital certificate of the identity card reading terminal or the serial number of the identity card reading terminal is judged to be in the blacklist, the identity card reading terminal is not allowed to read the identity card, and the request of the identity card reading terminal is refused; and under the condition that the digital certificate of the identity card reading terminal or the serial number of the identity card reading terminal is judged to be in the control list, judging whether the identity card reading terminal is allowed to read the identity card according to a preset control strategy.
In the two optional embodiments, when determining whether the digital certificate of the identity card reading terminal is abnormal, the scheduling server 102 may query, on the digital certificate status online query server, the digital certificate for signature verification and the survival status of the digital certificate for encryption, where the survival status includes: the device comprises a normal survival state and an abnormal survival state, wherein the abnormal survival state at least comprises one of the following states: certificate expiration, certificate freeze, and certificate blacklisting.
In the two optional embodiments, the blacklist and the control list may be set according to a preset rule and a card reading behavior of each identity card reading terminal.
Through the two optional implementation modes, whether the identity card reading terminal is allowed to read the identity card can be judged through the blacklist and the control name sheet, so that the attack of an illegal identity card reading terminal on a network side can be avoided, and the reading safety of the identity card is improved.
In an optional implementation scheme of the embodiment of the present invention, the blacklist stores identification information of an illegal id card reading terminal, for example, identification information of a missed id card reading terminal, identification information of an id card reading terminal with continuous occurrence of an anomaly, a serial number of an id card reading terminal exceeding a service life, identification information of an id card reading terminal occurring in a plurality of regions in a short time, and the like, and processing of a request thereof may bring a large risk, if the scheduling server 102 determines that the identification information of the id card reading terminal is included in the blacklist, it is indicated that the identification information of the id card reading terminal is the identification information of the illegal id card reading terminal, and the scheduling server 102 does not perform processing, and terminates a processing flow. Optionally, the dispatch server 102 may return a prompt to prompt the user that the id card reading terminal has been blacklisted for subsequent operations and problem resolution.
In an optional implementation of the embodiment of the present invention, a specific control policy may be recorded in the control list, and when it is determined that the identification information of the identity card reading terminal is in the control list, the method includes, but is not limited to, determining whether to allow the identity card reading terminal to read the identity card in one of the following manners:
judging whether the identity card reading terminal is currently in an allowed position range or not according to a preset control strategy, if so, allowing the identity card reading terminal to read the identity card, otherwise, not allowing the identity card reading terminal to read the identity card and rejecting a request of the identity card reading terminal, wherein the preset control strategy records the allowed position range of the identity card reading terminal; that is, for some identity card reading terminals, the identity card reading terminals are only allowed to read the identity card within certain position ranges, and if the identity card reading terminals exceed the position ranges, the identity card is not allowed to read the identity card. For example, in a specific application, an identification card reading terminal applied by a bank client can only read an identification card at a bank outlet, and the identification card reading terminal is not allowed to read the identification card beyond the bank outlet. In this case, in this way, the identification card reading terminal can be located to determine the current position of the identification card reading terminal. By adopting the mode, the identity card reading terminal which is exclusively used in a certain place can be prevented from being stolen.
And (II) judging whether the current time is in a time range allowing the identity card reading terminal to read the identity card or not according to a preset control strategy, if so, allowing the identity card reading terminal to read the identity card, otherwise, not allowing the identity card reading terminal to read the identity card, and rejecting the request of the identity card reading terminal, wherein the preset control strategy records the time range allowing the identity card reading terminal to read the identity card. That is, for some identity card reading terminals, the identity card reading terminals are only allowed to read the identity card within some time periods, and the identity card reading terminals are not allowed to read the identity card beyond the time periods. For example, a railway system has only 7: 00-22: 00 ticket selling, therefore, the identity card reading terminals arranged in the railway system only allow the identity cards to be read in the time periods, so as to avoid the illegal use of the identity card reading terminals.
And (III) judging whether the historical card reading times of the identity card reading terminal exceed a preset time threshold value or not in a preset time period according to a preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration of the preset time period and the preset time threshold value. The method and the device limit the card reading times of the identity card reading terminal in a preset time period, and avoid the problem that the authentication security control module cannot work normally due to the fact that the same identity card reading terminal frequently reads cards in a short time to cause overload of the authentication security control module.
Judging whether the distance between the positions of two continuous card reading of the identity card reading terminal exceeds a preset distance or not in a preset time period according to a preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration and the preset distance of the preset time period; that is, for some id card reading terminals, it is not allowed to be used in a long distance, for example, the id card reading terminal distributed to a certain merchant is not allowed to be used in two places far away from each other, so as to avoid the theft of the user's id card reading terminal.
And (V) judging whether the time interval of continuous twice card reading of the identity card reading terminal exceeds a preset value or not according to a preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration of a preset time period and a preset distance. Namely, the card reading frequency of the identity card reading terminal is controlled, and the attack of the same identity card reading terminal on the authentication security control module caused by frequent card reading is avoided.
It should be noted that, although the above five manners are discussed separately, it is obvious to a person skilled in the art that two or more control policies may be set for the same identity card reading terminal at the same time, for example, for the same identity card reading terminal, only the identity card reading terminal is allowed to read an identity card within a certain position range for a certain period of time, and only when the requirements of the position and the time are met at the same time, the identity card reading terminal is allowed to read the identity card.
In an optional implementation of the embodiment of the present invention, as shown in fig. 2, the system may further include n verification security control modules (105-1, 105-2, … …, 105-n), where one authentication security control module is correspondingly connected to one verification security control module, and the verification security control modules connected to different authentication security control modules are different. In this alternative embodiment, after the dispatch server 102 returns the identification information of the selected authentication security control module 103-1 (for example, the network port of the selected authentication security control module 103-1) to the id card reading terminal, the dispatch server 102 may send the received card searching request to the selected authentication security control module 103-1, in which case, each authentication security control module (103-1, 103-2, … …, 103-n) may be directly connected to each port of the dispatch server 102; or, after the scheduling server 102 returns the identification information of the selected authentication security control module 103-1 to the identity card reading terminal, the identity card reading terminal sends a card searching request to the selected authentication security control module 103-1 according to the identification information of the selected authentication security control module 103-1, in this case, the authentication security control module is a module with a network communication function, and can directly communicate with the identity card reading terminal. In this optional embodiment, the selected authentication security control module 103-1 is further configured to obtain a card search request, where the card search request may be ciphertext data obtained by encrypting card search request data by using an own encryption key of the identity card reading terminal, and after receiving the card search request, the selected authentication security control module 103-1 may decrypt the card search request by using the obtained encryption key of the identity card reading terminal, and send the decrypted card search request to the verification security control module 105-1 correspondingly connected to the selected authentication security control module 103-1. The correspondingly connected verification security control module 105-1 is used for confirming the receipt of the card searching request and sending the confirmation information to the selected authentication security control module 103-1; the selected authentication security control module 103-1 is further configured to obtain a session key, encrypt the confirmation information using the session key, and send the encrypted confirmation information to the identity card reading terminal. It should be noted that, in this optional embodiment, in order to ensure that the data transmission security identification card reading terminal performs encrypted transmission on the card seeking request, the selected authentication security control module 103-1 also performs encrypted transmission on the confirmation information, but if the transmission environment is secure, the confirmation information may not be encrypted, and this embodiment is not limited in particular.
In the above optional embodiment, the session key may be obtained by negotiation between the selected authentication security control module 103-1 and the identity card reading terminal, or may be a random number directly generated by the selected authentication security control module 103-1, and if the session key is the random number generated by the selected authentication security control module 103-1, the selected authentication security control module 103-1 may encrypt the random number using an encryption key of the identity card reading terminal, or may encrypt the random number using a public key of the identity card reading terminal, and send the encrypted random number and the encrypted confirmation information to the identity card reading terminal together, so as to ensure the transmission security of the session key.
In an optional implementation of the embodiment of the present invention, according to the normal id card reading process, after receiving the confirmation information of the card searching request, the id card reading terminal performs the card selecting process, after the identity card is selected, the identity card reading terminal sends an encrypted card selection request to the selected authentication security control module 103-1, the selected authentication security control module 103-1 decrypts the encrypted card selection request and sends the decrypted card selection request to the corresponding verification security control module 105-1, the verification security control module 105-1 responds to the card selection request and sends response information to the selected authentication security control module 103-1, the selected authentication security control module 103-1 encrypts the response information and sends the encrypted response information to the identity card reading terminal, and the identity card reading terminal sends identification information of the selected identity card to the selected authentication security control module 103-1 after receiving the response information. In this optional embodiment, the selected authentication security control module 103-1 is further configured to receive the encrypted identification information of the identification card, decrypt the encrypted identification information of the identification card, and return the decrypted identification information of the identification card to the dispatch server 102; the scheduling server 102 is further configured to determine whether to add the identification information of the identity card reading terminal to a blacklist or a control list at least according to the identification information of the identity card, the identification information of the identity card reading terminal, and a preset policy, for example, determine whether the card reading frequency of the identity card reading terminal exceeds a predetermined value, frequently read different identity cards by the identity card reading terminal, and the like, so as to determine whether to add the identification information of the identity card reading terminal to the blacklist or the control list. In this optional embodiment, the scheduling server 102 may manage the id card reading terminal according to a preset policy, so as to dynamically update the blacklist and the control list, and further ensure that the authentication security control module is not attacked illegally.
In an optional implementation of the embodiment of the present invention, the scheduling server 102 is further configured to determine whether the identification information of the identity card is in an identity card blacklist, if so, send indication information to the selected authentication security control module 103-1 to indicate that the identity card read by the identity card reading terminal is illegal, after receiving the indication information, the selected authentication security control module 103-1 may stop processing the current identity card reading process, and the selected authentication security control module 103-1 may also send prompt information to the identity card reading terminal to prompt the user that the current identity card is illegal. The identity card blacklist includes illegal identity card identification information, such as identification information of a reported identity card, identification information of an identity card with continuous abnormality, identification information of an expired identity card, and the like. Alternatively, the identification information of the identity card may be a serial number of the identity card, i.e. a birth card of the identity card. Through the optional implementation mode, the illegal identity card can be identified, and reading of the illegal identity card is avoided.
