CN106027249B - Identity card card reading method and system - Google Patents
Identity card card reading method and system Download PDFInfo
- Publication number
- CN106027249B CN106027249B CN201510765066.4A CN201510765066A CN106027249B CN 106027249 B CN106027249 B CN 106027249B CN 201510765066 A CN201510765066 A CN 201510765066A CN 106027249 B CN106027249 B CN 106027249B
- Authority
- CN
- China
- Prior art keywords
- electronic signature
- card
- signature equipment
- information
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention provides a kind of identity card card reading method and system, wherein the identity card card reading method includes: the card seeking response instruction that card reader receives the return of the first resident identification card;Card reader reads the configuration information of the first resident identification card;Card reader inquires in electronic signature equipment whether be stored with configuration information by external interface, in the case where electronic signature equipment does not have storage configuration information, is stored configuration information into electronic signature equipment by external interface;Card reader receives card reading instrument readers and obtains the encryption identity card information stored in resident identification card, and encryption identity card information is sent to electronic signature equipment;Electronic signature equipment encrypts configuration information and encryption identity card information using the first transmission key, obtains transmission ciphertext and is sent to card reader;Background server receives the transmission ciphertext of card reader transmission, and transmission ciphertext is decrypted using the second transmission key, obtains configuration information and encryption identity card information.
Description
Technical field
The present invention relates to a kind of electronic technology field more particularly to a kind of identity card card reading method and systems.
Background technique
In existing resident identification card card reading process, before the process for executing reading identity card, card seeking process is first executed,
It is seeking resident identification card and then is starting the process of execution reading identity card.
Wherein, card seeking process specifically includes that card reader cycles through card seeking instruction, when resident identification card enters card reader
When readable range, resident identification card detects the card seeking instruction that card reader is sent, and returns to card seeking response instruction, card reading to card reader
After device receives card seeking response instruction, resident identification card, card seeking success are confirmly detected.
After the success of card reader card seeking, user indicates that card reader starts reading identity card, and card reader starts and residential identity
Card interacts, and reads the information stored in resident identification card, by the safety control module (SAM module) of Ministry of Public Security's authorization to reading
The resident identification card taken is decoded, and obtains the ID card information of plaintext.
In the related art, card reader is after seeking resident identification card, not can read and stores in resident identification card
Information, but after receiving card reading instruction, information is just read from resident identification card.Since card reader by radio frequency and occupies
People's identity card interacts, and the time for reading the information stored in resident identification card is longer, and user experience is not high.
Summary of the invention
Present invention seek to address that the time of the information stored in above-mentioned reading resident identification card is longer, user experience is not high
Problem.
The main purpose of the present invention is to provide a kind of identity card card reading methods;
Another object of the present invention is to provide a kind of identity card card-reading systems.
In order to achieve the above objectives, the present invention the following technical schemes are provided:
Scheme 1, a kind of identity card card reading method, this method comprises: card reader receives the return of the first resident identification card
Card seeking response instruction;Card reader reads the configuration information of the first resident identification card;Card reader inquires electronics label by external interface
Whether it is stored with configuration information in name equipment, in the case where electronic signature equipment does not have storage configuration information, by external
Mouth is by configuration information storage into electronic signature equipment;Card reader receives card reading instruction, sends exit passageway and establishes request extremely
Background server;Background server is held consultation by card reader and electronic signature equipment, and electronic signature equipment obtains the first biography
Defeated key, background server obtain the second transmission key;Card reader obtains the encryption identity card information stored in resident identification card,
Encryption identity card information is sent to electronic signature equipment;Electronic signature equipment to configuration information and is added using the first transmission key
Close ID card information is encrypted, and transmission ciphertext is obtained, and transmission ciphertext is sent to card reader;Card reader will transmit ciphertext and send
To background server;Background server receives transmission ciphertext, and transmission ciphertext is decrypted using the second transmission key, obtains
Configuration information and encryption identity card information.
Scheme 2, according to the method for scheme 1, background server is held consultation by card reader and electronic signature equipment, electronics
Signature device obtains the first transmission key, and background server obtains the second transmission key, comprising: card reader sends exit passageway and builds
It is vertical to request to background server;Background server receive exit passageway establish request, generate the first random factor, and by first with
The machine factor is sent to card reader;Card reader receives the first random factor, and the first random factor is sent to electronic signature equipment;Electricity
Sub- signature device receives the first random factor, sign using the private key of electronic signature equipment to the first data to be signed, generation the
One signed data, by first transmission data be sent to card reader, wherein the first data to be signed include at least first it is random because
Son, first sends data to digital certificate less including the first signed data and electronic signature equipment;Card reader receives the first hair
Data are sent, the first transmission data are sent to background server;Background server receives first and sends data, verifying electronic signature
The digital certificate of equipment, after being verified, carry out sign test operation to the first signed data terminates if sign test does not pass through
Process;If sign test passes through, background server generate the second random factor, and based on the first random factor and second it is random because
Son generates third random factor and encryption data is obtained, after utilization using the public key encryption third random factor of electronic signature equipment
The private key pair encryption data of platform server are signed, and the second signed data is obtained, and are calculated using third random factor
Second transmission data are sent to card reader, wherein the second transmission data include the second signed data, encryption by two transmission keys
The digital certificate of data and background server;Card reader receives the second transmission data, and the second transmission data are sent to electronics label
Name equipment;Electronic signature equipment receives the second transmission data, verifies the digital certificate of background server, right after being verified
Second signed data carries out sign test operation, if sign test passes through, is carried out using the private key pair encryption data of electronic signature equipment
Decryption oprerations obtain third random factor, and the first transmission key are calculated using third random factor.
Scheme 3, according to the method for scheme 1, background server is held consultation by card reader and electronic signature equipment, electronics
Signature device obtains the first transmission key, and background server obtains the second transmission key, comprising: card reader sends exit passageway and builds
It is vertical to request to background server;Background server receives exit passageway and establishes request, generates the first random factor, and first is recognized
Card data are sent to card reader, wherein the first authentication data includes at least: the number card of the first random factor and background server
Book;After card reader receives the first authentication data, the first authentication data is sent to electronic signature equipment;Electronic signature equipment receives
First authentication data verifies the digital certificate of background server, after being verified, generates the second random factor, and utilize backstage
The second random factor of public key encryption of server, obtains the first encryption data, to the first random factor and the first encryption data into
Row signature, obtains the first signed data, the second authentication data is sent to card reader, and be calculated based on the second random factor
First transmission key, wherein the second authentication data includes the number of the first signed data, the first encryption data and electronic signature equipment
Word certificate;After card reader receives the second authentication data, the second authentication data is sent to background server;Background server receives
Second authentication data verifies the digital certificate of electronic signature equipment, after being verified, carries out sign test to the first signed data,
If sign test passes through, operation is decrypted to the first encryption data using the private key of background server, obtain second it is random because
Son terminates process if sign test does not pass through;Background server is based on the second random factor and the second transmission key is calculated.
Scheme 4, according to the method for any one of scheme 1 to 3, card reader obtains the encryption identity card stored in resident identification card
Information includes: whether to be stored with encryption identity card information corresponding with configuration information in card reader inquiry electronic signature equipment;?
It determines in the case where being stored with encryption identity card information in electronic signature equipment, is read in electronic signature equipment by external interface
The encryption identity card information of storage;In the case where in determining electronic signature equipment without storage encryption identity card information, card reading
Device executes the card reading process of identity card, reads the encryption identity card information in the first resident identification card, and by the encryption body of reading
Part card information is stored by external interface to be associated with into electronic signature equipment, and with configuration information.
Scheme 5, according to the method for any one of scheme 1 to 3, there is no the case where storage configuration information in electronic signature equipment
Under, being stored configuration information by external interface includes: that card reader by external interface deletes electronics into electronic signature equipment
The configuration information and encryption identity card information stored in signature device, by the configuration information storage of reading to electronic signature equipment
In;It includes: in card reader inquiry electronic signature equipment that card reader, which obtains the encryption identity card information stored in resident identification card, is
It is no to be stored with encryption identity card information;In the case where being stored with encryption identity card information in determining electronic signature equipment, pass through
External interface reads the encryption identity card information stored in electronic signature equipment;Add in determining electronic signature equipment without storage
In the case where close ID card information, card reader executes the card reading process of identity card, reads the encryption body in the first resident identification card
Part card information, and the encryption identity card information of reading is stored by external interface into electronic signature equipment.
Scheme 6, according to the method for scheme 4 or 5, the encryption identity card information stored in electronic signature equipment includes multiple numbers
According to packet;Electronic signature equipment encrypts configuration information and encryption identity card information using the first transmission key, is transmitted
Transmission ciphertext is sent to card reader by ciphertext: card reader respectively believes configuration information, encryption identity card using the first transmission key
Each data of breath are encrypted, and obtain multiple encrypted packets, multiple encrypted packets are sent to card reader.
Scheme 7, according to the method for scheme 6, method further include: upon receipt platform server send instruction retransmit encryption
When the retransmission instructions of ID card information, card reader sends to electronic signature equipment and requests, and request retransmission instruction instruction needs to retransmit
Data packet;Electronic signature equipment obtains the data packet that retransmission instructions instruction needs to retransmit, using the first transmission key to needs
The data packet of re-transmission is encrypted, and needs the data packet retransmitted to be sent to card reader for encrypted;Card reader receives electronics
The data packet that the encrypted needs that signature device returns retransmit, and by the encrypted data packet retransmission for needing to retransmit to backstage
Server.
Scheme 8, according to the method for any one of scheme 1 to 7, configuration information and encryption identity card information are sent in card reader
After background server, method further include: card reader does not detect resident identification card in the given time, empties electronics label
The configuration information and encryption identity card information of the resident identification card of name device memory storage.
Scheme 9, according to the method for any one of scheme 1 to 8, configuration information and encryption identity card information are sent in card reader
After background server, method further include: card reader obtains the identity card cleartext information encrypted from background server;Card reading
The identity card cleartext information of encryption is sent to electronic signature equipment by device;Electronic signature equipment is using the first transmission key to encryption
Identity card cleartext information be decrypted, obtain identity card cleartext information;Electronic signature equipment generates a random key;Electronics
Signature device encrypts identity card cleartext information using random key;Electronic signature equipment stores encrypted proof of identification
Literary information.
Scheme 10, according to the method for scheme 9, after electronic signature equipment stores encrypted identity card cleartext information,
Method further include: card reader receives the card seeking response instruction of the second resident identification card return;Card reader reads second resident's body
The configuration information of part card;Card reader judges the configuration information currently read whether is stored in electronic signature equipment;Card reader connects
Receive the card reading instruction for the terminal being attached thereto;In the feelings for judging to be stored with the configuration information currently read in electronic signature equipment
Under condition, judge whether electronic signature equipment is stored with encrypted identity card cleartext information;It is deposited in judging electronic signature equipment
In the case where containing encrypted identity card cleartext information, identity card cleartext information is obtained from electronic signature equipment.
Scheme 11, according to the method for scheme 9, encrypted identity card cleartext information is stored to electricity in electronic signature equipment
After in sub- signature device, method further include: card reader does not detect resident identification card in the given time, empties electronics label
The encrypted identity card cleartext information of name device memory storage;And/or card reader does not detect resident's body in the given time
In the case that part card or electronic signature equipment execute before power-off operation, electronic signature equipment deletes random key.
Scheme 12, the method according to any one of scheme 1-2,4-10, background server carry out sign test to the first signed data
Operation, comprising: background server utilizes the electronic signature equipment in the first random factor and the digital certificate of electronic signature equipment
Public key to the first signed data carry out sign test operation;Electronic signature equipment carries out sign test operation to the second signed data, comprising:
Electronic signature equipment is signed using the public key of the background server in the digital certificate of encryption data and background server to second
Data carry out sign test operation.
Scheme 13, the method according to any one of scheme 1-2,4-11, the first data to be signed further include: electronic signature equipment
The first identity;First sends data further include: the second identity of electronic signature equipment.14, according to scheme 13
Method, the first identity of electronic signature equipment include: electronic signature equipment sequence number and/or electronic signature equipment certificate
Number, the second identity of electronic signature equipment includes: electronic signature equipment sequence number and/or electronic signature equipment certificate number,
And electronic signature equipment sequence number and electronic signature equipment certificate number have mapping relations.