In an optional implementation of the embodiment of the present invention, the dispatch server 102 is further configured to generate an authentication code after selecting one of the authentication security control modules 103-1, send the authentication code to the id card reading terminal and the authentication database 101 respectively (for example, the authentication code may be sent to the id card reading terminal together with the identification information of the selected authentication security control module 103-1), store the authentication code in the authentication database 101, and delete the authentication code by the authentication database 101 when the validity period arrives. After receiving the authentication code, the identity card reading terminal carries the authentication code in a request sent to the network side in the subsequent process. For example, if the card-reading terminal needs to send a card-searching request to the selected authentication security control module 103-1 after receiving the identification information of the selected authentication security control module 103-1, the card-searching request may carry the authentication code, if the card-searching request is encrypted, the authentication code may be encrypted together and sent to the selected authentication security control module 103-1, and after receiving the authentication code, the selected authentication security control module 103-1 may query whether the authentication database contains the authentication code, if so, continue the subsequent processing, and if not, indicate that the authentication code has failed, and reject the request of the card-reading terminal. Through the optional implementation manner, the scheduling server 102 can control the access time of the identity card reading terminal through the valid time of the authentication code, and avoid the problem that after the authentication security control module is selected for the identity card reading terminal, the identity card reading terminal does not initiate a card reading request for a long time, so that the authentication security control module is idle for a long time and cannot be allocated to other identity card reading terminals.
In an optional implementation of the embodiment of the present invention, in order to ensure data security, the authentication security control module may be further authenticated. In this alternative embodiment, as shown in FIG. 2, the system also includes an authorization server 104.
In the above optional embodiment, the dispatch server 102 is further configured to send data to be signed to the selected authentication security control module 103-1 when the selected authentication security control module 103-1 is powered on; the selected authentication security control module 103-1 is further configured to use the signature private key to sign the data to be signed to obtain signature data, and return authentication data including the signature data, a signature public key certificate corresponding to the signature private key, and an encrypted public key certificate of the selected authentication security control module 103-1 to the scheduling server 102; the dispatch server 102 is further configured to receive authentication data returned by the selected authentication security control module 103-1, and determine whether the signature public key certificate and the encryption public key certificate are in an abnormal state; under the condition that the signature public key certificate and the encryption public key certificate are judged not to be in the abnormal processing state, the data to be signed and the authentication data are sent to the authorization server 104; the authorization server 104 is used for verifying whether the signature public key certificate and the encryption public key certificate are distributed to the same identity card reading terminal through the connected authorization electronic signature equipment, if so, verifying whether signature data are correct, if so, passing the identity authentication of the selected authentication security control module 103-1, otherwise, failing to pass the identity authentication of the selected authentication security module; the authorization server 104 is further configured to encrypt the protection key of the authentication database 101 by an authorized electronic signature device and send the encrypted protection key to the dispatch server 102 when the identity authentication of the selected authentication security control module 103-1 passes; and issuing warning information under the condition that the identity authentication of the selected authentication security control module 103-1 is not passed; the dispatch server 102 is further configured to send the encrypted protection key of the authentication database 101 to the selected authentication security control module 103-1; the selected authentication security control module 103-1 is further configured to decrypt the encrypted protection key of the authentication database 101 to obtain the protection key of the authentication database 101.
In the above embodiment, the dispatch server 102 authenticates the selected authentication security control module 103-1 through the authorization server 104, but is not limited thereto, and if the selected authentication security control module 103-1 has a communication function, the authorization server 104 may directly authenticate the selected authentication security control module 103-1. For authentication of the authentication security control module, reference may be made specifically to the description of embodiments 4 and 5.
In an optional implementation of the embodiment of the present invention, the selected authentication security control module 103-1 is further configured to store the obtained protection key of the authentication database 101 in the RAM, and prohibit the protection key of the authentication database 101 from being stored in the flash. Through the optional implementation mode, after the selected authentication security control module 103-1 is powered off, the protection key of the authentication database 101 is automatically deleted, so that the security of the protection key of the authentication database 101 is ensured.
In an optional implementation of the embodiment of the present invention, the scheduling server 102 is further configured to update the operating status of the selected authentication security control module 103-1 stored in the authentication database 101 after selecting one authentication server, so that the subsequent scheduling server 102 may select according to the updated operating status.
In an optional implementation of the embodiment of the present invention, the dispatch server 102 is further configured to instruct to turn on or turn off some of the authentication security control modules according to the working status of all the authentication security control modules in the current system. Through the optional implementation manner, the dispatch server 102 may turn on or turn off a part of the authentication security control modules according to the working state of the authentication security control modules in the current system, thereby achieving the purposes of full utilization of resources and energy saving.
In an optional implementation of the embodiment of the present invention, the dispatch server 102 is further configured to monitor the working status of each authentication security control in real time, and output alarm information when monitoring that an authentication security control module is abnormal, so as to notify a system maintenance worker to process the abnormal authentication security control module in time.
Example 2
The embodiment provides a scheduling method for reading an identity card.
Fig. 3 is a flowchart of a scheduling method for reading an identity card according to this embodiment, and as shown in fig. 3, the method mainly includes the following steps:
step S301, a scheduling server acquires identification information of an identity card reading terminal, and judges whether the identity card reading terminal is allowed to read an identity card or not according to the identification information of the identity card reading terminal;
step S302, under the condition that the identity card reading terminal is allowed to read the identity card, after a card searching request sent by the identity card reading terminal is received, the working state of an authentication security control module in the jurisdiction range of a scheduling server is obtained from an authentication database;
step S303, according to the principle of work task balance, selecting one authentication security control module according to the work state table of the authentication security control modules in the jurisdiction range of the scheduling server, and sending the identification information of the selected authentication security control module to the identity card reading terminal;
step S304, acquiring a ciphertext of an encryption key of the identity card reading terminal from the authentication database according to the identification information of the identity card reading terminal, wherein the ciphertext is obtained by encrypting the encryption key of the identity card reading terminal by using a protection key of the authentication database;
step S305, sending data information to the selected authentication security control module, wherein the data information comprises: and (4) the cipher text of the encryption key of the identity card reading terminal.
In this embodiment, the authentication database stores the operating states of all authentication security control modules in the system and the ciphertexts of the encryption keys of the individual id card reading terminals in the system, where the ciphertexts of the encryption keys of the individual id card reading terminals are obtained by encrypting the encryption keys of the individual id card reading terminals respectively with the protection keys of the authentication database. In an optional implementation of the embodiment of the present invention, an operating state table may be maintained in the authentication database, where the operating state table records at least whether each authentication security control module is currently in an idle state or a busy state. The scheduling server can judge whether a certain authentication security control module is currently idle or busy according to the working state table. Further, if the current state of a certain authentication security control module is a busy state, the number of the identity card reading terminals currently processed by the authentication security control module can be further maintained in the authentication database, so that the scheduling server can conveniently distribute the identity card reading terminals according to the principle of load balancing.
In this embodiment, the encryption key of the identity card reading terminal may be stored in the authentication database when the user applies for the identity card reading terminal and writes the encryption key into the identity card reading terminal, and in order to ensure the storage security of the encryption key, the authentication database may further encrypt the encryption key, for example, the protection key of the authentication database may be used to encrypt the encryption key, and the authentication database stores the encrypted encryption key. In a specific application, the authentication database may store the encryption key of the identity card reading terminal in a key value manner, that is, the identification information of the identity card reading terminal is used as a key, and the encryption key ciphertext of the identity card reading terminal is a value of the piece of data.
In an optional implementation of the embodiment of the present invention, the encryption key of the identity card reading terminal may be a symmetric key or an asymmetric key, and if the encryption key is an asymmetric key, the encryption key is stored in the authentication database and may be a public key of the identity card reading terminal.
In this embodiment, the dispatch server sends the encryption key of the identity card reading terminal to the selected authentication security control module in step S305, and after the authentication security control module is selected to obtain the encryption key of the identity card reading terminal, the data encrypted by the identity card reading terminal using the encryption key can be decrypted.
According to the scheduling method provided by the embodiment, when the identity card reading terminal searches for the identity card and sends the card searching request to the network side, the scheduling server firstly judges whether the identity card reading terminal is allowed to read the identity card or not after receiving the card searching request, and only under the condition that the identity card reading terminal is allowed to read the identity card, the authentication security control module is distributed to the identity card reading terminal, so that the attack of an illegal identity card reading terminal on the authentication security control module is avoided, and the identity card reading security is improved.
In an optional implementation of the embodiment of the present invention, the obtaining, by the scheduling server, the identification information of the identity card reading terminal includes one of:
(1) and the scheduling server receives an access request sent by the identity card reading terminal and acquires the identification information of the identity card reading terminal from the access request. In the mode, the scheduling server judges that the identity card reading terminal is allowed to read the identity card and then allows the identity card reading terminal to access, the long connection can be protected after the identity card reading terminal is accessed, and a card searching request is sent to the scheduling server after the identity card is searched; in an optional implementation manner of this embodiment, to ensure data transmission security, after allowing the access of the id card reading terminal, the scheduling server may establish a secure channel with the id card reading terminal, for example, negotiate a transmission key with the id card reading terminal, and after finding an id card, the id card reading terminal may send a card finding request to the scheduling server through the secure channel, that is, encrypt the card finding request by using the transmission key, and after receiving the encrypted card finding request, the scheduling server decrypts the card using the transmission key to obtain the card finding request, and allocates an authentication security control module to the id card reading terminal. Through this mode, can verify identity card reading terminal when identity card reading terminal access, to the identity card reading terminal of relative safety (for example, set up the identity card reading terminal at the bank), can adopt this kind of mode, can reduce the number of times of verifying to identity card reading terminal, raise the efficiency.
(2) The dispatching server receives an identity card request sent by an identity card reading terminal, and acquires identification information of the identity card reading terminal from the identity card request, wherein the identity card request carries a card searching request and the identification information of the identity card reading terminal. In the method, the scheduling server verifies the identity card once when the identity card reading terminal reads the identity card, the identity card reading terminal sends a card searching request to the network side after searching the identity card, and the scheduling server obtains the identification information of the identity card reading terminal after receiving the card searching request. By the mode, the identity card reading terminal can be verified when the identity card reading terminal reads one identity card every time, and for the identity card reading terminal which is relatively insecure (for example, the identity card reading terminal arranged at a personal merchant), the mode can be adopted to ensure the safety.
In an optional implementation of the embodiment of the present invention, the identification information of the identity card reading terminal may include: a digital certificate of an identity card reading terminal; the step of the scheduling server determining whether to allow the identification card reading terminal to read the identification card may include: judging whether the digital certificate of the identity card reading terminal is abnormal or not, if so, determining that the identity card reading terminal is not allowed to read the identity card, otherwise, judging whether the digital certificate of the identity card reading terminal is in a blacklist or a control list, wherein the blacklist records the digital certificate of the identity card reading terminal which is not allowed to read the identity card, and the control list records the digital certificate of the identity card reading terminal which is required to be controlled to read the identity card according to a preset control strategy; under the condition that the digital certificate of the identity card reading terminal is judged to be in the blacklist, the identity card reading terminal is not allowed to read the identity card, and the request of the identity card reading terminal is refused; and under the condition that the digital certificate of the identity card reading terminal is judged to be in the control list, judging whether the identity card reading terminal is allowed to read the identity card according to a preset control strategy.
Or, in another optional implementation manner of the embodiment of the present invention, the identification information of the identity card reading terminal may include: the serial number of the identity card reading terminal and the digital certificate of the identity card reading terminal; the scheduling server can judge whether the identity card reading terminal is allowed to read the identity card or not through the following modes: judging whether a digital certificate of an identity card reading terminal is abnormal or not, if so, determining that the identity card reading terminal is not allowed to read the identity card, otherwise, judging whether the digital certificate of the identity card reading terminal or a serial number of the identity card reading terminal is in a blacklist or a control list, wherein identification information of the identity card reading terminal which is not allowed to read the identity card is recorded in the blacklist, and identification information of the identity card reading terminal which needs to control the operation of reading the identity card according to a preset control strategy is recorded in the control list; under the condition that the digital certificate of the identity card reading terminal or the serial number of the identity card reading terminal is judged to be in the blacklist, the identity card reading terminal is not allowed to read the identity card, and the request of the identity card reading terminal is refused; and under the condition that the digital certificate of the identity card reading terminal or the serial number of the identity card reading terminal is judged to be in the control list, judging whether the identity card reading terminal is allowed to read the identity card according to a preset control strategy.
In the two optional embodiments, when the scheduling server determines whether the digital certificate of the identity card reading terminal is abnormal, the scheduling server may query the digital certificate for signature verification and the survival status of the digital certificate for encryption on the digital certificate status online query server, where the survival status includes: the device comprises a normal survival state and an abnormal survival state, wherein the abnormal survival state at least comprises one of the following states: certificate expiration, certificate freeze, and certificate blacklisting.
In the two optional embodiments, the blacklist and the control list may be set according to a preset rule and a card reading behavior of each identity card reading terminal.
Through the two optional implementation modes, whether the identity card reading terminal is allowed to read the identity card can be judged through the blacklist and the control name sheet, so that the attack of an illegal identity card reading terminal on a network side can be avoided, and the reading safety of the identity card is improved.
In an optional implementation scheme of the embodiment of the present invention, the blacklist stores identification information of an illegal id card reading terminal, for example, identification information of a missed id card reading terminal, identification information of an id card reading terminal with continuous occurrence of an anomaly, a serial number of an id card reading terminal exceeding a service life, identification information of an id card reading terminal occurring in a plurality of regions in a short time, and the like, and processing of a request thereof may bring a large risk. Optionally, the scheduling server may return a prompt message to prompt the user that the id card reading terminal has been added to the blacklist, so that the user can perform subsequent operations and problem solving.
In an optional implementation of the embodiment of the present invention, a specific control policy may be recorded in the control list, and when it is determined that the identification information of the identity card reading terminal is in the control list, the method includes, but is not limited to, determining whether to allow the identity card reading terminal to read the identity card in one of the following manners:
judging whether the identity card reading terminal is currently in an allowed position range or not according to a preset control strategy, if so, allowing the identity card reading terminal to read the identity card, otherwise, not allowing the identity card reading terminal to read the identity card and rejecting a request of the identity card reading terminal, wherein the preset control strategy records the allowed position range of the identity card reading terminal; that is, for some identity card reading terminals, the identity card reading terminals are only allowed to read the identity card within certain position ranges, and if the identity card reading terminals exceed the position ranges, the identity card is not allowed to read the identity card. For example, in a specific application, an identification card reading terminal applied by a bank client can only read an identification card at a bank outlet, and the identification card reading terminal is not allowed to read the identification card beyond the bank outlet. In this case, in this way, the identification card reading terminal can be located to determine the current position of the identification card reading terminal. By adopting the mode, the identity card reading terminal which is exclusively used in a certain place can be prevented from being stolen.
And (II) judging whether the current time is in a time range allowing the identity card reading terminal to read the identity card or not according to a preset control strategy, if so, allowing the identity card reading terminal to read the identity card, otherwise, not allowing the identity card reading terminal to read the identity card, and rejecting the request of the identity card reading terminal, wherein the preset control strategy records the time range allowing the identity card reading terminal to read the identity card. That is, for some identity card reading terminals, the identity card reading terminals are only allowed to read the identity card within some time periods, and the identity card reading terminals are not allowed to read the identity card beyond the time periods. For example, a railway system has only 7: 00-22: 00 ticket selling, therefore, the identity card reading terminals arranged in the railway system only allow the identity cards to be read in the time periods, so as to avoid the illegal use of the identity card reading terminals.
And (III) judging whether the historical card reading times of the identity card reading terminal exceed a preset time threshold value or not in a preset time period according to a preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration of the preset time period and the preset time threshold value. The method and the device limit the card reading times of the identity card reading terminal in a preset time period, and avoid the problem that the authentication security control module cannot work normally due to the fact that the same identity card reading terminal frequently reads cards in a short time to cause overload of the authentication security control module.
Judging whether the distance between the positions of two continuous card reading of the identity card reading terminal exceeds a preset distance or not in a preset time period according to a preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration and the preset distance of the preset time period; that is, for some id card reading terminals, it is not allowed to be used in a long distance, for example, the id card reading terminal distributed to a certain merchant is not allowed to be used in two places far away from each other, so as to avoid the theft of the user's id card reading terminal.
And (V) judging whether the time interval of continuous twice card reading of the identity card reading terminal exceeds a preset value or not according to a preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration of a preset time period and a preset distance. Namely, the card reading frequency of the identity card reading terminal is controlled, and the attack of the same identity card reading terminal on the authentication security control module caused by frequent card reading is avoided.
It should be noted that, although the above five manners are discussed separately, it is obvious to a person skilled in the art that two or more control policies may be set for the same identity card reading terminal at the same time, for example, for the same identity card reading terminal, only the identity card reading terminal is allowed to read an identity card within a certain position range for a certain period of time, and only when the requirements of the position and the time are met at the same time, the identity card reading terminal is allowed to read the identity card.
In an optional implementation of the embodiment of the present invention, after the dispatch server returns the identification information of the selected authentication security control module (for example, the identification information may be a network port of the selected authentication security control module) to the id card reading terminal, the dispatch server may send the received card searching request to the selected authentication security control module. In this case, each authentication security control module may be directly connected to each port of the dispatch server; or, after the scheduling server returns the identification information of the selected authentication security control module to the identity card reading terminal, the identity card reading terminal sends a card searching request to the selected authentication security control module according to the identification information of the selected authentication security control module. In this optional embodiment, the selected authentication security control module may obtain a card-searching request, where the card-searching request may be ciphertext data obtained by encrypting card-searching request data by using an own encryption key of the identity card reading terminal, and after receiving the card-searching request, the selected authentication security control module may decrypt the card-searching request by using the obtained encryption key of the identity card reading terminal, and send the decrypted card-searching request to the verification security control module correspondingly connected to the selected authentication security control module. The correspondingly connected verification safety control module confirms the received card searching request and sends confirmation information to the selected authentication safety control module; and the selected authentication security control module acquires the session key, encrypts the confirmation information by using the session key, and sends the encrypted confirmation information to the identity card reading terminal. It should be noted that, in this optional embodiment, in order to ensure that the data transmission security identification card reading terminal performs encrypted transmission on the card seeking request, the selected authentication security control module also performs encrypted transmission on the confirmation information, but if the transmission environment is secure, the confirmation information may not be encrypted, and this embodiment is not limited in particular.
In the above optional embodiment, the session key may be obtained by negotiation between the selected authentication security control module and the identity card reading terminal, or may be a random number directly generated by the selected authentication security control module, and if the session key is the random number generated by the selected authentication security control module, the selected authentication security control module may encrypt the random number using the encryption key of the identity card reading terminal, and send the encrypted random number and the encrypted confirmation information to the identity card reading terminal, so that the transmission security of the session key may be ensured.
In an optional implementation scheme of the embodiment of the invention, according to a normal identity card reading process, after receiving confirmation information of a card searching request, an identity card reading terminal executes a card selecting process, after selecting an identity card, the identity card reading terminal sends an encrypted card selecting request to a selected authentication security control module, the selected authentication security control module decrypts the encrypted card selecting request and sends the decrypted card selecting request to a corresponding authentication security control module, the authentication security control module responds to the card selecting request and sends response information to the selected authentication security control module, the selected authentication security control module encrypts the response information and sends the encrypted response information to the identity card reading terminal, and after receiving the response information, the identity card reading terminal sends identification information of the selected identity card to the selected authentication security control module. In this optional embodiment, the selected authentication security control module receives the encrypted identification information of the identification card, decrypts the encrypted identification information of the identification card, and returns the decrypted identification information of the identification card to the dispatch server. Accordingly, the method may further comprise: the scheduling server receives the identity card identification information returned by the selected authentication security control module, and judges whether to add the identification information of the identity card reading terminal into a blacklist or a control list at least according to the identity card identification information, the identification information of the identity card reading terminal and a preset strategy, for example, judges whether the card reading frequency of the identity card reading terminal exceeds a preset value, the identity card reading terminal frequently reads different identity cards and the like, so as to determine whether to add the identification information of the identity card reading terminal into the blacklist or the control list. In the optional implementation mode, the scheduling server can manage the identity card reading terminal according to a preset strategy, so that the blacklist and the control list can be dynamically updated, and the authentication security control module is further ensured not to be illegally attacked.
In an optional implementation of the embodiment of the present invention, after receiving the identification information of the identification card, the method may further include: the dispatching server judges whether the identification information of the identity card is in an identity card blacklist or not, if so, the dispatching server sends indication information to the selected authentication security control module to indicate that the identity card read by the identity card reading terminal is illegal, the selected authentication security control module can stop processing the current identity card reading process after receiving the indication information, and the selected authentication security control module can also send prompt information to the identity card reading terminal to prompt a user that the current identity card is illegal. The identity card blacklist includes illegal identity card identification information, such as identification information of a reported identity card, identification information of an identity card with continuous abnormality, identification information of an expired identity card, and the like. Alternatively, the identification information of the identity card may be a serial number of the identity card, i.e. a birth card of the identity card. Through the optional implementation mode, the illegal identity card can be identified, and reading of the illegal identity card is avoided.