Scheme 15, according to the method for scheme 13 or 14, background server carries out sign test operation, packet to the first signed data
It includes:
Background server utilizes the electricity in the digital certificate of the first random factor, the second identity and electronic signature equipment
The public key of sub- signature device carries out sign test operation to the first signed data.
Scheme 16, a kind of identity card card-reading system, system includes: card reader, is returned for receiving the first resident identification card
The card seeking returned responds instruction, reads the configuration information of the first resident identification card, then inquires electronic signature equipment by external interface
In whether be stored with configuration information, in the case where electronic signature equipment does not have storage configuration information, will be matched by external interface
Confidence breath storage is into electronic signature equipment;Card reader is also used to receive card reading instruction, sends exit passageway and establishes request extremely
Background server;Background server obtains the second transmission key for holding consultation by card reader and electronic signature equipment;
Electronic signature equipment obtains the first transmission key for holding consultation by card reader and background server;Card reader is also used
In obtaining the encryption identity card information stored in resident identification card, encryption identity card information is sent to electronic signature equipment;Electricity
Sub- signature device is also used for the first transmission key and encrypts to configuration information and encryption identity card information, transmitted
Transmission ciphertext is sent to card reader by ciphertext;Card reader is also used to transmit ciphertext and is sent to background server;Background service
Device is also used to receive transmission ciphertext, and transmission ciphertext is decrypted using the second transmission key, and configuration information and encryption are obtained
ID card information.
Scheme 17 obtains second according to the system of scheme 16, background server and electronic signature equipment in the following manner
Transmission key and the first transmission key: background server establishes request for receiving exit passageway, generates the first random factor,
And the first random factor is sent to electronic signature equipment by card reader;Electronic signature equipment, for receive first it is random because
Son signs to the first data to be signed using the private key of electronic signature equipment, generates the first signed data, sends data for first
Background server is sent to by card reader, wherein the first data to be signed include at least the first random factor, and first sends number
According to the digital certificate for including at least the first signed data and electronic signature equipment;Background server is also used to receive the first transmission
Data verify the digital certificate of electronic signature equipment, after being verified, carry out sign test operation to the first signed data, if
Sign test does not pass through, then terminates process;If sign test passes through, the second random factor is generated, and based on the first random factor and the
Two random factors generate third random factor, using the public key encryption third random factor of electronic signature equipment, obtain encryption number
According to being signed using the private key pair encryption data of background server, obtain the second signed data, utilize third random factor meter
Calculation obtains the second transmission key, the second transmission data is sent to electronic signature equipment by card reader, wherein the second transmission number
According to the digital certificate for including the second signed data, encryption data and background server;Electronic signature equipment is also used to receive second
Data are transmitted, the digital certificate of background server is verified, after being verified, sign test operation are carried out to the second signed data, such as
Fruit sign test passes through, then operation is decrypted using the private key pair encryption data of electronic signature equipment, obtains third random factor, and
The first transmission key is calculated using third random factor.
Scheme 18 obtains second according to the system of scheme 17, background server and electronic signature equipment in the following manner
Transmission key and the first transmission key: background server establishes request for receiving exit passageway, generates the first random factor,
And the first authentication data is sent to electronic signature equipment by card reader, wherein the first authentication data includes at least: first with
The digital certificate of the machine factor and background server;Electronic signature equipment verifies background server for receiving the first authentication data
Digital certificate, after being verified, generate the second random factor, and using background server public key encryption second it is random because
Son obtains the first encryption data, signs to the first random factor and the first encryption data, obtains the first signed data, will
Second authentication data card reader is sent to background server, and the first transmission key is calculated based on the second random factor,
In, the second authentication data includes the digital certificate of the first signed data, the first encryption data and electronic signature equipment;Background service
Device is also used to receive the second authentication data, verifies the digital certificate of electronic signature equipment, after being verified, signs to first
Data carry out sign test and operation are decrypted to the first encryption data using the private key of background server, obtains if sign test passes through
To the second random factor, the second transmission key is calculated based on the second random factor, if sign test does not pass through, terminates to flow
Journey.
Scheme 19, according to the system of any one of scheme 16 to 18, card reader obtains in resident identification card in the following manner
The encryption identity card information of storage: encryption identity card letter corresponding with configuration information whether is stored in inquiry electronic signature equipment
Breath;In the case where being stored with encryption identity card information in determining electronic signature equipment, is read and signed electronically by external interface
The encryption identity card information stored in equipment;The case where in determining electronic signature equipment without storage encryption identity card information
Under, it executes the card reading process of identity card, reads the encryption identity card information in the first resident identification card, and by the encryption body of reading
Part card information is stored by external interface to be associated with into electronic signature equipment, and with configuration information.
Scheme 20, according to the system of any one of scheme 16 to 18, there is no the feelings of storage configuration information in electronic signature equipment
Under condition, configuration information storage is included: in the following manner to delete electricity by external interface into electronic signature equipment by card reader
The configuration information and encryption identity card information stored in sub- signature device, by the configuration information storage of reading to electronic signature equipment
In;Card reader obtains the encryption identity card information stored in resident identification card in the following manner: in inquiry electronic signature equipment
Whether encryption identity card information is stored with;In the case where being stored with encryption identity card information in determining electronic signature equipment, lead to
It crosses external interface and reads the encryption identity card information stored in electronic signature equipment;It is not stored in determining electronic signature equipment
In the case where encryption identity card information, the card reading process of identity card is executed, reads the encryption identity card in the first resident identification card
Information, and the encryption identity card information of reading is stored by external interface into electronic signature equipment.
Scheme 21, according to the system of scheme 19 or 20, the encryption identity card information stored in electronic signature equipment includes more
A data packet;Electronic signature equipment in the following manner encrypts configuration information and encryption identity card information, is transmitted
Ciphertext, by transmit ciphertext be sent to card reader: using the first transmission key respectively to configuration information, encryption identity card information it is each
A data are encrypted, and multiple encrypted packets are obtained, and multiple encrypted packets are sent to card reader.
Scheme 22, according to the system of scheme 21, the instruction that platform server is sent upon receipt retransmits encryption identity card letter
When the retransmission instructions of breath, card reader sends to electronic signature equipment and requests, the data packet that request retransmission instruction instruction needs to retransmit;
Electronic signature equipment obtains the data packet that retransmission instructions instruction needs to retransmit, the data retransmitted using the first transmission key to needs
Packet is encrypted, and needs the data packet retransmitted to be sent to card reader for encrypted;Card reader receives electronic signature equipment and returns
The data packet that the encrypted needs returned retransmit, and need the data packet retransmission retransmitted to background server for encrypted.
Scheme 23, according to the system of any one of scheme 16 to 22, card reader is also used to by configuration information and crypto identity
Card information is sent to after background server, is not detected resident identification card in the given time, is emptied electronic signature equipment
The configuration information and encryption identity card information of the resident identification card of interior storage.
Scheme 24, according to the system of any one of scheme 16 to 23, card reader is also used to by configuration information and crypto identity
Card information is sent to after background server, the identity card cleartext information encrypted from background server is obtained, by the body of encryption
Part card cleartext information is sent to electronic signature equipment;Electronic signature equipment is also used to the identity using the first transmission key to encryption
Card cleartext information is decrypted, and obtains identity card cleartext information, a random key is generated, using random key to proof of identification
Literary information is encrypted, and encrypted identity card cleartext information is stored.
Scheme 25, according to the system of scheme 24, card reader be also used to receive the second resident identification card return card seeking ring
It should instruct, read the configuration information of the second resident identification card, judge whether to be stored with matching of currently reading in electronic signature equipment
Confidence breath receives the card reading instruction for the terminal being attached thereto, and is judging to be stored with matching of currently reading in electronic signature equipment
In the case that confidence ceases, judge whether electronic signature equipment is stored with encrypted identity card cleartext information;Judging electronics label
In the case where being stored with encrypted identity card cleartext information in name equipment, identity card is obtained from electronic signature equipment and is believed in plain text
Breath.
Scheme 26, according to the system of scheme 25, card reader is also used to arrive by encrypted identity card cleartext information storage
After in electronic signature equipment, resident identification card is not detected in the given time, empties storage in electronic signature equipment
Encrypted identity card cleartext information;And/or electronic signature equipment is also used to not detect in the given time in card reader
In the case that resident identification card or electronic signature equipment execute before power-off operation, random key is deleted.
Scheme 27, the system according to any one of scheme 16-17,19-26, background server test the first signed data
Label operation, comprising: background server is set using the electronic signature in the first random factor and the digital certificate of electronic signature equipment
Standby public key carries out sign test operation to the first signed data;Electronic signature equipment carries out sign test operation, packet to the second signed data
Include: electronic signature equipment is signed using the public key of the background server in the digital certificate of encryption data and background server to second
Name data carry out sign test operation.
Scheme 28, the system according to any one of scheme 16-17,19-27, the first data to be signed further include: electronic signature
First identity of equipment;First sends data further include: the second identity of electronic signature equipment.
Scheme 29, according to the system of scheme 28, the first identity of electronic signature equipment includes: electronic signature equipment sequence
Row number and/or electronic signature equipment certificate number, the second identity of electronic signature equipment include: electronic signature equipment sequence number
And/or electronic signature equipment certificate number, and electronic signature equipment sequence number and electronic signature equipment certificate number have mapping relations.
Scheme 30, according to the system of scheme 28 or 29, background server carries out sign test operation, packet to the first signed data
It includes:
Background server utilizes the electricity in the digital certificate of the first random factor, the second identity and electronic signature equipment
The public key of sub- signature device carries out sign test operation to the first signed data.
The technical solution provided through the invention, card reader is after seeking resident identification card, i.e., from resident identification card
Configuration information is read, after the instruction of subsequently received card reading, encryption identity card information is only read from resident identification card, to save
The time for about reading configuration information after receiving card reading instruction, the reading efficiency of identity card is improved, user's body is improved
It tests.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment
Attached drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this
For the those of ordinary skill in field, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is a kind of flow diagram for identity card card reading method that the embodiment of the present invention 1 provides;
Fig. 2 is a kind of flow diagram for identity card card reading method that the embodiment of the present invention 2 provides;
Fig. 3 is a kind of flow diagram for identity card card reading method that the embodiment of the present invention 3 provides;
Fig. 4 is a kind of configuration diagram for identity card card-reading system that the embodiment of the present invention 4 provides;
Fig. 5 is a kind of flow diagram in card reading process that the embodiment of the present invention 5 provides;
Fig. 6 is the flow diagram for another card reading process that the embodiment of the present invention 6 provides.
Specific embodiment
With reference to the attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete
Ground description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Based on this
The embodiment of invention, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, belongs to protection scope of the present invention.
In the description of the present invention, it is to be understood that, term " center ", " longitudinal direction ", " transverse direction ", "upper", "lower",
The orientation or positional relationship of the instructions such as "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside" is
It is based on the orientation or positional relationship shown in the drawings, is merely for convenience of description of the present invention and simplification of the description, rather than instruction or dark
Show that signified device or element must have a particular orientation, be constructed and operated in a specific orientation, therefore should not be understood as pair
Limitation of the invention.In addition, term " first ", " second " are used for description purposes only, it is not understood to indicate or imply opposite
Importance or quantity or position.
In the description of the present invention, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in invention.
The embodiment of the present invention is described in further detail below in conjunction with attached drawing.
Embodiment 1
Fig. 1 is a kind of flow diagram of identity card card reading method provided in this embodiment, as shown in Figure 1, the present embodiment
The identity card card reading method of offer mainly includes the following steps that (101-109).
Step 101: card reader receives the card seeking response instruction of the first resident identification card return;
In the present embodiment, card reader is instructed by its radio-frequency module at interval of card seeking is sent out for a period of time, and first
After resident identification card receives the card seeking instruction of card reader transmission, the first resident identification card can send card seeking response from trend card reader
Instruction, card reader receive the card seeking that the first resident identification card returns and respond instruction.Card reader is returned by the first resident identification card
Card seeking response instruction with the first resident identification card establish communicate to connect.
It should be noted that being provided with the safety control module of Ministry of Public Security's authorization in general card reader to decrypt card reader
The encryption identity card information of reading, but at high cost, this reality of the safety control module of Ministry of Public Security's authorization is integrated in card reader
It applies in example, card reader is not provided with the safety control module (SAM module) of Ministry of Public Security's authorization, and safety control module is arranged remote
End, can be set in background server, can also be independently arranged, and pass through wired (for example, USB interface etc.) with background server
Connection, can also be by wireless (for example, WIFI, bluetooth etc.), and specific this embodiment is not limited.By by card reader and SAM
Module is provided separately, and a SAM module can be shared with multiple card reader, so as to save the cost.
Step 102: card reader reads the configuration information of the first resident identification card;
In the present embodiment, card reader after receiving the card seeking response instruction of the first resident identification card return, work as by determination
There is identity card in preceding readable range, then directly reads the configuration information in the first resident identification card.
In practical applications, the information stored in the first resident identification card includes matching with the identity card of clear-text way storage
Encryption identity card information confidence breath and stored with encrypted test mode.Wherein, the configuration information of identity card refers to the configuration of identity card
Parameter, for example, identity card sequence number, be used to indicate the application being arranged in identity card relevant information application data, transmission association
(for example, transport protocol type, bit digit rate, maximum frame size) etc. is discussed, card reader can be not required to the Direct Recognition configuration information
The safety control module for wanting the Ministry of Public Security to authorize is decrypted.Encryption identity card information refers to the body stored in identity card with ciphertext
Part card, such as the information such as identification card number, name, gender, address and photo, the encryption identity card information are only awarded by the Ministry of Public Security
After the safety control module of power is decrypted, the cleartext information of the identity card could be obtained.The security control mould of Ministry of Public Security's authorization
Block needs to decrypt by configuration information when decrypting encryption identity card information, therefore, in reading identity card, need by
The configuration information and encryption identity card information stored in identity card is both provided to the safety control module of Ministry of Public Security's authorization.In this reality
It applies in example, regardless of whether card reading instruction is received, as long as card reader detects that there are resident identification cards (to connect in readable range
Receive the card seeking response instruction of resident identification card return), then read the configuration information of the resident identification card.
Step 103: card reader inquires in electronic signature equipment whether be stored with the configuration information by external interface,
In the case that the electronic signature equipment does not store the configuration information, the configuration information is deposited by the external interface
It stores up in the electronic signature equipment;
In the present embodiment, after card reader reads the configuration information in the first resident identification card, card reader passes through to external
Whether the configuration information of first resident identification card that in step 102 card reader read is stored in mouth inquiry electronic signature equipment,
If not being stored with the configuration information read in step 102, the configuration information storage is arrived by the external interface
In the electronic signature equipment;In addition, directly executing step 104 if being stored with the configuration information read in step 102.
In the present embodiment, electronic signature equipment can use the smart card with safety chip, wirelessly (example
Such as NFC, bluetooth mode) connect with terminal, can also using with safety chip electronic signature key (i.e. KEY, such as:
The K treasured etc. that U-shield that industrial and commercial bank uses, agricultural bank use) connect by USB interface or audio port with terminal, concrete form reality of the invention
Example is applied to be not construed as limiting.
In the present embodiment, card reader and electronic signature equipment can be by wired connections, for example, USB interface, audio connect
Mouthful etc., it can also connect wirelessly, for example, the mode such as NFC, bluetooth.It is specific that this embodiment is not limited.
Step 104: card reader receives card reading instruction, sends exit passageway and establishes request to background server;
In the present embodiment, step 103 and card reader receive the step that card reading instruction is two not no chronological orders
Suddenly, in practical applications, card reader may be that card reading instruction is received when executing step 103, be also possible to executing step
Card reading instruction is received after 103, it is also possible to execute step 103 again after receiving card reading instruction, specific the present embodiment is not
It limits.
In the present embodiment, card reading instruction is instruction for reading identity card information, card reader can by terminal (such as
Computer or mobile phone etc.) card reading instruction is received, card reading instruction can also be obtained by card reader itself, card reader obtains card reading instruction
Mode this embodiment and without limitation, as long as to can receive card reading instruction i.e. within the scope of the present invention for card reader.
Card reader passes through the card reading instruction received and obtains the encryption identity card information stored in identity card.
Step 105, background server is held consultation by card reader and electronic signature equipment, according to negotiation result, electronics
Signature device obtains the first transmission key, and background server obtains the second transmission key;
Background server negotiates the process of transmission key by card reader and electronic signature equipment, specifically may refer to subsequent
Description in embodiment 5 and 6, details are not described herein.
Step 106, card reader obtains the encryption identity card information stored in resident identification card, by the encryption identity card information
It is sent to electronic signature equipment;
In an optional embodiment of the embodiment of the present invention, encryption identity card letter is stored in electronic signature equipment
In the case where breath, card reader can obtain encryption identity card information by external interface from electronic signature equipment, alternatively, card reading
Device can also read encryption identity card information directly from the first resident identification card, specifically can refer to retouching in embodiment 2 and 3
It states.
Step 107, electronic signature equipment adds configuration information and encryption identity card information using the first transmission key
It is close, transmission ciphertext is obtained, transmission ciphertext is sent to card reader;
In a particular application, electronic signature equipment can be carried out according to card reader to the mode that background server sends data
Encryption, for example, sending a data every time if card reader configuration information and encryption identity card information are divided into multiple data packets
Packet, then electronic signature equipment encrypts each data packet respectively.
Step 108, card reader is sent to background server for ciphertext is transmitted.
In the present embodiment, after card reader gets transmission ciphertext, which is sent to background server.Specifically
, card reader can establish connection with background server by terminal (such as computer or mobile phone etc.) and communicate, can also be with wireless
Mode (such as bluetooth, infrared or NFC near-field communication etc.) directly establish connection with background server and communicate.
Step 109, background server receives transmission ciphertext, and transmission ciphertext is decrypted using the second transmission key,
Obtain configuration information and encryption identity card information.
Background server, can be by the resident identification card after decryption obtains configuration information and encryption identity card information
Configuration information and encryption identity card information are sent to SAM module, are carried out by ID card information of the SAM module to the resident identification card
Decoding, so that the available identity card cleartext information to the resident identification card of background server, and then it can be executed
It needs the process using identity card, for example, banking system is that user's execution is remotely opened an account.
In the related art, when executing resident identification card reading process, detecting that there are residents in readable range
When identity card, the information stored in resident identification card not can read, but wait card reading instruction, receiving card reading instruction
Afterwards, then from resident identification card configuration information and encryption identity card information are read.And in identity card card reading provided in this embodiment
In scheme, card reader is being detected in readable range there are when resident identification card, just directly reads the configuration of resident identification card
Information only need to obtain the encryption identity card information stored in resident identification card, without reading again after receiving card reading instruction
Configuration information is taken, so as to save the card reading time, improves user experience.Also, in the present embodiment, card reader and backstage take
Negotiate transmission key between business device, in interactive process, transmission key through consultation encrypts the data of transmission, can be with
It is further ensured that the transmission safety of information.
As a kind of optional embodiment of the present embodiment, card reader will transmit ciphertext be sent to background server it
Afterwards, background server can be interacted with SAM module, the identity card cleartext information decrypted, and background server can incite somebody to action
The identity card cleartext information is sent to card reader, which is sent to electronic signature equipment again by card reader.It can
Selection of land, in order to guarantee the transmission safety of identity card cleartext information, background server can be encrypted identity card cleartext information
After send, for example, background server can be used with electronic signature equipment negotiate the second transmission key encrypted.Therefore,
In the optional embodiment, card reader will be transmitted after ciphertext is sent to background server, and this method can also include: electronics
Signature device obtains the identity card cleartext information that background server is decrypted, and electronic signature equipment card reader generates one at random
Key;Electronic signature equipment encrypts identity card cleartext information using random key, after electronic signature equipment storage encryption
Identity card cleartext information.Wherein, card reader can receive the identity that background server is encrypted using the second transmission key
Cleartext information is demonstrate,proved, the cleartext information of the encryption is sent to electronic signature equipment, electronic signature equipment uses the first transmission key
It is decrypted, obtains identity card cleartext information.In embodiments, by the way that the identity card cleartext information of encryption is stored in electronics
In signature device, encryption can be obtained directly from electronic signature equipment in the case where needing multiple reading identity card information
Identity card cleartext information, do not need that encryption identity card information is decrypted again again by background server and SAM module,
To save the time of secondary card reading, also, identity card cleartext information is encrypted by using random key, it is ensured that
The safety of identity card cleartext information.
As a kind of optional embodiment of the present embodiment, encrypted identity card is stored in electronic signature equipment and is believed in plain text
After breath, card reader receives the card seeking response instruction of the second resident identification card return, and card reader reads the second resident identification card
Configuration information, card reader judges the configuration information currently read whether is stored in electronic signature equipment, and card reader receives
The card reading for the terminal (for example, PC machine of bank front end) being attached thereto instructs, and is stored in inquiry electronic signature equipment current
In the case where the configuration information of reading, whether inquiry electronic signature equipment is stored with encrypted identity card cleartext information, true
Determine in the case where being stored with encrypted identity card cleartext information in electronic signature equipment, electronic signature equipment uses random key
Encrypted identity card cleartext information is decrypted to obtain identity card cleartext information and is sent to card reader, card reader output solution
Identity card cleartext information after close.It, can also be with for example, the identity card cleartext information after decryption can be sent to terminal by card reader
Identity card cleartext information after directly displaying decryption.
Specifically, card reader is read in the case that the second resident identification card and the first resident identification card are same identity card
The configuration information of the second resident identification card is taken, and determines in electronic signature equipment and is stored with the configuration information currently read, card reading
After device receives card reading instruction, inquire in electronic signature equipment whether be stored with encrypted identity card cleartext information, is determining electricity
In the case where being stored with encrypted identity card cleartext information in sub- signature device, electronic signature equipment is using random key to adding
Identity card cleartext information after close is decrypted to obtain identity card cleartext information, and card reader acquisition identity card cleartext information is simultaneously defeated
Out.In addition, card reader reads second and occupies in the case that the second resident identification card and the first resident identification card are different identity card
The configuration information of people's identity card, and judge not to be stored with the configuration information currently read in electronic signature equipment, card reader is held
The card reading process of the second resident identification card of row reads the card reading process of the second resident identification card and reads the first resident identification card
Card reading process is identical, and details are not described herein.Judge whether it is secondary card reading by configuration information, and is stored with and matches in judgement
When confidence ceases corresponding identity card cleartext information, the identity card cleartext information of encryption is directly obtained from electronic signature equipment, is saved
About time of secondary card reading.
In the present embodiment, electronic signature equipment can only store the identity card cleartext information of the encryption of an identity card,
For example, a memory space can be arranged in electronic signature equipment, which is used to store the identity card of encryption in plain text
Information, in addition it can which a memory space is arranged for storage configuration information.Card reader is read when detecting resident identification card
The configuration information of the resident identification card is taken, if the configuration information is not stored in electronic signature equipment, empties electronics label
The information stored in the memory space of the identity card cleartext information of the memory space and encryption of configuration information in name equipment, then will work as
The configuration information of preceding reading is saved in the memory space of configuration information, thereby may be ensured that the configuration stored in electronic signature equipment
Information and the identity card cleartext information of encryption belong to same identity card.After execution in continuous identity card card reading process, obtaining
After the identity card cleartext information decrypted to background server, reuses random key and the identity card cleartext information is encrypted,
Then it is saved in the memory space of the identity card cleartext information of encryption.Receiving host computer (for example, PC machine of bank front end)
When the card reading instruction of transmission, card reader may determine that be stored in the configuration information and electronic signature equipment of current resident identification card
Whether configuration information is consistent, if unanimously, from the memory space of the identity card cleartext information of the encryption in electronic signature equipment
The middle identity card cleartext information for taking out encryption, and be decrypted using random key, it is exported after decryption.
Certainly, it also can store the identity card cleartext information of the encryption of multiple identity cards in electronic signature equipment, for example,
When storing the identity card cleartext information of encryption, the identity card cleartext information of the encryption is associated with the configuration information of resident identification card
Storage.Card reader reads the configuration information of the resident identification card when detecting resident identification card, if the configuration information does not have
It is stored in electronic signature equipment, then the configuration information currently read is saved in the memory space of configuration information, obtained subsequent
It when taking the identity card cleartext information of the resident identification card, is encrypted using random key, encrypted identity card is believed in plain text
Breath and the configuration information associated storage.In the card reading instruction of subsequently received host computer, card reader can inquire electronic signature
Whether the configuration information of current resident identification card is stored in equipment, if so, further inquiring in electronic signature equipment is
The no identity card cleartext information being stored with the associated encryption of the configuration information, if so, then electronic signature equipment is using at random
Key is decrypted to obtain identity card cleartext information and is sent to card reader, and the identity card after card reader output decryption is believed in plain text
Breath.