In an optional implementation of the embodiment of the present invention, after the scheduling server selects one authentication security control module, the method may further include: and generating an authentication code, and respectively sending the authentication code to the identity card reading terminal and the authentication database (for example, the authentication code can be sent to the identity card reading terminal together with the identification information of the selected authentication security control module). The authentication code is stored in an authentication database, the authentication code having a validity period, and the authentication database deletes the authentication code when the validity period arrives. After receiving the authentication code, the identity card reading terminal carries the authentication code in a request sent to the network side in the subsequent process. For example, if the card-searching request needs to be sent to the selected authentication security control module after the identification information of the selected authentication security control module is received by the id card-reading terminal, the authentication code may be carried in the card-searching request, if the card-searching request is encrypted, the authentication code may be encrypted together and sent to the selected authentication security control module, after the selected authentication security control module receives the authentication code, whether the authentication code is included in the authentication database may be queried, if so, the subsequent processing is continued, and if not, the authentication code is invalid, and the request of the id card-reading terminal is rejected. Through the optional implementation mode, the scheduling server can control the access time of the identity card reading terminal through the effective time of the authentication code, and the problem that after the authentication security control module is selected for the identity card reading terminal, the identity card reading terminal does not initiate a card reading request for a long time, so that the authentication security control module is idle for a long time and cannot be allocated to other identity card reading terminals is solved.
In an optional implementation of the embodiment of the present invention, in order to ensure data security, the authentication security control module may be further authenticated. Thus, the method further comprises: when the selected authentication security control module is powered on, the scheduling server sends data to be signed to the selected authentication security control module; the dispatching server receives authentication data returned by the selected authentication security control module, wherein the authentication data comprises: the method comprises the steps that signature data obtained by signing data to be signed by using a signature private key of a selected authentication security control module, a signature public key certificate corresponding to the signature private key of the selected authentication security control module, and an encryption public key certificate of the selected authentication security control module are used; the dispatching server judges whether the signature public key certificate and the encryption public key certificate process abnormal states; under the condition that the signature public key certificate and the encryption public key certificate are judged not to be in an abnormal processing state, whether the signature public key certificate and the encryption public key certificate are distributed to the same identity card reading terminal is verified, if yes, whether signature data are correct is verified, if yes, identity authentication of the selected authentication security control module is passed, a protection key of an authentication database is encrypted, and then the encrypted protection key is sent to the selected authentication security control module; if the signature data is incorrect, the identity authentication of the selected authentication security module is not passed, and warning information is sent out.
In a specific application, the scheduling server may complete authentication of the authentication security control module in combination with the authorization server. Thus, in another alternative implementation, the method may further comprise: when the selected authentication security control module is powered on, the scheduling server sends data to be signed to the selected authentication security control module; the selected authentication security control module uses the signature private key to sign the data to be signed to obtain signature data, and returns authentication data comprising the signature data, a signature public key certificate corresponding to the signature private key and an encryption public key certificate of the selected authentication security control module to the scheduling server; the dispatching server receives the authentication data returned by the selected authentication security control module and judges whether the signature public key certificate and the encryption public key certificate process abnormal states or not; under the condition that the signature public key certificate and the encryption public key certificate are judged not to be in an abnormal processing state, sending the data to be signed and the authentication data to an authorization server; the authorization server verifies whether the signature public key certificate and the encryption public key certificate are distributed to the same identity card reading terminal through the connected authorization electronic signature equipment, if so, the authorization server verifies whether the signature data is correct, if so, the identity authentication of the selected authentication security control module is passed, otherwise, the identity authentication of the selected authentication security module is not passed; the authorization server encrypts a protection key of the authentication database through an authorization electronic signature device and sends the encrypted protection key to the scheduling server under the condition that the identity authentication of the selected authentication security control module passes; and issuing warning information under the condition that the identity authentication of the selected authentication security control module is not passed; the dispatching server sends the encrypted protection key of the authentication database to the selected authentication security control module; and the selected authentication security control module decrypts the encrypted protection key of the authentication database to obtain the protection key of the authentication database.
In the above embodiment, the dispatch server authenticates the selected authentication security control module through the authorization server, but is not limited thereto, and if the selected authentication security control module has a communication function, the authorization server may directly authenticate the selected authentication security control module. For authentication of the authentication security control module, reference may be made specifically to the description of embodiments 4 and 5.
In an alternative implementation of the embodiment of the invention, the method further comprises: after the dispatching server selects one authentication server, the working state of the selected authentication security control module stored in the authentication database is updated, so that the subsequent dispatching server can select according to the updated working state.
Example 3
The present embodiment provides a dispatch server applied to reading an identity card, and the dispatch server may be used as the dispatch server 102 in embodiment 1, and may also be used to implement the method described in embodiment 2.
Fig. 4 is a schematic structural diagram of a dispatch server applied to reading an identity card provided in this embodiment, as shown in fig. 4, the dispatch server mainly includes: a first obtaining module 401, configured to obtain identification information of an identity card reading terminal; the first judging module 402 is configured to judge whether the identity card reading terminal is allowed to read the identity card according to the identification information of the identity card reading terminal; a second obtaining module 403, configured to obtain, after receiving a card searching request sent by an identity card reading terminal, a working state of an authentication security control module in the jurisdiction range of the scheduling server from the authentication database, when it is determined that the identity card reading terminal is allowed to read the identity card; the scheduling module 404 is configured to select one authentication security control module according to a working state table of the authentication security control modules in the jurisdiction range of the scheduling server according to a principle of work task balance, and send identification information of the selected authentication security control module to the identity card reading terminal; a third obtaining module 405, configured to obtain a ciphertext of the encryption key of the identity card reading terminal from the authentication database according to the identification information of the identity card reading terminal, where the ciphertext is obtained by encrypting the encryption key of the identity card reading terminal using a protection key of the authentication database; a first sending module 406, configured to send data information to the selected authentication security control module, where the data information includes: and (4) the cipher text of the encryption key of the identity card reading terminal.
According to the scheduling method provided by the embodiment, when the identity card reading terminal searches for the identity card and sends the card searching request to the network side, the scheduling server firstly judges whether the identity card reading terminal is allowed to read the identity card or not after receiving the card searching request, and only under the condition that the identity card reading terminal is allowed to read the identity card, the authentication security control module is distributed to the identity card reading terminal, so that the attack of an illegal identity card reading terminal on the authentication security control module is avoided, and the identity card reading security is improved.
Optionally, the first obtaining module 401 may obtain the identification information of the identity card reading terminal by:
(1) receiving an access request sent by an identity card reading terminal, and acquiring identification information of the identity card reading terminal from the access request; or, when the identity card reading terminal is accessed to the network, sending an access request to the network side to request access, and the scheduling server obtaining the identification information of the identity card reading terminal according to the identification information of the identity card reading terminal carried in the access request; in an optional implementation manner of this embodiment, to ensure data transmission security, after allowing the access of the id card reading terminal, the scheduling server may establish a secure channel with the id card reading terminal, for example, negotiate a transmission key with the id card reading terminal, and after finding an id card, the id card reading terminal may send a card finding request to the scheduling server through the secure channel, that is, encrypt the card finding request by using the transmission key, and after receiving the encrypted card finding request, the scheduling server decrypts the card using the transmission key to obtain the card finding request, and allocates an authentication security control module to the id card reading terminal. Through this mode, can verify identity card reading terminal when identity card reading terminal access, to the identity card reading terminal of relative safety (for example, set up the identity card reading terminal at the bank), can adopt this kind of mode, can reduce the number of times of verifying to identity card reading terminal, raise the efficiency.
(2) And receiving an identity card request sent by the identity card reading terminal, and acquiring identification information of the identity card reading terminal from the identity card request, wherein the identity card request carries a card searching request and the identification information of the identity card reading terminal. In the method, the scheduling server verifies the identity card once when the identity card reading terminal reads the identity card, the identity card reading terminal sends a card searching request to the network side after searching the identity card, and the scheduling server obtains the identification information of the identity card reading terminal after receiving the card searching request. By the mode, the identity card reading terminal can be verified when the identity card reading terminal reads one identity card every time, and for the identity card reading terminal which is relatively insecure (for example, the identity card reading terminal arranged at a personal merchant), the mode can be adopted to ensure the safety.
Optionally, the identification information of the identity card reading terminal includes: a digital certificate of an identity card reading terminal; the first judging module 402 judges whether the identification card reading terminal is allowed to read the identification card by the following method: judging whether the digital certificate of the identity card reading terminal is abnormal or not, if so, determining that the identity card reading terminal is not allowed to read the identity card, otherwise, judging whether the digital certificate of the identity card reading terminal is in a blacklist or a control list, wherein the blacklist records the digital certificate of the identity card reading terminal which is not allowed to read the identity card, and the control list records the digital certificate of the identity card reading terminal which needs to control the operation of reading the identity card according to a preset control strategy; under the condition that the digital certificate of the identity card reading terminal is judged to be in the blacklist, the identity card reading terminal is not allowed to read the identity card, and the request of the identity card reading terminal is refused; and under the condition that the digital certificate of the identity card reading terminal is judged to be in the control list, judging whether the identity card reading terminal is allowed to read the identity card according to a preset control strategy.
Optionally, the identification information of the identity card reading terminal includes: the serial number of the identity card reading terminal and the digital certificate of the identity card reading terminal; the first judging module 402 judges whether the identification card reading terminal is allowed to read the identification card by the following method: judging whether a digital certificate of an identity card reading terminal is abnormal or not, if so, determining that the identity card reading terminal is not allowed to read the identity card, otherwise, judging whether the digital certificate of the identity card reading terminal or a serial number of the identity card reading terminal is in a blacklist or a control list, wherein identification information of the identity card reading terminal which is not allowed to read the identity card is recorded in the blacklist, and identification information of the identity card reading terminal which needs to control the operation of reading the identity card according to a preset control strategy is recorded in the control list; under the condition that the digital certificate of the identity card reading terminal or the serial number of the identity card reading terminal is judged to be in the blacklist, the identity card reading terminal is not allowed to read the identity card, and the request of the identity card reading terminal is refused; and under the condition that the digital certificate of the identity card reading terminal or the serial number of the identity card reading terminal is judged to be in the control list, judging whether the identity card reading terminal is allowed to read the identity card according to a preset control strategy.
In the two optional embodiments, when the scheduling server determines whether the digital certificate of the identity card reading terminal is abnormal, the scheduling server may query the digital certificate for signature verification and the survival status of the digital certificate for encryption on the digital certificate status online query server, where the survival status includes: the device comprises a normal survival state and an abnormal survival state, wherein the abnormal survival state at least comprises one of the following states: certificate expiration, certificate freeze, and certificate blacklisting.
In the two optional embodiments, the blacklist and the control list may be set according to a preset rule and a card reading behavior of each identity card reading terminal.
Through the two optional implementation modes, whether the identity card reading terminal is allowed to read the identity card can be judged through the blacklist and the control name sheet, so that the attack of an illegal identity card reading terminal on a network side can be avoided, and the reading safety of the identity card is improved.