As a kind of optional embodiment of the present embodiment, encrypted identity card cleartext information storage is arrived in card reader
After in electronic signature equipment, in order to guarantee the safety of resident identification card information, if card reader is not examined in the given time
Resident identification card is measured, then empties the encrypted identity card cleartext information stored in electronic signature equipment.Specifically, card reader
After encrypted identity card cleartext information is stored into electronic signature equipment, card reader judges whether to examine in the given time
Resident identification card is measured, in the case that card reader does not detect resident identification card in the given time, card reader empties electricity
The encrypted identity card cleartext information stored in sub- signature device.
As a kind of optional embodiment of the present embodiment, encrypted identity card cleartext information storage is arrived in card reader
After in electronic signature equipment, if card reader does not detect that resident identification card or electronic signature equipment are held in the given time
In the case where before row power-off operation, the random key in electronic signature equipment is deleted.Specifically, card reader is by encrypted identity
After cleartext information storage is demonstrate,proved into electronic signature equipment, card reader judges whether to detect residential identity in the given time
Card, in the case that card reader does not detect resident identification card in the given time, card reader instruction electronic signature equipment is deleted
Except random key.Certainly, after card reader stores encrypted identity card cleartext information into electronic signature equipment, electronics label
When name equipment executes power-off operation, electronic signature equipment also deletes random key.After deleting random key, even if the electronics label
Name equipment is illegally accessed, and also the identity card cleartext information for the encryption that stored in electronic signature equipment can not be decrypted, from
And ensure that the safety of resident identification card information, so that electronic signature equipment can deposit the identity card cleartext information of encryption
It stores up in flash memory (flash).
Optionally, in the present embodiment, the configuration information of resident identification card and the identity card cleartext information of encryption can be with
The mode of caching stores in electronic signature equipment, according to the characteristic of caching, after electricity under card reader, empties the letter of storage automatically
Breath, thereby may be ensured that the safety of resident identification card information.
A kind of identity card card reading method provided through this embodiment is just read before card reader receives card reading instruction
And by the configuration information of identity card storage to electronic signature equipment, after receiving card reading instruction, card reader does not need to read again
Take the configuration information of identity card, it is only necessary to which the encryption identity card information stored in reading identity card has saved the card reading time.Separately
Outside, it obtains identity card cleartext information in addition, being decrypted by background server and is stored in electronic signature equipment, work as transacting business
In the case where needing multiple reading identity card information, the identity card cleartext information of encryption can be obtained from electronic signature equipment,
It does not need background server repeatedly to decrypt, to further reduce the card reading time.Also, it in the present embodiment, signs electronically
Equipment and background server are negotiated transmission key and are added using the transmission key of negotiation to information in information interactive process
It is close, it ensure that the transmission safety of information.
Embodiment 2
Fig. 2 is the flow diagram of identity card card reading method provided in this embodiment, as shown in Fig. 2, the present embodiment provides
Identity card card reading method mainly include the following steps that (201-211).
Step 201~205, identical as step 101~105 in embodiment 1, details are not described herein.
Step 206: card reader judges encryption identity card corresponding with configuration information whether is stored in electronic signature equipment
Information;
In the present embodiment, after card reader receives card reading instruction, judge whether be stored with and match in electronic signature equipment
Confidence ceases corresponding encryption identity card information, believes when being stored with encryption identity card corresponding with configuration information in electronic signature equipment
In the case where breath, step 207 is executed;Believe when not being stored with encryption identity card corresponding with configuration information in electronic signature equipment
In the case where breath, step 208 is executed.
In the present embodiment, card reader judges encryption body corresponding with configuration information whether is stored in electronic signature equipment
When part card information, inquiry request can be sent to electronic signature equipment, what request electronic signature equipment was inquired and read matches confidence
Corresponding encryption identity card information is ceased, if electronic signature equipment inquires the encryption identity card information, this can be returned and added
Close ID card information only notice card reader can also inquire the encryption identity card information, if do not inquired, notify to read
Card device does not store the encryption identity card information.Concrete form the present embodiment limits.
Step 207: card reader obtains the encryption identity card information from electronic signature equipment;
In the present embodiment, card reader judges to be stored with encryption identity card corresponding with configuration information in electronic signature equipment
In the case where information, card reader obtains the encryption identity card letter of identity card corresponding with the configuration information from electronic signature equipment
Breath.
Step 208: card reader executes card reading process, reads the encryption identity card information in the first resident identification card, will read
The encryption identity card information taken is stored in electronic signature equipment, and the encryption identity card information and above-mentioned configuration information are closed
Connection, i.e., by the encryption identity card information and above-mentioned configuration information associated storage in electronic signature equipment.
I.e. in the present embodiment, the configuration information of identity card and encryption identity card information are associated storages, therefore, electronics
The configuration information and encryption identity card information of multiple resident identification cards can be stored in signature device simultaneously.
In the present embodiment, card reader judges not being stored with encryption body corresponding with configuration information in electronic signature equipment
In the case where part card information, card reader needs to be implemented card reading process, reads the encryption identity card stored in the first resident identification card
Information, card reader store the encryption identity card information of reading after reading encryption identity card information in the first resident identification card
In electronic signature equipment.
In the present embodiment, electronic signature equipment can store multiple configuration informations, in adding for card reader reading identity card
After close ID card information, the encryption identity card information of reading is associated with by card reader needs with the configuration information read in step 202
Storage, so as to obtain encryption identity card information by configuration information.
Step 209-211, it is identical as the step 107-109 in embodiment 1 respectively, it repeats no more.
As a kind of optional embodiment of the present embodiment, the encryption identity card information stored in electronic signature equipment includes
Multiple data packets, in step 209, each number that electronic signature equipment includes to configuration information, encryption identity card information respectively
It is encrypted according to packet, obtains multiple encrypted packets, multiple encrypted packets are sent to card reader.In step 210, card reader
Will transmission ciphertext to be sent to background server may include: that multiple encrypted packets are successively sent to background service by card reader
Device.It is stored by the way that encryption identity card information is divided into multiple data packets, Fast retransmission is carried out when subsequent transmission being facilitated to malfunction, is not required to
All encryption identity card information are retransmitted.
As a kind of optional embodiment of the present embodiment, background server is in the transmission ciphertext for receiving card reader transmission
Afterwards, after each encrypted packet is decrypted using the second transmission key, the encryption body received can be further checked
Whether part card information is complete, if imperfect, sends retransmission instructions to background server, which this data packet of instruction needs again
It passes.When the retransmission instructions that platform server is sent upon receipt, the data packet that card reader instruction electronic signature equipment needs to retransmit,
After electronic signature equipment receives instruction, encrypted using the data packet that the first transmission key retransmits needs, it then will encryption
The data packet that retransmits of needs return to card reader, the data packet retransmission retransmitted by the needs that card reader encrypts is to background service
Device.Specifically, when one or more data packets of encryption identity card information are transmitted to background server error, background server
Retransmission instructions are sent to card reader, and instruction needs the one or more data packets retransmitted in retransmission instructions, card reader receives
After the retransmission instructions sent to background server, one or more data packets that instruction electronic signature equipment needs to retransmit, electronics
Signature device obtains the one or more data packet, is encrypted using the first transmission key to the one or more data packet,
Then one or more data packets of encryption are returned into card reader, card reader gives one or more data packet retransmissions of encryption
Background server.Background server indicates that the data packet that card reader needs to retransmit, card reader need to will only be needed by retransmission instructions
The data packet retransmission of re-transmission saves the time of reading identity card to background server.
As a kind of optional embodiment of the present embodiment, configuration information and encryption identity card information are sent in card reader
After background server, in order to guarantee that resident identification card information security, card reader do not detect resident in the given time
Identity card empties the configuration information and encryption identity card information of the resident identification card stored in electronic signature equipment.Specifically, reading
Card device can be sent out card seeking instruction at interval of a period of time, when card reader sends out the configuration information and encryption identity card information
After giving background server, card reader does not detect resident identification card in the given time, illustrates resident identification card
Not in the range of card reader can be read, the encryption identity card information and configuration information stored in electronic signature equipment is no longer needed
It wants, therefore, card reader will empty electronic signature equipment, and (card reader can send flush instructions, instruction electricity to electronic signature equipment
Sub- signature device empties corresponding content) storage resident identification card configuration information and encryption identity card information.By pre-
It fixes time and interior detection resident identification card and empties the information stored in electronic signature equipment, depositing for electronic signature equipment can be saved
Space is stored up, guarantees the safety of resident identification card information.
Optionally, in the present embodiment, the configuration information of resident identification card and encryption identity card information can be with cachings
Mode stores in electronic signature equipment, according to the characteristic of caching, after electricity under electronic signature equipment, and the letter that empties the cache automatically
Breath, thereby may be ensured that the safety of resident identification card information.
Other unaccomplished matters are same as Example 1, and details are not described herein.
The identity card card reading method provided through this embodiment, card reader receive card reading instruction before just read and
Electronic signature equipment stores the configuration information of identity card, and after receiving card reading instruction, card reader does not need to read identity again
The configuration information of card, it is only necessary to which the encryption identity card information stored in reading identity card has saved the card reading time.In addition, will occupy
The encryption identity card information of people's identity card is divided into multiple data packets and is stored in the electronic signature equipment of card reader, to take from the background
When business device indicates the data packet that card reader needs to retransmit by retransmission instructions, card reader need to will only need the data packet retransmission that retransmit
To background server, the time of reading identity card is further reduced.
Embodiment 3
Fig. 3 is the flow diagram of identity card card reading method provided in this embodiment, as shown in figure 3, the present embodiment provides
Identity card card reading method mainly include the following steps that (301-311).
Unlike embodiment 2, in order to save memory space, in the present embodiment in the electronic signature equipment of card reader
Only store the configuration information and encryption identity card information of a resident identification card.
Unlike embodiment 2, in step 303, what card reader stored before first deleting in electronic signature equipment
Configuration information and encryption identity card information, then the configuration information of reading is stored into the electronic signature equipment.Specifically
, in the case where card reader judges the configuration information for not having to read in storing step 302 in electronic signature equipment, card reader is first
The configuration information and encryption identity card information stored before first deleting in electronic signature equipment, for example, can be set to electronic signature
Preparation send deletion to instruct, the configuration information and encryption identity card information that instruction electronic signature equipment stores before deleting, and will step
The configuration information read in rapid 302 is stored in electronic signature equipment.
Unlike embodiment 2, in step 308, card reader executes card reading process, reads the first resident identification card
In encryption identity card information, the encryption identity card information of reading is stored in electronic signature equipment.Specifically, card reader is sentenced
It is not stored in the case of configuration information before in disconnected electronic signature equipment, card reader needs to be implemented card reading process, reads first
The encryption identity card information stored in resident identification card, card reader read encryption identity card information from the first resident identification card
Afterwards, the encryption identity card information of reading is stored in electronic signature equipment.Unlike embodiment 2, due to electronic signature
The information of a resident identification card is only stored in equipment, therefore, electronic signature equipment does not need to match what is read in step 302
The encryption identity card information association stored in confidence breath and step 308 stores.
Similar to Example 2, in the present embodiment, the encryption identity card information stored in electronic signature equipment includes multiple
Data packet, in step 209, each data packet that electronic signature equipment includes to configuration information, encryption identity card information respectively
It is encrypted, obtains multiple encrypted packets, multiple encrypted packets are sent to card reader.Card reader will transmit ciphertext and send
It may include: that multiple encrypted packets are successively sent to background server by card reader to background server.By the way that body will be encrypted
Part card information is divided into multiple data packets storages, and Fast retransmission is carried out when subsequent transmission being facilitated to malfunction, is not needed all encryption bodies
Part card information is retransmitted.
As a kind of optional embodiment of the present embodiment, background server is in the transmission ciphertext for receiving card reader transmission
Afterwards, after each encrypted packet is decrypted using the second transmission key, the encryption body received can be further checked
Whether part card information is complete, if imperfect, sends retransmission instructions to background server, which this data packet of instruction needs again
It passes.When the retransmission instructions that platform server is sent upon receipt, the data packet that card reader instruction electronic signature equipment needs to retransmit,
After electronic signature equipment receives instruction, encrypted using the data packet that the first transmission key retransmits needs, it then will encryption
The data packet that retransmits of needs return to card reader, the data packet retransmission retransmitted by the needs that card reader encrypts is to background service
Device.Background server indicates the data packet that card reader needs to retransmit, the number that card reader need to only retransmit needs by retransmission instructions
It retransmits according to packet to background server, saves the time of reading identity card.