In an optional implementation scheme of the embodiment of the present invention, the blacklist stores identification information of an illegal id card reading terminal, for example, identification information of a missed id card reading terminal, identification information of an id card reading terminal with continuous occurrence of an anomaly, a serial number of an id card reading terminal exceeding a service life, identification information of an id card reading terminal occurring in a plurality of regions in a short time, and the like, and processing of a request thereof may bring a large risk. Optionally, the scheduling server may return a prompt message to prompt the user that the id card reading terminal has been added to the blacklist, so that the user can perform subsequent operations and problem solving.
Optionally, the first determining module 402 determines whether to allow the identity card reading terminal to read the identity card according to a preset management and control policy by at least one of the following methods:
judging whether the identity card reading terminal is currently in an allowed access position range or not according to a preset control strategy, if so, allowing the identity card reading terminal to read the identity card, otherwise, not allowing the identity card reading terminal to read the identity card and rejecting a request of the identity card reading terminal, wherein the allowed access position range of the identity card reading terminal is recorded in the preset control strategy; that is, for some identity card reading terminals, the identity card reading terminals are only allowed to read the identity card within certain position ranges, and if the identity card reading terminals exceed the position ranges, the identity card is not allowed to read the identity card. For example, in a specific application, an identification card reading terminal applied by a bank client can only read an identification card at a bank outlet, and the identification card reading terminal is not allowed to read the identification card beyond the bank outlet. In this case, in this way, the identification card reading terminal can be located to determine the current position of the identification card reading terminal. By adopting the mode, the identity card reading terminal which is exclusively used in a certain place can be prevented from being stolen.
Judging whether the current time is within a time range allowing the identity card reading terminal to access according to a preset control strategy, if so, allowing the identity card reading terminal to read the identity card, otherwise, not allowing the identity card reading terminal to read the identity card, and rejecting a request of the identity card reading terminal, wherein the preset control strategy records the time range allowing the identity card reading terminal to access; that is, for some identity card reading terminals, the identity card reading terminals are only allowed to read the identity card within some time periods, and the identity card reading terminals are not allowed to read the identity card beyond the time periods. For example, a railway system has only 7: 00-22: 00 ticket selling, therefore, the identity card reading terminals arranged in the railway system only allow the identity cards to be read in the time periods, so as to avoid the illegal use of the identity card reading terminals.
Thirdly, judging whether the historical access times of the identity card reading terminal exceed a preset time threshold value or not in a preset time period according to a preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration of the preset time period and the preset time threshold value; the method and the device limit the card reading times of the identity card reading terminal in a preset time period, and avoid the problem that the authentication security control module cannot work normally due to the fact that the same identity card reading terminal frequently reads cards in a short time to cause overload of the authentication security control module.
Judging whether the distance between the access positions accessed by the identity card reading terminal for two times continuously exceeds a preset distance or not in a preset time period according to a preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration and the preset distance of the preset time period; that is, for some id card reading terminals, it is not allowed to be used in a long distance, for example, the id card reading terminal distributed to a certain merchant is not allowed to be used in two places far away from each other, so as to avoid the theft of the user's id card reading terminal.
And (V) judging whether the time interval of two continuous accesses of the identity card reading terminal exceeds a preset value or not according to a preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration of a preset time period and a preset distance. Namely, the card reading frequency of the identity card reading terminal is controlled, and the attack of the same identity card reading terminal on the authentication security control module caused by frequent card reading is avoided.
It should be noted that, although the above five manners are discussed separately, it is obvious to a person skilled in the art that two or more control policies may be set for the same identity card reading terminal at the same time, for example, for the same identity card reading terminal, only the identity card reading terminal is allowed to read the identity card within a certain position range for a certain period of time, and only when the first determining module 402 determines that the requirements of the position and the time are met at the same time, the identity card reading terminal is allowed to read the identity card.
Optionally, the scheduling server may further include: the first receiving module is used for receiving the identification information of the identity card returned by the authentication security control module; and the second judgment module is used for judging whether to add the identity card reading terminal into a blacklist or a control list at least according to the identity card identification information, the identification information of the identity card reading terminal and a preset strategy. For example, whether the card reading frequency of the identity card reading terminal exceeds a predetermined value, whether the identity card reading terminal frequently reads different identity cards, and the like are judged, so that whether the identification information of the identity card reading terminal is added to a blacklist or a control list is determined. In the optional implementation mode, the scheduling server can manage the identity card reading terminal according to a preset strategy, so that the blacklist and the control list can be dynamically updated, and the authentication security control module is further ensured not to be illegally attacked.
Optionally, the scheduling server may further include: the third judging module is used for judging whether the identification information of the identity card is in the blacklist of the identity card; and the second sending module is used for sending indication information to the selected authentication security control module under the condition of judging that the identification information of the identity card is in the blacklist of the identity card, and indicating that the identity card read terminal reads the identity card illegally. After the selected authentication security control module receives the indication information, the current identity card reading process can be stopped to be processed, and the selected authentication security control module can also send prompt information to the identity card reading terminal to prompt a user that the current identity card is illegal. The identity card blacklist includes illegal identity card identification information, such as identification information of a reported identity card, identification information of an identity card with continuous abnormality, identification information of an expired identity card, and the like. Alternatively, the identification information of the identity card may be a serial number of the identity card, i.e. a birth card of the identity card. Through the optional implementation mode, the illegal identity card can be identified, and reading of the illegal identity card is avoided.
Optionally, the data information further includes: and (5) card searching request. That is, after the dispatch server returns the identification information of the selected authentication security control module (for example, the network port of the selected authentication security control module) to the id card reading terminal, the dispatch server may send the received card searching request to the selected authentication security control module. In this case, each authentication security control module may be directly connected to each port of the scheduling server
Optionally, the scheduling server may further include: and the third sending module is used for generating an authentication code and sending the authentication code to the identity card reading terminal and the authentication database respectively (for example, the authentication code can be sent to the identity card reading terminal together with the identification information of the selected authentication security control module). The authentication code is stored in an authentication database, the authentication code having a validity period, and the authentication database deletes the authentication code when the validity period arrives. After receiving the authentication code, the identity card reading terminal carries the authentication code in a request sent to the network side in the subsequent process. For example, if the card-searching request needs to be sent to the selected authentication security control module after the identification information of the selected authentication security control module is received by the id card-reading terminal, the authentication code may be carried in the card-searching request, if the card-searching request is encrypted, the authentication code may be encrypted together and sent to the selected authentication security control module, after the selected authentication security control module receives the authentication code, whether the authentication code is included in the authentication database may be queried, if so, the subsequent processing is continued, and if not, the authentication code is invalid, and the request of the id card-reading terminal is rejected. Through the optional implementation mode, the scheduling server can control the access time of the identity card reading terminal through the effective time of the authentication code, and the problem that after the authentication security control module is selected for the identity card reading terminal, the identity card reading terminal does not initiate a card reading request for a long time, so that the authentication security control module is idle for a long time and cannot be allocated to other identity card reading terminals is solved.
Optionally, in order to ensure data security, the authentication security control module may also be authenticated. Therefore, the scheduling server may further include: the fourth sending module is used for sending the data to be signed to the selected authentication security control module when the selected authentication security control module is powered on; a second receiving module, configured to receive authentication data returned by the selected authentication security control module, where the authentication data includes: the method comprises the steps that signature data obtained by signing data to be signed by using a signature private key of a selected authentication security control module, a signature public key certificate corresponding to the signature private key of the selected authentication security control module, and an encryption public key certificate of the selected authentication security control module are used; the first verification module is used for judging whether the signature public key certificate and the encryption public key certificate process abnormal states or not; the second verification module is used for verifying whether the signature public key certificate and the encryption public key certificate are distributed to the same identity card reading terminal under the condition that the signature public key certificate and the encryption public key certificate are judged not to be in an abnormal processing state, and if so, verifying whether signature data are correct; the fourth sending module is used for determining that the identity authentication of the selected authentication security control module passes under the condition that the signature public key certificate and the encrypted public key certificate are distributed to the same identity card reading terminal and the signature data are correct, encrypting the protection key of the authentication database and then sending the encrypted protection key to the selected authentication security control module; and the warning module is used for determining that the identity authentication of the selected authentication security module fails and sending warning information under the condition that the signature public key certificate and the encrypted public key certificate are not distributed to the same identity card reading terminal and/or the signature data are incorrect.
Example 4
In this embodiment, the dispatch server cooperates with the authorization server to authenticate the authentication security control module and send a protection key of the authentication database to the authentication security control module after the authentication is passed. As shown in fig. 5, the method includes the following steps S501 to S505:
s501: the authentication security control module sends authentication data to the scheduling server, wherein the authentication data at least comprises: the authentication security control module signs the data to be signed to obtain signature data, a digital certificate for signature verification and a digital certificate for encryption;
in this embodiment, as an optional implementation manner in this embodiment, the authentication security control module may be a security chip, and the security chip (for example, Z8D64U (national security code SSX43) and Z32 (national security code SSX20) of national technologies, ltd) has a separate processor and storage unit inside, and may store a PKI digital certificate and a corresponding private key, and other characteristic data, and performs encryption and decryption operations on the data to provide data encryption and identity security authentication services for users, and protect business privacy and data security, so in this embodiment, the authentication security control module stores therein a digital certificate for signature verification and a digital certificate for encryption, and a corresponding private key, where, for the former, the authentication security control module may sign data to be signed by using the private key corresponding to the digital certificate for signature verification to obtain signature data, the authorization server can utilize the public key of the digital certificate for signature verification to verify the signature of the signature data so as to realize the identity authentication of the authentication security control module by the authorization server and ensure the validity of the authentication security control module; for the latter, the authorization server may encrypt the protection key of the authentication database with the public key of the digital certificate for encryption to generate a protection key ciphertext of the authentication database to implement ciphertext transmission, thereby ensuring the security of the transmission mode, and only the authentication security control module storing the private key corresponding to the digital certificate for encryption may decrypt the protection key ciphertext of the authentication database to obtain the protection key of the authentication database, so as to ensure the security of obtaining the protection key of the authentication database, and may prevent the protection key of the authentication database from being illegally stolen.
In this embodiment, the data to be signed may be generated by the authentication security control module, or may be generated by the authorization server. Therefore, as an optional implementation manner in this embodiment, the authentication data sent by the authentication security control module to the dispatch server further includes: data to be signed; the data to be signed at least comprises: the authentication security control module generates single authentication data, a digital certificate for signature verification, a digital certificate for encryption and an identity of the authentication security control module. The single authentication data is a random factor, and comprises a random number and/or a random event, so that repeated attacks are prevented, and the reliability of signature verification of the authorization server is increased through the combination of the multiple data to be signed; or, as to the latter, as another optional implementation manner in this embodiment, the data to be signed includes: the single authentication data generated by the authorization server and/or the identity of the authorization server, wherein the single authentication data is a random factor, including a random number and/or a random event, so as to prevent repeated attacks, and the reliability of signature verification of the authorization server is increased by the combination of the above multiple data to be signed; the single authentication data generated by the authorization server can be forwarded to the authentication security control module through the scheduling server, and the authentication security control module can utilize a private key corresponding to the digital certificate for signature verification to sign the data to be signed to obtain signature data so that the authorization server can verify the signature.