In this embodiment it is possible to distribute two memory spaces, i.e. configuration information memory space in electronic signature equipment
It is encrypted with encryption identity card memory space by the configuration information storage of same resident identification card to configuration information memory space
ID card information is stored to encryption identity card memory space, when having detected resident identification card, reads the residential identity first
The configuration information of card empties if the configuration information of the resident identification card is not stored in electronic signature equipment with confidence
The information of memory space and the storage of encryption identity card memory space is ceased, then the configuration information currently read is stored to configuration information
Memory space, subsequent execution card reading process believe encryption identity card after reading encryption identity card information in resident identification card
Breath storage is stored to encryption identity card memory space.If the configuration information of the resident identification card is stored in electronic signature equipment
In, then when receiving card reading instruction, crypto identity directly is obtained from the encryption identity card memory space of electronic signature equipment
Demonstrate,prove information.In this way, it can be ensured that the safety of the resident identification card information used before avoids resident identification card information
It is illegally used.
Optionally, in the present embodiment, the configuration information of resident identification card and encryption identity card information can be with cachings
Mode stores in electronic signature equipment, according to the characteristic of caching, after electricity under electronic signature equipment, and the letter that empties the cache automatically
Breath, thereby may be ensured that the safety of resident identification card information.
The identity card card reading method provided through this embodiment, card reader receive card reading instruction before just read and
Electronic signature equipment stores the configuration information of identity card, and after receiving card reading instruction, card reader does not need to read identity again
The configuration information of card, it is only necessary to which the encryption identity card information stored in reading identity card has saved the card reading time.In addition, reading
Before the encryption identity card information stored in card device reading identity card, judges whether to be stored in electronic signature equipment and match confidence
Corresponding encryption identity card information is ceased, card reading speed can be accelerated to avoid the reading encryption identity card information from identity card is repeated
Degree.In addition, by the way that encryption identity card information is divided into multiple data packets, so that background server indicates card reading by retransmission instructions
When the data packet that device needs to retransmit, card reader only need to will need the data packet retransmission retransmitted to background server, further
Reduce the time of reading identity card.In addition, only needing to be provided with matching for one resident identification card of storage in electronic signature equipment
Confidence breath and the memory space of encryption identity card information ensure that while the memory space for having saved electronic signature equipment
The safety of resident identification card information.
Embodiment 4
Present embodiments provide a kind of identity card card-reading system.
Fig. 4 is the configuration diagram of identity card card-reading system provided in this embodiment, as shown in figure 4, the identity card card reading
System specifically includes that card reader 400, electronic signature equipment 410 and background server 420.In the present embodiment, card reader 100 is
It is not provided with the card reader of SAM module.
In the present embodiment, card reader 400 is read for receiving the card seeking response instruction of the first resident identification card return
The configuration information of first resident identification card, then inquired in electronic signature equipment 410 and whether be stored with confidence by external interface
Breath is stored configuration information to electronics by external interface in the case where electronic signature equipment 410 does not have storage configuration information
In signature device 410;Card reader 400 is also used to receive card reading instruction, sends exit passageway and establishes request to background server
420;It is close to obtain the second transmission for holding consultation by card reader 400 with electronic signature equipment 410 for background server 420
Key;Electronic signature equipment 410 obtains the first transmission key for holding consultation by card reader 400 with background server 420;
Card reader 400, is also used to obtain the encryption identity card information stored in resident identification card, and encryption identity card information is sent to electricity
Sub- signature device 410;Electronic signature equipment 410 is also used for the first transmission key and believes configuration information and encryption identity card
Breath is encrypted, and transmission ciphertext is obtained, and transmission ciphertext is sent to card reader 400;Card reader 400 is also used to that ciphertext will be transmitted
It is sent to background server 420;Background server 420 is also used to receive transmission ciphertext, and using the second transmission key to transmission
Ciphertext is decrypted, and obtains configuration information and encryption identity card information.
The identity card card-reading system provided through this embodiment, card reader are detecting that there are resident's bodies in readable range
When part card, the configuration information of resident identification card is just directly read, after receiving card reading instruction, need to only be obtained in resident identification card
The encryption identity card information of storage, so as to save the card reading time, improves user's body without reading configuration information again
It tests.Also, in the present embodiment, negotiates transmission key between electronic signature equipment and background server, in interactive process, lead to
It crosses the transmission key negotiated to encrypt the data of transmission, may further ensure that the transmission safety of information.
In an optional embodiment of the embodiment of the present invention, background server 420 and electronic signature equipment 410 pass through
Following manner obtains the second transmission key and the first transmission key: background server 420, asks for receiving exit passageway foundation
It asks, generates the first random factor, and the first random factor is sent to electronic signature equipment 410 by card reader 400;Electronics label
Name equipment 410 signs to the first data to be signed using the private key of electronic signature equipment 410 for the first random factor of reception,
The first signed data is generated, the first transmission data are sent to background server 420 by card reader 400, wherein first wait sign
Name data include at least the first random factor, and first sends data to less including the first signed data and electronic signature equipment 410
Digital certificate;Background server 420 is also used to receive the first transmission data, the number card of verifying electronic signature equipment 410
Book, after being verified, carrying out sign test operation to the first signed data terminates process if sign test does not pass through;If sign test
Pass through, then generates the second random factor, and third random factor is generated based on the first random factor and the second random factor, utilize
The public key encryption third random factor of electronic signature equipment 410, obtains encryption data, utilizes the private key pair of background server 420
Encryption data is signed, and the second signed data is obtained, and the second transmission key is calculated using third random factor, by second
Transmission data are sent to electronic signature equipment 410 by card reader 400, wherein the second transmission data include the second signed data,
The digital certificate of encryption data and background server 420;Electronic signature equipment 410 is also used to receive the second transmission data, verifying
The digital certificate of background server 420 carries out sign test operation to the second signed data after being verified, if sign test passes through,
Operation then is decrypted using the private key pair encryption data of electronic signature equipment 410, obtains third random factor, and utilize third
The first transmission key is calculated in random factor.
By the negotiation scheme for the transmission key that the embodiment provides, can be built between card reader and background server
Vertical exit passageway, the data encryption using transmission key to transmitting in exit passageway improve the safety of data transmission.And
And after card reader receives the first random factor that background server is sent, immediately using own private key to the first random factor
Server is back to after being signed, so that background server can receive card reader passback within the shortest time
First authentication data is simultaneously authenticated, and improves background server to the authentication efficiency of card reader, thus in card reader and backstage
The initial stage that server is mutually authenticated, background server determine whether card reader is legal, is then immediately finished stream if it is illegal
Journey is quickly judged by Replay Attack, and then disconnects the connection with illegal card reader, avoids illegal transaction to background server
Resource occupation.
In an optional embodiment of the embodiment of the present invention, background server 420 and electronic signature equipment 410 pass through
Following manner obtains the second transmission key and the first transmission key: background server 420, asks for receiving exit passageway foundation
It asks, generates the first random factor, and the first authentication data is sent to electronic signature equipment 410 by card reader 400, wherein
First authentication data includes at least: the digital certificate of the first random factor and background server 420;Electronic signature equipment 410 is used
In receiving the first authentication data, the digital certificate of background server 420 is verified, after being verified, generates the second random factor, and
Using the second random factor of public key encryption of background server 420, the first encryption data is obtained, to the first random factor and first
Encryption data is signed, and the first signed data is obtained, and the second authentication data card reader 400 is sent to background server 420,
And the first transmission key is calculated based on the second random factor, wherein the second authentication data includes the first signed data, first
The digital certificate of encryption data and electronic signature equipment 410;Background server 420 is also used to receive the second authentication data, verifying
The digital certificate of electronic signature equipment 410 carries out sign test to the first signed data after being verified, if sign test passes through,
Operation is decrypted to the first encryption data using the private key of background server 420, obtains the second random factor, based on second with
The second transmission key is calculated in the machine factor, if sign test does not pass through, terminates process.
In an optional embodiment of the embodiment of the present invention, card reader 400 obtains residential identity in the following manner
The encryption identity card information stored in card: encryption corresponding with configuration information whether is stored in inquiry electronic signature equipment 410
ID card information;In the case where being stored with encryption identity card information in determining electronic signature equipment 410, read by external interface
Take the encryption identity card information stored in electronic signature equipment 410;Without storage encryption body in determining electronic signature equipment 410
In the case where part card information, the card reading process of identity card is executed, reads the encryption identity card information in the first resident identification card, and
The encryption identity card information of reading is stored by external interface and is associated with into electronic signature equipment 410, and with configuration information.It is logical
The optional embodiment is crossed, the identity information of multiple resident identification cards can be stored in electronic signature equipment 410 simultaneously.
In an optional embodiment of the embodiment of the present invention, there is no storage configuration information in electronic signature equipment 410
In the case where, configuration information storage is included: in the following manner by external into electronic signature equipment 410 by card reader 400
Interface deletes the configuration information stored in electronic signature equipment 410 and encryption identity card information, and the configuration information of reading is stored
Into electronic signature equipment 410;Card reader 400 obtains the encryption identity card letter stored in resident identification card in the following manner
Breath: encryption identity card information whether is stored in inquiry electronic signature equipment 410;It is stored in determining electronic signature equipment 410
In the case where having encryption identity card information, the encryption identity card stored in electronic signature equipment 410 is read by external interface and is believed
Breath;In the case where in determining electronic signature equipment 410 without storage encryption identity card information, the card reading stream of identity card is executed
Journey reads the encryption identity card information in the first resident identification card, and the encryption identity card information of reading is passed through external interface
It stores in electronic signature equipment 410.Resident's body is only stored by the optional embodiment, in electronic signature equipment 410
The relevant information of part card, can save memory space, improve the safety of ID card information.
In an optional embodiment of the embodiment of the present invention, the encryption identity card that is stored in electronic signature equipment 410
Information includes multiple data packets;Electronic signature equipment 410 in the following manner carries out configuration information and encryption identity card information
Encryption, obtain transmission ciphertext, will transmission ciphertext be sent to card reader 400: using the first transmission key respectively to configuration information, plus
Each data of close ID card information are encrypted, and multiple encrypted packets are obtained, and multiple encrypted packets are sent to card reading
Device 400.By the optional embodiment, encryption identity card information is divided into multiple data packets and is transferred to background server, is being connect
When receiving the retransmission instructions of background server, do not need to re-read the information stored in resident identification card, and then can save
The card reading time improves user experience.
In an optional embodiment of the embodiment of the present invention, upon receipt platform server 420 send instruction weight
When passing the retransmission instructions of encryption identity card information, card reader 400 sends to electronic signature equipment 410 and requests, request retransmission instruction
Indicate the data packet for needing to retransmit;Electronic signature equipment 410 obtains the data packet that retransmission instructions instruction needs to retransmit, and uses first
The data packet that transmission key retransmits needs encrypts, and needs the data packet retransmitted to be sent to card reader for encrypted
400;Card reader 400 receives the data packet that the encrypted needs that electronic signature equipment 410 returns retransmit, and by encrypted need
The data packet retransmission to be retransmitted is to background server 420.In the optional embodiment, when retransmitting, card reader 100 is not needed
The information stored in resident identification card is re-read, and only needs to obtain the data packet for needing to retransmit from electronic signature equipment,
Process and card reading time have been saved, retransmission efficiency is improved.
In card reader 400, card reader 400 is also used to match in an optional embodiment of the embodiment of the present invention
Confidence breath and encryption identity card information are sent to after background server 420, do not detect residential identity in the given time
Card empties the configuration information and encryption identity card information of the resident identification card stored in electronic signature equipment 410.It is optional by this
Embodiment can delete the relevant information of the resident identification card stored in electronic signature equipment 410 in time, ensure that information
Safety.
In an optional embodiment of the embodiment of the present invention, card reader 400 is also used to by configuration information and encryption
ID card information is sent to after background server 420, obtains the identity card cleartext information encrypted from background server 420,
The identity card cleartext information of encryption is sent to electronic signature equipment 410;Electronic signature equipment 410 is also used to using the first transmission
The identity card cleartext information of key pair encryption is decrypted, and obtains identity card cleartext information, generates a random key, using with
Machine key pair identity card cleartext information is encrypted, and encrypted identity card cleartext information is stored.By the optional embodiment,
After the identity card cleartext information that platform server 110 returns after the acquisition of electronic signature equipment 410, by a random key to this
Identity card cleartext information carries out encryption storage, it is subsequent need to read same resident identification card when, can be directly from electronic signature
The identity card cleartext information is obtained in equipment 410, has saved card reading process, improves card reading efficiency.
In an optional embodiment of the embodiment of the present invention, card reader 400 is also used to receive the second residential identity
The card seeking that card returns responds instruction, reads the configuration information of the second resident identification card, judges whether deposit in electronic signature equipment 410
The configuration information currently read is contained, the card reading instruction for the terminal being attached thereto is received, is judging in electronic signature equipment 410
In the case where being stored with the configuration information currently read, judge whether electronic signature equipment 410 is stored with encrypted identity card
Cleartext information;In the case where being stored with encrypted identity card cleartext information in judging electronic signature equipment 410, from electronics label
Name equipment 410 obtains identity card cleartext information.Electronics is first inquired when receiving card reading instruction by the optional embodiment
Whether the identity card cleartext information of the resident identification card, no storage in the case where, Ke Yijin are stored in signature device 410
One step judges the encryption identity card information that the resident identification card whether is stored in electronic signature equipment 410, in the feelings that judgement has
Under condition, the encryption identity card information is obtained from electronic signature equipment 410, if the encryption identity card information is not stored, then
The encryption identity card information is read from resident identification card.And the residential identity is stored in judging electronic signature equipment 410
In the case where the identity card cleartext information of card, directly acquires the identity card cleartext information and export, so as to improve identity card
Card reading efficiency, save the time.
In an optional embodiment of the embodiment of the present invention, card reader 400 is also used to by encrypted identity card
After cleartext information storage is into electronic signature equipment 410, resident identification card is not detected in the given time, empties electronics
The encrypted identity card cleartext information stored in signature device 410;And/or electronic signature equipment 410 is also used in card reader
In the case that 400 do not detect that resident identification card or electronic signature equipment 410 execute before power-off operation in the given time, delete
Except random key.
In an optional embodiment of the embodiment of the present invention, background server 420 tests the first signed data
Label operation, comprising: background server 420 utilizes the electronics in the first random factor and the digital certificate of electronic signature equipment 410
The public key of signature device 410 carries out sign test operation to the first signed data;Electronic signature equipment 410 carries out the second signed data
Sign test operation, comprising: electronic signature equipment 410 is taken using the backstage in the digital certificate of encryption data and background server 420
The public key of business device 420 carries out sign test operation to the second signed data.
In an optional embodiment of the embodiment of the present invention, the first data to be signed further include: electronic signature equipment
410 the first identity;First sends data further include: the second identity of electronic signature equipment 410.
In an optional embodiment of the embodiment of the present invention, the first identity of electronic signature equipment 410 includes:
410 certificate number of 410 sequence number of electronic signature equipment and/or electronic signature equipment, the second identity of electronic signature equipment 410
It include: 410 certificate number of 410 sequence number of electronic signature equipment and/or electronic signature equipment, and 410 sequence number of electronic signature equipment
Have mapping relations with 410 certificate number of electronic signature equipment.
In an optional embodiment of the embodiment of the present invention, background server 420 tests the first signed data
Label operation, comprising: background server 420 utilizes the first random factor, the number of the second identity and electronic signature equipment 410
The public key of electronic signature equipment 410 in certificate carries out sign test operation to the first signed data.
Embodiment 5
Present embodiments provide the scheme of a kind of card reader during card reading and server negotiation transmission key.This implementation
The process that example mainly negotiates transmission key with server to electronic signature equipment is illustrated, and specific card reading process may refer to
Above-described embodiment, details are not described herein.
Fig. 5 is the flow diagram of card reading process provided in this embodiment, as shown in figure 5, the program mainly includes following
Step (501-512).
Step 501, be not provided with SAM module card reader receive card reading instruction after, send exit passageway establish request
To background server;
In an optional embodiment of the present embodiment, the card reader for being not provided with SAM module can be to be not provided with
The card reader of ID card of SAM module is used for reading identity card information, for ease of description, hereinafter referred to as card reader, the reading
Card device can be connect with background server by wired mode, can also wirelessly be connected, card reader can also access
The network equipment (such as computer, mobile phone terminal) establishes connection, this implementation with background server by way of the network equipment transmits
This is not restricted for example.Card reading instruction, which can be, to be received by card reader by input modules such as its included key, touch screens
User input instruction, be also possible to other equipment (such as computer, mobile phone terminal) connecting with card reader and be sent to identity
Card reader.In addition, SAM module is a module of existing card reader setting, SAM module is only used for the body read to card reader
Part card information carries out authentication.
Step 502, background server receives exit passageway and establishes request, generates the first random factor, and random by first
The factor is sent to card reader;
In an optional embodiment of the invention, it may include random that the first random factor, which is single authentication data,
Several and/or chance event, herein with no restrictions.First random factor may be one or a string of random numbers, or can be with
For one or any combination of a string of random characters or a string of random numbers and random combine.What background server generated every time
What the first random factor was all randomly generated, the first random factor generated with the last time is different, and can be prevented from resetting and be attacked
It hits, improves safety.
Step 503, card reader receives the first random factor, and the first random factor is sent to electronic signature equipment;
Electronic signature equipment can be the equipment with authentication, digital signature, such as USBkey (such as industrial and commercial bank
U-shield, agricultural bank's K treasured etc.), audio KEY, the equipment such as smart card with electronic signature functionality.In an optional implementation of the invention
In mode, electronic signature equipment can by the wired or wireless interface such as USB interface, audio interface, blue tooth interface, NFC interface with
Card reader connection, this is not restricted for the present embodiment.Due to not having safety chip in card reader, and electronic signature equipment has
There is safety chip, (Z8D64U (the close lot number SSX43 of state) of such as Guoming Technology Co., Ltd, (state is close by Z32 for the safety chip
Lot number SSX20)) it is internal possess independent processor and storage unit, PKI digital certificate and key can be stored and other are special
Data are levied, encryption and decryption operation is carried out to data, data encryption and identification safety authentication service is provided for user, protects business privacy
And data safety.Therefore, need to carry out in the present embodiment encryption and decryption, signature, sign test, the data of digital certificate authentication be both needed to by
Electronic signature equipment, to guarantee to interact safety between card reader and background server.
Step 504, electronic signature equipment receives the first random factor, using the private key of electronic signature equipment to first wait sign
Name data signature, generates the first signed data, the first transmission data is sent to card reader, wherein the first data to be signed are extremely
It less include the first random factor, first sends data to digital certificate less including the first signed data and electronic signature equipment;
In an optional embodiment of the present embodiment, the first data to be signed further include: the of electronic signature equipment
One identity, first sends data further include: the second identity of electronic signature equipment.Further, electronic signature is set
The first standby identity includes: electronic signature equipment sequence number and/or electronic signature equipment certificate number, electronic signature equipment
Second identity includes: electronic signature equipment sequence number and/or electronic signature equipment certificate number, and electronic signature equipment sequence
Number with electronic signature equipment certificate number have mapping relations, background server is stored with electronic signature equipment sequence number and electronics label
Name device certificate number has mapping relations, after background server receives electronic signature equipment sequence number, can pass through inquiry electricity
The mapping relations of sub- signature device sequence number and electronic signature equipment certificate number obtain electronic signature equipment certificate number, otherwise also
So, by electronic signature equipment sequence number and/or card reader certificate number, background server can the fixation and recognition electronic signature set
It is standby, and obtain the factory information of electronic signature equipment, history card reading information, history error message, history report information and history
The information such as Transaction Information, in order to which background server is demonstrate,proved using the electronic signature equipment sequence number or electronic signature equipment received
Book number realizes risk management.
Step 505, card reader receives first and sends data, and the first transmission data are sent to background server;
In the present embodiment, card reader is at least by the digital certificate of the electronic signature equipment comprising electronic signature equipment public key
It is sent to background server together with the first signed data, so that legitimacy of the background server to electronic signature equipment is tested
Card, ensure that the legitimacy and safety of transaction;Electronic signature equipment receives the first random factor of background server transmission
Afterwards, in addition to carry out at least to the signature operation of the first random factor other than, without other any operations, so that background service
Device can receive the first transmission data of card reader passback and be authenticated within the shortest time, improve background server
To the authentication efficiency of electronic signature equipment.
Step 506, background server receives first and sends data, verifies the digital certificate of electronic signature equipment, is verifying
By rear, carrying out sign test operation to the first signed data terminates process if sign test does not pass through;
In an optional embodiment of the present embodiment, background server can use root certificate to the electronics received
The digital certificate of signature device is verified, and to prevent illegal person from distorting the public key of electronic signature equipment, is realized to electronics label
The safety certification of name equipment, improves the safety of both sides' interaction.Background server is from authentication center (Certificate
Authority, abbreviation CA) downloading root certificate, root certificate is the basis that CA and user establish trusting relationship.If the verification passes,
Then continue follow-up process, if verifying does not pass through, process can be terminated at this moment, it is of course also possible to obstructed out-of-date in sign test
Terminate process.
In the present embodiment, is received from step step 501 background server and establish secure channel request and card reader foundation
Connection starts, to, when sign test does not pass through, end process, background server disconnects the connection with card reader, this process in step 506
Time-consuming very of short duration, background server can judge rapidly the signed data mistake of electronic signature equipment, the company of release and card reader
Connecting road therefore, can in the case where background server is by Replay Attack when Replay Attack equipment disguise as card reader
The interface channel with Replay Attack equipment is disconnected rapidly, mitigates Replay Attack to the occupancy of background server.And present technology
In, the sign test step for preventing Replay Attack is placed on to the middle section for the process for entirely establishing exit passageway generation transmission key very
To part rearward, can not quickly judge whether by repeat attack, since sign test step compares rearward, even if repeatedly being attacked
It hits, can not judge quickly, can only continue the step of being subsequently generated transmission key, and sign test step is entire in the present invention
Process most starts, can just verify at the first time electronic signature equipment identity it is illegal after, terminate subsequent operation,
Quickly judge by Replay Attack, and then disconnect the connection with illegal card reader, guarantees the safety of background server.
In an optional embodiment of the present embodiment, background server carries out sign test operation to the first signed data,
It include: public key of the background server using the electronic signature equipment in the first random factor and the digital certificate of electronic signature equipment
Sign test operation is carried out to the first signed data.Using the electronic signature equipment in the digital certificate of electronic signature equipment public key into
The operation of row sign test, has ensured in the case where background server does not prestore the digital certificate of electric signing tools, also achievable
Sign test operation.
In an optional embodiment of the present embodiment, when including the first identity in the first data to be signed, the
When including the second identity in one transmission data, it includes: backstage that background server, which carries out sign test operation to the first signed data,
Electronic signature equipment in the digital certificate of the first random factor of server by utilizing, the second identity and electronic signature equipment
Public key carries out sign test operation to the first signed data.Include the first identity in data to be signed, sign test result can be made more
Add accurately and reliably, after background server receives the second identity again, risk control pipe can also be carried out according to the second identity
Reason.
Step 507, if sign test passes through, background server generates the second random factor, and is based on the first random factor
Third random factor is generated with the second random factor to be added using the public key encryption third random factor of electronic signature equipment
Ciphertext data is signed using the private key pair encryption data of background server, obtains the second signed data, transmits data for second
It is sent to card reader, wherein the second transmission data include the number card of the second signed data, encryption data and background server
Book;
In the present embodiment, the second random factor is single authentication data, may include random number and/or chance event.
Second random factor may be one or a string of random numbers, can be perhaps one or a string of random characters or a string
Any combination of random number and random combine.After background server generates the second random factor, background server and electronic signature
Equipment the first random factor can be based on using the algorithm negotiated in advance and the second random factor generates third random factor, specifically
Algorithm there are many, the present embodiment with no restrictions, such as stitching algorithm, difference algorithm, slot algorithm etc., for example, first is random
The factor and the second random factor are N, it is preferable that are the formation efficiency for improving third random factor, by the first random factor
Carry out head and the tail splicing with the second random factor and generate 2N third random factors, or, by preceding X in the first random factor with
Rear Y in second random factor are spliced, and generate X+Y third random factors, wherein 1≤X≤N, 1≤Y≤N.?