S502: the dispatching server receives the authentication data sent by the authentication security control module, inquires the survival state of the digital certificate for signature verification and the digital certificate for encryption, and sends the authentication data to the authorization server if the survival state is a normal survival state;
in this embodiment, the authentication security control module can obtain the protection key of the authentication database only through the dual authentication of the dispatch server and the authorization server. The dispatch server authenticates the authentication security control module by inquiring whether the survival state of the digital certificate for signature verification and the digital certificate for encryption is a normal survival state. As an optional implementation manner of this embodiment, the querying, by the dispatch server, the statuses of the digital certificate for verification and the digital certificate for encryption includes: the dispatching server inquires the survival status of the digital certificate used for signature verification and the digital certificate used for encryption on the digital certificate status online inquiry server, and the survival status comprises: normal survival state and abnormal survival state, the abnormal survival state at least includes one of the following: certificate expiration, certificate freeze, and certificate blacklisting. If the digital certificate is invalid, overdue, frozen or blacklisted, the authentication security control module is probably illegal equipment, and the scheduling server cannot send authentication data to the authorization server, so that the authentication security control module cannot obtain a protection key of the authentication database and cannot decrypt a ciphertext received from the identity card reading terminal, and therefore the attack of the illegal security control module on the verification security control module is prevented, and the legality of the authentication security control module is guaranteed through the authentication of the scheduling server.
S503: the authorization server judges whether the digital certificate for signature verification and the digital certificate for encryption belong to the same user, performs signature verification on signature data after judging that the digital certificate for signature verification and the digital certificate for encryption belong to the same user, and acquires a protection key of an authentication database after the signature verification is passed; encrypting the protection key of the authentication database to generate a protection key ciphertext of the authentication database, and sending the protection key ciphertext of the authentication database to the scheduling server;
in this embodiment, the authentication of the authentication security control module by the authorization server is implemented by determining whether the digital certificate for signature verification and the digital certificate for encryption belong to the same user, and verifying the signature data by using the digital certificate for signature verification. As an optional implementation manner in this embodiment, the determining, by the authorization server, whether the digital certificate used for verification and the digital certificate used for encryption belong to the same user includes: and the authorization server judges whether the digital certificate for signature verification and the digital certificate for encryption belong to the same user according to the user attribution information carried by the digital certificate for signature verification and the digital certificate for encryption respectively.
The User attribution information refers to information that can identify a User identity, such as a User Identification (UID) and the like, and if the User attribution information carried by the two digital certificates is the same, it indicates that the two digital certificates belong to the same User. In practical application, the digital certificate for signature verification and the digital certificate for encryption should be applied by the same user on a third-party authentication platform, because once the signature data of the user is verified and used by the authorization server, the user can decrypt the protection key ciphertext of the authentication database received from the authorization server with the digital certificate for encryption to obtain the protection key of the authentication database, in order to prevent an illegal user from stealing a digital certificate for signature verification of another user or stealing a digital certificate for encryption of another user, in this embodiment, the authorization server 50 needs to determine whether the two digital certificates belong to the same user before verifying and signing the signature data, and if the two digital certificates belong to the same user, at least the situation of illegally stealing the digital certificate can be eliminated.
In addition, the signature data received by the authorization server is signature data obtained by the authentication security control module by signing the data to be signed by using a private key corresponding to the digital certificate for signature verification, so that the authorization server can verify the signature of the signature data by using the public key of the digital certificate for signature verification.
Therefore, only through the double authentication of the scheduling server and the authorization server, the authentication security control module can obtain the protection key of the authentication database, and the security of the authentication security control module for obtaining the protection key of the authentication database is ensured.
As an optional implementation manner of this embodiment, the authorization server may encrypt the protection key of the authentication database by using the public key of the digital certificate for encryption to generate a protection key ciphertext of the authentication database, and as another optional implementation manner of this embodiment, the authorization server may also generate a random key, encrypt the protection key of the authentication database by using the random key, encrypt the random key by using the public key of the digital certificate for encryption, and send the encrypted random key and the protection key ciphertext of the authentication database to the scheduling server together; in this embodiment, since the authentication security control module sends the digital certificate used for encryption to the authorization server, the authorization server encrypts the protection key of the authentication database by using the public key of the digital certificate in the above-mentioned manner and then transmits the encrypted protection key to the authentication security control module, ciphertext transmission is realized, and the security of data transmission is ensured.
S504: the dispatching server sends the protection key ciphertext of the authentication database to the authentication security control module;
in specific implementation, when the authentication security control module is a security chip without a communication interface, the scheduling server is required to forward data. Moreover, the authentication security control module is only connected and communicated with the dispatching server, but not connected and communicated with other external equipment, only receives data sent by the dispatching server, and further the dispatching server keeps unsafe data out of the authentication security control module, so that the security of the authentication security control module is guaranteed.
S505: the authentication security control module decrypts the protection key ciphertext of the authentication database to obtain the protection key of the authentication database, and stores the protection key of the authentication database in a random access memory of the authentication security control module.
Corresponding to the manner in which the authorization server generates the protection key ciphertext of the authentication database in step S503, the following implementation manner is exemplarily given by the authentication security control module decrypting the protection key ciphertext of the authentication database to obtain the protection key of the authentication database: and decrypting the protection key ciphertext of the authentication database by using the locally stored private key corresponding to the digital certificate for encryption to obtain the protection key of the authentication database, or decrypting the encrypted random key by using the locally stored private key corresponding to the digital certificate for encryption to obtain the random key, and decrypting the protection key ciphertext of the authentication database by using the random key to obtain the protection key of the authentication database. In this embodiment, since the authentication security control module sends the digital certificate used for encryption to the authorization server, the authorization server encrypts the protection key of the authentication database by using the public key of the digital certificate and then transmits the encrypted protection key to the authentication security control module, so as to realize ciphertext transmission and ensure the security of transmitted data, and only the authentication security control module having the private key corresponding to the digital certificate can decrypt the protection key ciphertext of the authentication database, even if the encrypted protection key is intercepted, the protection key ciphertext of the authentication database cannot be decrypted because the private key is not stored, thereby further ensuring the security of the protection key of the authentication database.
And the authentication security control module decrypts the protection key of the authentication database and stores the protection key in the random access memory RAM instead of the FLASH, so that the protection key of the authentication database is deleted once the power is off, and when the authentication security control module is powered on again, the step of obtaining the protection key of the authentication database needs to be executed again, thereby ensuring that the protection key of the authentication database cannot be continuously occupied by one authentication security control module in hardware and is more difficult to intercept.
According to the key obtaining method provided by the embodiment, in order to keep all illegal attack events outside the verification security control module, the authentication security control module can obtain the protection key of the authentication database from the authorization server after passing the authentication of the scheduling server and the authorization server, so that the authentication security control module in the transmission system of the identity card information can decrypt the transmission key ciphertext of the identity card reading terminal by using the protection key of the authentication database to obtain the transmission key, and the authentication security control module can decrypt the ciphertext sent by the identity card reading terminal only by obtaining the transmission key, thereby ensuring the security of the data sent to the verification security control module by the authentication security control module.
Example 5
In this embodiment, the authorization server directly authenticates the authentication security control module and sends a protection key of the authentication database to the authentication security control module after the authentication is passed. As shown in fig. 6, the method includes the following steps S601 to S604:
s601: the authentication security control module sends authentication data to the authorization server, wherein the authentication data at least comprises: the authentication security control module signs the data to be signed to obtain signature data, a digital certificate for signature verification and a digital certificate for encryption;
in this embodiment, as an optional implementation manner in this embodiment, the authentication security control module may be a security chip, and the security chip (for example, Z8D64U (national security code SSX43) and Z32 (national security code SSX20) of national technologies, ltd) has a separate processor and storage unit inside, and may store a PKI digital certificate and a corresponding private key, and other characteristic data, and performs encryption and decryption operations on the data to provide data encryption and identity security authentication services for users, and protect business privacy and data security, so in this embodiment, the authentication security control module stores therein a digital certificate for signature verification and a digital certificate for encryption, and a corresponding private key, where, for the former, the authentication security control module may sign data to be signed by using the private key corresponding to the digital certificate for signature verification to obtain signature data, the authorization server can utilize the public key of the digital certificate for signature verification to verify the signature of the signature data so as to realize the identity authentication of the authentication security control module by the authorization server and ensure the validity of the authentication security control module; for the latter, the authorization server may encrypt the protection key of the authentication database with the public key of the digital certificate for encryption to generate a protection key ciphertext of the authentication database to implement ciphertext transmission, thereby ensuring the security of the transmission mode, and only the authentication security control module storing the private key corresponding to the digital certificate for encryption may decrypt the protection key ciphertext of the authentication database to obtain the protection key of the authentication database, so as to ensure the security of obtaining the protection key of the authentication database, and may prevent the protection key of the authentication database from being illegally stolen.
In this embodiment, the data to be signed may be generated by the authentication security control module, or may be generated by the authorization server. Therefore, as an optional implementation manner in this embodiment, the sending, by the authentication security control module, the authentication data to the authorization server further includes: data to be signed; the data to be signed at least comprises: the authentication security control module generates single authentication data, a digital certificate for signature verification, a digital certificate for encryption and an identity of the authentication security control module. The single authentication data is a random factor, and comprises a random number and/or a random event, so that repeated attacks are prevented, and the reliability of signature verification of the authorization server is increased through the combination of the multiple data to be signed; or, as to the latter, as another optional implementation manner in this embodiment, the data to be signed includes: the single authentication data generated by the authorization server and/or the identity of the authorization server, wherein the single authentication data is a random factor, including a random number and/or a random event, so as to prevent repeated attacks, and the reliability of signature verification of the authorization server is increased by the combination of the above multiple data to be signed; the single authentication data generated by the authorization server can be forwarded to the authentication security control module through the authorization server, and the authentication security control module can utilize a private key corresponding to the digital certificate for signature verification to sign the data to be signed to obtain signature data so that the authorization server can verify the signature.