After a series of verifyings in subsequent step, background server and electronic signature equipment can use the third random factor
Transmission key is generated using identical algorithm.
Step 508, the second transmission key is calculated using third random factor in background server;
In the present embodiment, background server can use the third random factor using identical as electronic signature equipment side
Algorithm generate transmission key, to guarantee that electronic signature equipment can be by card reader and background server and card reader using should
Transmission key carries out information exchange, carries out encryption and decryption to the data in transmission process by the transmission key, to guarantee to transmit number
According to safety.The step 508 and 509~step 511 of subsequent step sequence in no particular order.
Step 509, card reader receives the second transmission data, and the second transmission data are sent to electronic signature equipment;
Step 510, electronic signature equipment receives the second transmission data, verifies the digital certificate of background server, is verifying
By rear, sign test operation is carried out to the second signed data, if sign test passes through, utilizes the private key pair encryption of electronic signature equipment
Operation is decrypted in data, obtains third random factor;
In the present embodiment, electronic signature equipment can use digital certificate of the root certificate to the background server received
It is verified, to prevent illegal person from distorting the public key of background server, realizes the safety certification to background server, improved double
Just interactive safety.Electronic signature equipment is demonstrate,proved from authentication center (Certificate Authority, abbreviation CA) downloading root
Book, root certificate are the bases that CA and user establish trusting relationship.If the verification passes, then continue follow-up process, if verifying is not
Pass through, then terminate process, at this point, the connection of electronic signature equipment and background server disconnects, electronic signature equipment will not again to
Background server sends data, so that electronic signature equipment not will receive the attack of illegal background server.
In an optional embodiment of the present embodiment, electronic signature equipment carries out sign test behaviour to the second signed data
Make, comprising: electronic signature equipment utilizes the public key pair of the background server in the digital certificate of encryption data and background server
Second signed data carries out sign test operation.Sign test is carried out using the public key of the background server in the digital certificate of background server
Operation, has ensured in the case where electronic signature equipment does not prestore the digital certificate of background server, also achievable sign test behaviour
Make.Further, if the sign test of the second signed data can not pass through, terminate process, disconnect card reader and background server
Connection.
Step 511, the first transmission key is calculated using third random factor in electronic signature equipment;
In the present embodiment, electronic signature equipment can use the third random factor using identical as background server side
Algorithm generate transmission key, transmission key progress can be utilized by card reader and background server with electronic signature equipment
Information exchange carries out encryption and decryption to the data in transmission process by the transmission key, to guarantee the safety of transmission data.
As optional embodiment a kind of in the present embodiment, the first transmission key and the second transmission key can be identical
Transmission key, i.e. symmetric key, card reader and background server be utilized respectively the symmetric key to the data encrypting and deciphering of transmission;
Or one group include encryption key and decruption key key pair, card reader and background server can be utilized respectively wherein
Encryption key to transmission data encryption, using decruption key therein to transmission data deciphering.
Step 512, electronic signature equipment is using the first transmission key to the number transmitted between card reader and background server
According to encryption and decryption is carried out, background server carries out the data transmitted between card reader and background server using the second transmission key
Encryption and decryption.
In the present embodiment, carried out data transmission between electronic signature equipment and background server using transmission key, mentioned
The high safety of data transmission.
Embodiment 6
Present embodiments provide the scheme of a kind of card reader during card reading and server negotiation transmission key.This implementation
The process that example mainly negotiates transmission key with server to card reader is illustrated, and specific card reading process may refer to above-mentioned reality
Example is applied, details are not described herein.
Fig. 6 is the flow diagram of card reading process provided in this embodiment, as shown in fig. 6, the program mainly includes following
Step (601-616).
Step 601: the card reader for being not provided with SAM (ID card verification security control) module receives card reading instruction, will
Exit passageway establishes request and is sent to background server;
In the present embodiment, the card reader for being not provided with SAM module can be to be not provided with the card reader of SAM module, use
In reading identity card information, for ease of description, hereinafter referred to as card reader, the card reader can have reception card reading instruction
The input units such as key device, touch screen, when user inputs card reading instruction, card reader receives card reading instruction, card reader
Also it can have external communication interface, which connect with terminal, receives the card reading instruction that terminal is sent, and terminal can be
With carry out communication send instruction PC machine, PAD (tablet computer), smart phone, intelligence it is wearable set, electronic signature equipment
Equipment such as (such as industrial and commercial bank's U-shield, agricultural bank's K treasured etc.).In addition, SAM module is a module of existing card reader setting, SAM module
It is only used for carrying out authentication to the ID card information that card reader is read.
Step 602: after background server receives exit passageway foundation request, generating the first random factor;
In the present embodiment, the first random factor is single authentication data, may include random number and/or chance event,
Herein with no restrictions.First random factor may be one or a string of random numbers, or can be one or a string random
Any combination of character or a string of random numbers and random combine.The first random factor that background server generates every time is all
It generates at random, the first random factor generated with the last time is different, and can be prevented Replay Attack, be improved safety.
Step 603: the first authentication data is sent to card reader by background server, wherein the first authentication data is at least wrapped
It includes: the digital certificate of the first random factor and background server;
Step 604: after the card reader receives first authentication data, first authentication data being sent to electronics
Signature device;
Due to not having safety chip in card reader, and electronic signature equipment has safety chip, and the safety chip is (such as
Z8D64U (the close lot number SSX43 of state), the Z32 (the close lot number SSX20 of state) of Guoming Technology Co., Ltd) it is internal possess it is independent
Processor and storage unit can store PKI digital certificate and key and other characteristics, carry out encryption and decryption fortune to data
It calculates, provides data encryption and identification safety authentication service for user, protect business privacy and data safety.Therefore, the present embodiment
It is middle to need to carry out encryption and decryption, signature, sign test, the data of digital certificate authentication and be both needed to by electronic signature equipment, to guarantee card reading
Safety is interacted between device and background server.In an optional embodiment of the invention, electronic signature equipment can pass through
The wired or wireless interface such as USB interface, audio interface, blue tooth interface, NFC interface is connect with card reader, and the present embodiment is herein not
It is restricted.
In the present embodiment, the digital certificate of background server is sent to electronic signature equipment by card reader, so that electronics label
Name equipment verifies digital certificate, and whether the certificate to confirm background server is legal;First random factor is sent to
Electronic signature equipment so that electronic signature equipment signs to first random factor, background server pass through again this first
Random factor carries out sign test to signature, so that the identity security of background server confirmation electronic signature equipment, and can prevent
Replay Attack.
Step 605: after electronic signature equipment receives the first authentication data, to the legal of the digital certificate of background server
Property verified, if the verification passes, then follow the steps 606, otherwise, terminate process;
In the specific implementation, electronic signature equipment can use digital certificate of the root certificate to the background server received
It is verified, to prevent illegal person from distorting the public key of background server, realizes the safety certification to background server, improved double
Just interactive safety.Electronic signature equipment is demonstrate,proved from authentication center (Certificate Authority, abbreviation CA) downloading root
Book, root certificate are the bases that CA and user establish trusting relationship.If the verification passes, then continue follow-up process, if verifying is not
Pass through, then terminate process, at this point, the connection of background server and card reader and electronic signature equipment disconnects, card reader will not
Data are sent to background server again, so that card reader not will receive the attack of illegal background server.
Step 606: after being verified, electronic signature equipment generates the second random factor;
In the present embodiment, the second random factor is single authentication data, may include random number and/or chance event.
Second random factor may be one or a string of random numbers, can be perhaps one or a string of random characters or a string
Any combination of random number and random combine.
After through a series of verifyings in subsequent step, background server and electronic signature equipment can use this
Two random factors generate transmission key using identical algorithm.
Step 607: electronic signature equipment is using the public key of the background server in the digital certificate of background server to the
Two random factors carry out cryptographic operation, generate the first encryption data E1;
In the present embodiment, electronic signature equipment and background server are based on the second random factor and calculate transmission key,
Therefore, the second random factor, which is not stolen, to be guaranteed to the encryption of the second random factor, to guarantee that electronic signature equipment is being incited somebody to action
Second random factor is transmitted to the safety during background server, and then guarantees electronic signature equipment and background server
Generate the safety and reliability of transmission key.
Step 608: electronic signature equipment signs to the first random factor and the first encryption data, generates the first signature
Data;
In the present embodiment, card reader is signed after merging the first random factor and the first encryption data, can be made
Sign test result is more accurate and reliable.
Step 609: the second authentication data is sent to card reader by electronic signature equipment, wherein the second authentication data is at least
It include: the digital certificate of the first encryption data, the first signed data and electronic signature equipment;
In the present embodiment, its digital certificate is sent to background server by card reader by electronic signature equipment, so that after
Platform server verifies digital certificate, and whether the certificate to confirm electronic signature equipment is legal;First encryption data is sent out
It send to background server, so that background server carries out sign test to the first signed data using first encryption data, with confirmation
The identity security of electronic signature equipment.
Step 610: after card reader receives the second authentication data, the second authentication data being sent to background server;
Step 611: background server receives the second authentication data, to the legitimacy of the digital certificate of electronic signature equipment into
Row verifying;
In the specific implementation, background server can use digital certificate of the root certificate to the electronic signature equipment received
It is verified, to prevent illegal person from distorting the public key of electronic signature equipment, realizes to the safety certification of electronic signature equipment, mention
The safety of high both sides' interaction.Background server is demonstrate,proved from authentication center (Certificate Authority, abbreviation CA) downloading root
Book, root certificate are the bases that CA and user establish trusting relationship.If the verification passes, then continue follow-up process, if verifying is not
Pass through, then terminates process.At this point, the connection of background server and card reader and electronic signature equipment disconnects, background server
Data will not be sent to card reader again, so that background server not will receive illegal card reader and illegal electronic signature is set
Standby attack.
Step 612: after being verified, background server carries out sign test to the first signed data;If sign test does not pass through,
Terminate process;If sign test passes through, 613 are thened follow the steps;
In the present embodiment, background server carries out sign test to the first signed data, comprising: background server utilizes first
The public key of electronic signature equipment in the digital certificate of encryption data and electronic signature equipment tests the first signed data
Label, specific sign test mode are the prior art, and details are not described herein again.
In the present embodiment, if sign test passes through, show that the first signed data is signed by electronic signature equipment,
Further realize the safety certification to electronic signature equipment;If sign test does not pass through, terminate process, at this point, background service
The connection of device and card reader and electronic signature equipment disconnects, and background server will not send data to card reader again, to make
Obtaining background server not will receive the attack of illegal card reader and illegal electronic signature device.
Step 613: background server is decrypted the first encryption data using the private key of background server, obtains second
Random factor;
Step 614: background server is based on the second random factor and the second transmission key is calculated;
In the present embodiment, background server can use second random factor using identical as electronic signature equipment side
Algorithm generate transmission key, to guarantee between background server and card reader that information friendship can be carried out by the transmission key
Mutually, encryption and decryption is carried out to the data in transmission process by the transmission key, to guarantee the safety of transmission data.
Step 615: electronic signature equipment is based on the second random factor and the first transmission key is calculated;
In the present embodiment, electronic signature equipment can use second random factor using identical as background server side
Algorithm generate transmission key, to guarantee between background server and card reader that information friendship can be carried out by the transmission key
Mutually, encryption and decryption is carried out to the data in transmission process by the transmission key, to guarantee the safety of transmission data.The step
615 with step 609~step 614 in no particular order sequence.
As optional embodiment a kind of in the present embodiment, the first transmission key and the second transmission key can be identical
Transmission key, i.e. symmetric key, electronic signature equipment and background server be utilized respectively the symmetric key to the data of transmission
Encryption and decryption;Or one group include encryption key and decruption key key pair, electronic signature equipment and background server can
To be utilized respectively encryption key therein to transmission data encryption, using decruption key therein to transmission data deciphering.
Step 616: electronic signature equipment is using the first transmission key to the number transmitted between card reader and background server
According to encryption and decryption is carried out, background server carries out the data transmitted between card reader and background server using the second transmission key
Encryption and decryption.
The method of the ID card information safe transmission provided through this embodiment can use electronic signature equipment in card reading
Exit passageway is established between device and background server, the data encryption using transmission key to transmitting in exit passageway improves
The safety of data transmission.
Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes
It is one or more for realizing specific logical function or process the step of executable instruction code module, segment or portion
Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussed suitable
Sequence, including according to related function by it is basic simultaneously in the way of or in the opposite order, Lai Zhihang function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries
It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium
In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any
One or more embodiment or examples in can be combined in any suitable manner.
Although the embodiments of the present invention has been shown and described above, it is to be understood that above-described embodiment is example
Property, it is not considered as limiting the invention, those skilled in the art are not departing from the principle of the present invention and objective
In the case where can make changes, modifications, alterations, and variations to the above described embodiments within the scope of the invention.The scope of the present invention
By appended claims and its equivalent limit.
Claims (30)
1. a kind of identity card card reading method, which is characterized in that the described method includes:
The card reader for being not provided with security control SAM module receives the card seeking response instruction of the first resident identification card return,
In, the information stored in first resident identification card includes: matching with first resident identification card of clear-text way storage
Encryption identity card information confidence breath and stored with encrypted test mode;
The card reader reads the configuration information of first resident identification card, wherein the configuration of first resident identification card
Information includes: the sequence number of first resident identification card, is used to indicate the application being arranged in first resident identification card
The transport protocol of relevant information used using data and first resident identification card;
The card reader inquires in electronic signature equipment whether be stored with the configuration information by external interface, in the electronics
In the case that signature device does not store the configuration information, the configuration information is stored to described by the external interface
In electronic signature equipment;
The card reader receives card reading instruction, sends exit passageway and establishes request to background server;
The background server is held consultation by the card reader and the electronic signature equipment, and the electronic signature equipment obtains
To the first transmission key, the background server obtains the second transmission key;
The card reader obtains the encryption identity card information stored in the resident identification card, and the encryption identity card information is sent out
Give the electronic signature equipment;
The electronic signature equipment using first transmission key to the configuration information and the encryption identity card information into
Row encryption obtains transmission ciphertext, the transmission ciphertext is sent to the card reader;
The transmission ciphertext is sent to background server by the card reader;
The background server receives the transmission ciphertext, and is solved using second transmission key to the transmission ciphertext
It is close, obtain the configuration information and the encryption identity card information;
The configuration information and the encryption identity card information are sent to SAM module by the background server;
The SAM module is decoded the encryption identity card information according to the configuration information, obtains first resident
The identity card cleartext information is returned to the background server by the identity card cleartext information of identity card.
2. the method according to claim 1, wherein the background server passes through the card reader and the electricity
Sub- signature device is held consultation, and the electronic signature equipment obtains the first transmission key, and the background server obtains the second biography
Defeated key, comprising:
The card reader sends exit passageway and establishes request to background server;
The background server receives the exit passageway and establishes request, generates the first random factor, and random by described first
The factor is sent to the card reader;
The card reader receives first random factor, and first random factor is sent to electronic signature equipment;
The electronic signature equipment receives first random factor, using the private key of the electronic signature equipment to first wait sign
Name data signature, generates the first signed data, the first transmission data is sent to the card reader, wherein described first wait sign
Name data include at least first random factor, and described first to send data to include first signed data and described less
The digital certificate of electronic signature equipment;
The card reader receives described first and sends data, and the first transmission data are sent to the background server;
The background server receives described first and sends data, verifies the digital certificate of the electronic signature equipment, is verifying
By rear, carrying out sign test operation to first signed data terminates process if sign test does not pass through;
If sign test passes through, the background server generates the second random factor, and based on first random factor and the
Two random factors generate third random factor, and third random factor described in the public key encryption using the electronic signature equipment obtains
It to encryption data, is signed using the private key of the background server to the encryption data, obtains the second signed data, benefit
The second transmission key is calculated with the third random factor, the second transmission data are sent to the card reader,
In, the second transmission data include the number card of second signed data, the encryption data and the background server
Book;
The card reader receives the second transmission data, and the second transmission data are sent to the electronic signature equipment;
The electronic signature equipment receives the second transmission data, verifies the digital certificate of the background server, is verifying
By rear, sign test operation is carried out to second signed data, if sign test passes through, utilizes the private of the electronic signature equipment
Operation is decrypted to the encryption data in key, obtains the third random factor, and calculate using the third random factor
Obtain the first transmission key.
3. the method according to claim 1, wherein the background server passes through the card reader and the electricity
Sub- signature device is held consultation, and the electronic signature equipment obtains the first transmission key, and the background server obtains the second biography
Defeated key, comprising:
The card reader sends exit passageway and establishes request to background server;
The background server receives the exit passageway and establishes request, generates the first random factor, and by the first authentication data
It is sent to the card reader, wherein first authentication data includes at least: first random factor and the background service
The digital certificate of device;
After the card reader receives first authentication data, first authentication data is sent to electronic signature equipment;
The electronic signature equipment receives first authentication data, verifies the digital certificate of the background server, and verifying is logical
Later, the second random factor is generated, and using the second random factor described in the public key encryption of the background server, obtains first
Encryption data signs to first random factor and first encryption data, obtains the first signed data, by second
Authentication data is sent to the card reader, and the first transmission key is calculated based on second random factor, wherein described
Second authentication data includes the number card of first signed data, first encryption data and the electronic signature equipment
Book;
After the card reader receives second authentication data, second authentication data is sent to the background server;
The background server receives second authentication data, verifies the digital certificate of the electronic signature equipment, is verifying
By rear, sign test is carried out to first signed data, if sign test passes through, using the private key of the background server to institute
It states the first encryption data and operation is decrypted, obtaining second random factor if sign test does not pass through terminates process;
The background server is based on second random factor and the second transmission key is calculated.
4. the method according to claim 1, which is characterized in that the card reader obtains the encryption stored in the resident identification card
ID card information includes:
The card reader inquires in the electronic signature equipment whether be stored with encryption identity card corresponding with the configuration information
Information;
In the case where being stored with the encryption identity card information in determining the electronic signature equipment, pass through the external interface
Read the encryption identity card information stored in the electronic signature equipment;
In the case where in determining the electronic signature equipment without storing the encryption identity card information, the card reader is executed
The card reading process of identity card, reads the encryption identity card information in first resident identification card, and by the encryption of reading
ID card information is stored by the external interface and is associated with into the electronic signature equipment, and with the configuration information.
5. the method according to claim 1, wherein
In the case where the electronic signature equipment does not store the configuration information, by the external interface by the configuration
Information storage includes: that the card reader is set by the external interface deletion electronic signature into the electronic signature equipment
The configuration information and encryption identity card information of standby middle storage, by the configuration information storage of reading to the electronic signature equipment
In;
The card reader obtains the encryption identity card information stored in the resident identification card
The card reader inquires in the electronic signature equipment whether be stored with encryption identity card information;
In the case where being stored with the encryption identity card information in determining the electronic signature equipment, pass through the external interface
Read the encryption identity card information stored in the electronic signature equipment;
In the case where in determining the electronic signature equipment without storing the encryption identity card information, the card reader is executed
The card reading process of identity card, reads the encryption identity card information in first resident identification card, and by the encryption of reading
ID card information is stored by the external interface into the electronic signature equipment.
6. method according to claim 4 or 5, which is characterized in that
The encryption identity card information stored in the electronic signature equipment includes multiple data packets;
The electronic signature equipment using first transmission key to the configuration information and the encryption identity card information into
Row encryption, obtain transmission ciphertext, the transmission ciphertext is sent to the card reader: the electronic signature equipment uses described the
One transmission key respectively encrypts each data of the configuration information, the encryption identity card information, obtains multiple add
Multiple encrypted packets are sent to the card reader by ciphertext data packet.
7. according to the method described in claim 6, it is characterized in that, the method also includes:
When receiving the retransmission instructions for the instruction re-transmission encryption identity card information that the background server is sent, the reading
Card device sends to the electronic signature equipment and requests, the data packet for requesting the retransmission instructions instruction to need to retransmit;
The electronic signature equipment obtains the data packet that the retransmission instructions instruction needs to retransmit, and uses first transmission key
It needs the data packet retransmitted to encrypt to described, and needs the data packet retransmitted to be sent to the card reader for encrypted;
The card reader receives the data packet that the encrypted needs that the electronic signature equipment returns retransmit, and by the encryption
The data packet retransmission that needs afterwards retransmit gives the background server.
8. method according to any one of claims 1 to 5, which is characterized in that in the card reader by the configuration information
After being sent to the background server with the encryption identity card information, the method also includes:
The card reader does not detect resident identification card in the given time, empties the residence stored in the electronic signature equipment
The configuration information and encryption identity card information of people's identity card.
9. method according to any one of claims 1 to 5, which is characterized in that in the card reader by the configuration information
After being sent to the background server with the encryption identity card information, the method also includes:
The card reader obtains the identity card cleartext information encrypted from the background server;
The identity card cleartext information of the encryption is sent to the electronic signature equipment by the card reader;
The electronic signature equipment is decrypted the identity card cleartext information of the encryption using first transmission key, obtains
To the identity card cleartext information;
The electronic signature equipment generates a random key;
The electronic signature equipment encrypts the identity card cleartext information using the random key;
The electronic signature equipment stores the encrypted identity card cleartext information.
10. according to the method described in claim 9, it is characterized in that, encrypted described in electronic signature equipment storage
After identity card cleartext information, the method also includes:
The card reader receives the card seeking response instruction of the second resident identification card return;
The card reader reads the configuration information of second resident identification card;
The card reader judges the configuration information currently read whether is stored in the electronic signature equipment;
The card reader receives the card reading instruction for the terminal being attached thereto;
In the case where judging to be stored with the configuration information currently read in the electronic signature equipment, the electronics is judged
Whether signature device is stored with the encrypted identity card cleartext information;
In the case where being stored with the encrypted identity card cleartext information in judging the electronic signature equipment, from the electricity
Sub- signature device obtains the identity card cleartext information.
11. according to the method described in claim 9, it is characterized in that, in the electronic signature equipment by the encrypted body
After part card cleartext information storage is into the electronic signature equipment, the method also includes:
The card reader does not detect resident identification card in the given time, empties adding for the interior storage of the electronic signature equipment
Identity card cleartext information after close;And/or
The card reader does not detect that resident identification card or the electronic signature equipment execute power-off operation in the given time
Before in the case where, the electronic signature equipment deletes the random key.
12. according to the method described in claim 2, it is characterized in that,
The background server carries out sign test operation to first signed data, comprising:
The background server utilizes the electricity in first random factor and the digital certificate of the electronic signature equipment
The public key of sub- signature device carries out sign test operation to first signed data;
The electronic signature equipment carries out sign test operation to second signed data, comprising:
The electronic signature equipment is taken using the backstage in the digital certificate of the encryption data and the background server
The public key of business device carries out sign test operation to second signed data.
13. according to the method described in claim 2, it is characterized in that,
First data to be signed further include: the first identity of the electronic signature equipment;Described first sends data
Further include: the second identity of the electronic signature equipment.
14. according to the method for claim 13, which is characterized in that
First identity of the electronic signature equipment includes: electronic signature equipment sequence number and/or electronic signature equipment card
Book number, the second identity of the electronic signature equipment include: the electronic signature equipment sequence number and/or the electronics label
Name device certificate number, and the electronic signature equipment sequence number and the electronic signature equipment certificate number have mapping relations.
15. method described in 3 or 14 according to claim 1, which is characterized in that
The background server carries out sign test operation to first signed data, comprising:
The background server utilizes first random factor, the number of second identity and the electronic signature equipment
The public key of the electronic signature equipment in word certificate carries out sign test operation to first signed data.
16. a kind of identity card card-reading system, which is characterized in that the system comprises:
It is not provided with the card reader of security control SAM module, the card seeking response for receiving the return of the first resident identification card refers to
It enables, reads the configuration information of first resident identification card, then inquire in electronic signature equipment and whether store by external interface
There is the configuration information, in the case where the electronic signature equipment does not store the configuration information, by described to external
Mouth is by configuration information storage into the electronic signature equipment, wherein the information stored in first resident identification card
It include: with the configuration information of first resident identification card of clear-text way storage and the encryption identity card stored with encrypted test mode
Information, the configuration information of first resident identification card include: the sequence number of first resident identification card, be used to indicate it is described
The biography of the relevant information for the application being arranged in first resident identification card used using data and first resident identification card
Defeated agreement;
The card reader is also used to receive card reading instruction, sends exit passageway and establishes request to background server;
The background server obtains the second transmission for holding consultation by the card reader and the electronic signature equipment
Key;
The electronic signature equipment obtains the first transmission