S602: the authorization server receives the authentication data sent by the authentication security control module, and inquires the survival state of the digital certificate for signature verification and the digital certificate for encryption, if the survival state is a normal survival state, the step S603 is executed;
in this embodiment, the authentication security control module can obtain the protection key of the authentication database only through the authentication of the authorization server. The authentication of the authentication security control module by the authorization server comprises the following steps: the authentication of the validity of the digital certificate authenticating the security control module and the authentication of the legitimacy of the digital certificate authenticating the security control module.
The authentication of the authentication security control module by the authorization server is realized by inquiring whether the survival state of the digital certificate for signature verification and the digital certificate for encryption is a normal survival state or not. As an optional implementation manner of this embodiment, the querying, by the authorization server, states of the digital certificate for verification and the digital certificate for encryption includes: the authorization server inquires the digital certificate for signature verification and the survival state of the digital certificate for encryption on the digital certificate state online inquiry server, wherein the survival state comprises the following steps: normal survival state and abnormal survival state, the abnormal survival state at least includes one of the following: certificate expiration, certificate freeze, and certificate blacklisting. If the digital certificate is invalid, overdue, frozen or blacklisted, it indicates that the authentication security control module is probably illegal equipment, and the authorization server will not send the authentication data to the authorization server, so the authentication security control module cannot obtain the protection key of the authentication database, and cannot decrypt the ciphertext received from the identity card reading terminal, thereby preventing the illegal security control module from attacking the authentication security control module, and thus, the validity of the authentication security control module is ensured through the authentication of the authorization server.
S603: the authorization server judges whether the digital certificate for signature verification and the digital certificate for encryption belong to the same user, performs signature verification on signature data after judging that the digital certificate for signature verification and the digital certificate for encryption belong to the same user, and acquires a protection key of an authentication database after the signature verification is passed; encrypting the protection key of the authentication database to generate a protection key ciphertext of the authentication database, and sending the protection key ciphertext of the authentication database to the authentication security control module;
in this embodiment, the authorization server authenticates the validity of the digital certificate authenticating the security control module by determining whether the digital certificate for verification and the digital certificate for encryption belong to the same user and verifying the signature data using the digital certificate for verification. As an optional implementation manner in this embodiment, the determining, by the authorization server, whether the digital certificate used for verification and the digital certificate used for encryption belong to the same user includes: and the authorization server judges whether the digital certificate for signature verification and the digital certificate for encryption belong to the same user according to the user attribution information carried by the digital certificate for signature verification and the digital certificate for encryption respectively, and if so, determines that the digital certificate for signature verification and the digital certificate for encryption belong to the same user.
The User attribution information refers to information that can identify a User identity, such as a User Identification (UID) and the like, and if the User attribution information carried by the two digital certificates is the same, it indicates that the two digital certificates belong to the same User. In practical application, the digital certificate for verification and the digital certificate for encryption should be applied by the same user at a third-party authentication platform, because once the signature data of the user is verified by the authorization server, the user can decrypt the protection key ciphertext of the authentication database received from the authorization server by using the private key corresponding to the digital certificate for encryption to obtain the protection key of the authentication database, in order to prevent the illegal user from stealing the digital certificate for verification or stealing the digital certificate for encryption of another person, in the embodiment, the authorization server needs to determine whether the two digital certificates belong to the same user before verifying the signature of the signature data, if the two digital certificates belong to the same user, the two digital certificates can be ensured to belong to the same user at least, and the condition of illegally stealing the digital certificates is eliminated.
In addition, the signature data received by the authorization server is signature data obtained by the authentication security control module by signing the data to be signed by using a private key corresponding to the digital certificate for signature verification, so that the authorization server can verify the signature of the signature data by using the public key of the digital certificate for signature verification.
Therefore, only through the double authentication of the validity and the legality of the digital certificate by the authorization server, the authentication security control module can obtain the protection key of the authentication database, and the security of the authentication security control module for obtaining the protection key of the authentication database is ensured.
As an optional implementation manner of this embodiment, the authorization server may encrypt the protection key of the authentication database by using the public key of the digital certificate for encryption to generate a protection key ciphertext of the authentication database, and of course, as another optional implementation manner of this embodiment, the authorization server 50 may also generate a random key, encrypt the protection key of the authentication database by using the random key, encrypt the random key by using the public key of the digital certificate for encryption, and send the encrypted random key and the protection key ciphertext of the authentication database to the authorization server together; in this embodiment, since the authentication security control module 30 sends the digital certificate used for encryption to the authorization server, the authorization server encrypts the protection key of the authentication database by using the public key of the digital certificate in the above-mentioned manner and then transmits the encrypted protection key to the authentication security control module, so as to realize ciphertext transmission and ensure the security of transmitted data, only the authentication security control module having the private key corresponding to the digital certificate can decrypt the protection key ciphertext of the authentication database, and even if the encrypted protection key ciphertext is intercepted, the protection key ciphertext of the authentication database cannot be decrypted because the private key is not stored, thereby further ensuring the security of the protection key of the authentication database.
S604: the authentication security control module decrypts the protection key ciphertext of the authentication database to obtain the protection key of the authentication database, and stores the protection key of the authentication database in a random access memory of the authentication security control module.
Corresponding to the manner in which the authorization server generates the protection key ciphertext of the authentication database in step S603, the following implementation manner is exemplarily given by the authentication security control module decrypting the protection key ciphertext of the authentication database to obtain the protection key of the authentication database: and decrypting the protection key ciphertext of the authentication database by using the locally stored private key corresponding to the digital certificate for encryption to obtain the protection key of the authentication database, or decrypting the encrypted random key by using the locally stored private key corresponding to the digital certificate for encryption to obtain the random key, and decrypting the protection key ciphertext of the authentication database by using the random key to obtain the protection key of the authentication database. In this embodiment, since the authentication security control module sends the digital certificate used for encryption to the authorization server, the authorization server encrypts the protection key of the authentication database by using the public key of the digital certificate and then transmits the encrypted protection key to the authentication security control module, so as to realize ciphertext transmission and ensure the security of transmitted data, and only the authentication security control module having the private key corresponding to the digital certificate can decrypt the protection key ciphertext of the authentication database, even if the encrypted protection key is intercepted, the protection key ciphertext of the authentication database cannot be decrypted because the private key is not stored, thereby further ensuring the security of the protection key of the authentication database.
And the authentication security control module decrypts the protection key of the authentication database and stores the protection key in the random access memory RAM instead of the FLASH, so that the protection key of the authentication database is deleted once the power is off, and when the authentication security control module is powered on again, the step of obtaining the protection key of the authentication database needs to be executed again, thereby ensuring that the protection key of the authentication database cannot be continuously occupied by one authentication security control module in hardware and is more difficult to intercept.
According to the key obtaining method provided by the embodiment, in order to keep all illegal attack events outside the verification security control module, the authentication security control module can obtain the protection key of the authentication database from the authorization server after passing the authentication of the authorization server and the authorization server, so that the authentication security control module in the transmission system of the identity card information can decrypt the transmission key ciphertext of the identity card reading terminal by using the protection key of the authentication database to obtain the transmission key, and the authentication security control module can decrypt the ciphertext sent by the identity card reading terminal only by obtaining the transmission key, thereby ensuring the security of the data sent to the verification security control module by the authentication security control module.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (14)
1. A dispatch system for reading an identification card, comprising: the system comprises an authentication database, a scheduling server and n authentication security control modules, wherein n is an integer greater than or equal to 1, and the authentication database comprises:
the authentication database is used for storing working states of all the authentication security control modules in the system and ciphertext of an encryption key of each identity card reading terminal in the system, wherein the ciphertext of the encryption key of each identity card reading terminal is obtained by encrypting the encryption key of each identity card reading terminal by using a protection key of the authentication database;
the dispatch server is configured to:
acquiring identification information of an identity card reading terminal, and judging whether the identity card reading terminal is allowed to read the identity card or not according to the identification information of the identity card reading terminal;
under the condition that the identity card reading terminal is allowed to read the identity card, after a card searching request sent by the identity card reading terminal is received, the working state of an authentication security control module in the jurisdiction range of the scheduling server is obtained from the authentication database;
selecting one authentication security control module according to the working state of each authentication security control module in the jurisdiction range of the scheduling server, and sending the identification information of the selected authentication security control module to the identity card reading terminal;
acquiring a ciphertext of an encryption key of the identity card reading terminal from the authentication database according to the identification information of the identity card reading terminal, wherein the ciphertext is obtained by encrypting the encryption key of the identity card reading terminal by using a protection key of the authentication database;
sending data information to the selected authentication security control module, wherein the data information comprises: the cipher text of the encryption key of the identity card reading terminal;
and the selected authentication security control module is used for receiving data information, decrypting the ciphertext of the encryption key of the identity card reading terminal by using the protection key of the authentication database, and obtaining the encryption key of the identity card reading terminal.
2. The system of claim 1, wherein the dispatch server obtains identification information of the identification card reading terminal by:
the scheduling server receives an access request sent by the identity card reading terminal and acquires identification information of the identity card reading terminal from the access request; or,
and the scheduling server receives an identity card request sent by the identity card reading terminal and acquires identification information of the identity card reading terminal from the identity card request, wherein the identity card request carries the card searching request and the identification information of the identity card reading terminal.
3. The system of claim 1, wherein the identification information of the identity card reading terminal comprises: the digital certificate of the identity card reading terminal; the scheduling server judges whether the identity card reading terminal is allowed to read the identity card or not through the following modes:
judging whether the digital certificate of the identity card reading terminal is abnormal or not, if so, determining that the identity card reading terminal is not allowed to read the identity card, otherwise, judging whether the digital certificate of the identity card reading terminal is in a blacklist or a control list, wherein the blacklist records the digital certificate of the identity card reading terminal which is not allowed to read the identity card, and the control list records the digital certificate of the identity card reading terminal which is required to be controlled to read the identity card according to a preset control strategy;
under the condition that the digital certificate of the identity card reading terminal is judged to be in the blacklist, the identity card reading terminal is not allowed to read the identity card, and the request of the identity card reading terminal is rejected;
and under the condition that the digital certificate of the identity card reading terminal is judged to be in the control list, judging whether the identity card reading terminal is allowed to read the identity card according to the preset control strategy.
4. The system of claim 1, wherein the identification information of the identity card reading terminal comprises: the serial number of the identity card reading terminal and the digital certificate of the identity card reading terminal; the scheduling server judges whether the identity card reading terminal is allowed to read the identity card or not through the following modes:
judging whether the digital certificate of the identity card reading terminal is abnormal or not, if so, determining that the identity card reading terminal is not allowed to read the identity card, otherwise, judging whether the digital certificate of the identity card reading terminal or the serial number of the identity card reading terminal is in a blacklist or a control list, wherein the blacklist records identification information of the identity card reading terminal which is not allowed to read the identity card, and the control list records identification information of the identity card reading terminal which needs to control the operation of reading the identity card according to a preset control strategy;
under the condition that the digital certificate of the identity card reading terminal or the serial number of the identity card reading terminal is judged to be in the blacklist, the identity card reading terminal is not allowed to read the identity card, and the request of the identity card reading terminal is rejected;
and under the condition that the digital certificate of the identity card reading terminal or the serial number of the identity card reading terminal is judged to be in the control list, judging whether the identity card reading terminal is allowed to read the identity card according to the preset control strategy.
5. The system according to claim 3 or 4, wherein in a case that the identification information of the identity card reading terminal is determined to be in the control list, whether the identity card reading terminal is allowed to read the identity card is determined at least according to one of the following manners:
judging whether the identity card reading terminal is currently in an allowed position range or not according to the preset control strategy, if so, allowing the identity card reading terminal to read the identity card, otherwise, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, wherein the preset control strategy records the allowed position range of the identity card reading terminal;
judging whether the current time is within a time range allowing the identity card reading terminal to read the identity card or not according to the preset control strategy, if so, allowing the identity card reading terminal to read the identity card, otherwise, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, wherein the preset control strategy records the time range allowing the identity card reading terminal to read the identity card;
judging whether the historical card reading times of the identity card reading terminal exceed a preset time threshold value or not in a preset time period according to the preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration of the preset time period and the preset time threshold value;
judging whether the distance between the positions of two consecutive card readings of the identity card reading terminal exceeds a preset distance or not within a preset time period according to the preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration of the preset time period and the preset distance;
and judging whether the time interval of continuous twice card reading of the identity card reading terminal exceeds a preset value or not according to the preset control strategy, if so, not allowing the identity card reading terminal to read the identity card and rejecting the request of the identity card reading terminal, otherwise, allowing the identity card reading terminal to read the identity card, wherein the preset control strategy records the duration of a preset time period and the preset distance.
6. The system of claim 3 or 4,
the selected authentication security control module is also used for receiving the encrypted identification card identification information, decrypting the encrypted identification card identification information and returning the decrypted identification card identification information to the dispatching server;
the dispatching server is further configured to determine whether to add the identification information of the identity card reading terminal to the blacklist or the management and control list at least according to the identification information of the identity card, the identification information of the identity card reading terminal, and a preset policy.
7. The system according to claim 6, wherein the scheduling server is further configured to determine whether the identification information of the identity card is in an identity card blacklist, and if so, send indication information to the selected authentication security control module to indicate that the identity card currently read by the identity card reading terminal is illegal.
8. The system of any one of claims 1 to 7, further comprising: the system comprises n authentication safety control modules, wherein one authentication safety control module is correspondingly connected with one verification safety control module, and the verification safety control modules connected with different authentication safety control modules are different;
the selected authentication security control module is further configured to obtain the card searching request, where the card searching request is ciphertext data obtained by encrypting with an encryption key of the identity card reading terminal; decrypting the card searching request by using the encryption key of the identity card reading terminal, and sending the decrypted card searching request to a correspondingly connected verification security control module;
the correspondingly connected verification safety control module is used for confirming the receipt of the card searching request and sending confirmation information to the selected authentication safety control module;
and the selected authentication security control module is also used for acquiring a session key, encrypting the confirmation information by using the session key and sending the encrypted confirmation information to the identity card reading terminal.
9. The system according to any one of claims 1 to 7, wherein the dispatch server is further configured to generate an authentication code after selecting an authentication security control module, and to send the authentication code to the identification card reading terminal and the authentication database, respectively.
10. The system according to any one of claims 1 to 7, further comprising an authorization server, wherein,
the scheduling server is further used for sending data to be signed to the selected authentication security control module when the selected authentication security control module is powered on;
the selected authentication security control module is also used for signing the data to be signed by using a signature private key to obtain signature data, and returning the authentication data comprising the signature data, a signature public key certificate corresponding to the signature private key and an encrypted public key certificate of the selected authentication security control module to the scheduling server;
the dispatching server is also used for receiving the authentication data returned by the selected authentication security control module and judging whether the signature public key certificate and the encryption public key certificate are in abnormal states or not;
under the condition that the signature public key certificate and the encryption public key certificate are judged not to be in an abnormal processing state, the data to be signed and the authentication data are sent to the authorization server;
the authorization server is used for verifying whether the signature public key certificate and the encrypted public key certificate are distributed to the same identity card reading terminal through a connected authorization electronic signature device, if so, verifying whether the signature data are correct, if so, passing the identity authentication of the selected authentication security control module, otherwise, failing to pass the identity authentication of the selected authentication security module;
the authorization server is further used for encrypting the protection key of the authentication database through the authorization electronic signature device and then sending the encrypted protection key to the scheduling server under the condition that the identity authentication of the selected authentication security control module passes; and issuing warning information under the condition that the identity authentication of the selected authentication security control module is not passed;
the dispatching server is also used for sending the encrypted protection key of the authentication database to the selected authentication security control module;
the selected authentication security control module is further configured to decrypt the encrypted protection key of the authentication database to obtain the protection key of the authentication database.
11. The system of claim 10, wherein the selected authentication security control module is further configured to store the obtained protection key of the authentication database in a RAM, and prohibit the protection key of the authentication database from being saved in a flash.
12. The system according to any one of claims 1 to 11, wherein the dispatch server is further configured to update the operating status of the selected authentication security control module stored in the authentication database after selecting an authentication server.
13. The system according to any one of claims 1 to 12, wherein the dispatch server is further configured to command to turn on or off a part of the authentication security control modules according to the current operating status of all the authentication security control modules in the system.
14. The system according to any one of claims 1 to 13, wherein the dispatch server is further configured to monitor an operating state of each authentication security control in real time, and output an alarm message when monitoring that an authentication security control module is abnormal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610041590.1A CN105991649B (en) | 2016-01-21 | 2016-01-21 | A kind of scheduling system of reading identity card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610041590.1A CN105991649B (en) | 2016-01-21 | 2016-01-21 | A kind of scheduling system of reading identity card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105991649A true CN105991649A (en) | 2016-10-05 |
| CN105991649B CN105991649B (en) | 2019-10-01 |
Family
ID=57039916
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610041590.1A Active CN105991649B (en) | 2016-01-21 | 2016-01-21 | A kind of scheduling system of reading identity card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105991649B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108462681A (en) * | 2017-02-22 | 2018-08-28 | 中国移动通信集团公司 | A kind of communication means of heterogeneous network, equipment and system |
| CN112560008A (en) * | 2020-12-22 | 2021-03-26 | 中国农业银行股份有限公司 | External device authentication method, external device and device management system |
| CN115114492A (en) * | 2022-07-19 | 2022-09-27 | 壹亿互动(厦门)科技有限公司 | Epidemic prevention information query method, security module, system, equipment and program product |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201657022U (en) * | 2010-04-23 | 2010-11-24 | 朱杰 | Network type identity document check system |
| CN103593634A (en) * | 2013-11-08 | 2014-02-19 | 国家电网公司 | Network centralized decoding system and method of identity card identifier |
| CN103914913A (en) * | 2012-12-28 | 2014-07-09 | 北京握奇数据系统有限公司 | Intelligent card application scene recognition method and system |
| CN104639538A (en) * | 2015-01-15 | 2015-05-20 | 李明 | Identity card information obtaining method and system |
-
2016
- 2016-01-21 CN CN201610041590.1A patent/CN105991649B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201657022U (en) * | 2010-04-23 | 2010-11-24 | 朱杰 | Network type identity document check system |
| CN103914913A (en) * | 2012-12-28 | 2014-07-09 | 北京握奇数据系统有限公司 | Intelligent card application scene recognition method and system |
| CN103593634A (en) * | 2013-11-08 | 2014-02-19 | 国家电网公司 | Network centralized decoding system and method of identity card identifier |
| CN104639538A (en) * | 2015-01-15 | 2015-05-20 | 李明 | Identity card information obtaining method and system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108462681A (en) * | 2017-02-22 | 2018-08-28 | 中国移动通信集团公司 | A kind of communication means of heterogeneous network, equipment and system |
| CN108462681B (en) * | 2017-02-22 | 2020-12-29 | 中国移动通信集团公司 | Communication method, device and system of heterogeneous network |
| CN112560008A (en) * | 2020-12-22 | 2021-03-26 | 中国农业银行股份有限公司 | External device authentication method, external device and device management system |
| CN112560008B (en) * | 2020-12-22 | 2024-08-06 | 中国农业银行股份有限公司 | External device authentication method, external device and device management system |
| CN115114492A (en) * | 2022-07-19 | 2022-09-27 | 壹亿互动(厦门)科技有限公司 | Epidemic prevention information query method, security module, system, equipment and program product |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105991649B (en) | 2019-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105991650B (en) | A kind of transmission method and system of ID card information | |
| Chang et al. | An efficient and secure multi-server password authentication scheme using smart cards | |
| EP2677506B1 (en) | Smart lock structure and operating method thereof | |
| CN106027475B (en) | The transmission method and system of a kind of key acquisition method, ID card information | |
| US8719568B1 (en) | Secure delivery of sensitive information from a non-communicative actor | |
| TWI536285B (en) | Controlling method of physically secured authorization for utility applications, and authentication system for utility network | |
| CN106027467B (en) | A kind of identity card reading response system | |
| KR101753859B1 (en) | Server and method for managing smart home environment thereby, method for joining smart home environment and method for connecting communication session with smart device | |
| CN105488367B (en) | A kind of guard method, backstage and the system of SAM device | |
| US20120137132A1 (en) | Shared secret establishment and distribution | |
| CN106027473B (en) | Identity card card-reading terminal and cloud authentication platform data transmission method and system | |
| EP3422630B1 (en) | Access control to a network device from a user device | |
| CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
| CN101136748A (en) | Identification authentication method and system | |
| Dua et al. | Replay attack prevention in Kerberos authentication protocol using triple password | |
| RU2289218C2 (en) | System and method for controlling mobile terminal using digital signature | |
| CN105991649B (en) | A kind of scheduling system of reading identity card | |
| KR20180000220A (en) | Method providing secure message service and apparatus therefor | |
| CN106027477B (en) | A kind of identity card reading response method | |
| CN110519222A (en) | Outer net access identity authentication method and system based on disposable asymmetric key pair and key card | |
| CN103944721A (en) | Method and device for protecting terminal data security on basis of web | |
| CN105991648B (en) | A kind of dispatching method of reading identity card | |
| US11777720B2 (en) | Distributed anonymized compliant encryption management system | |
| CN107451647B (en) | Built-in safety mechanism's special SIM card of barracks | |
| CN106027471B (en) | Scheduling server applied to identity card reading |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |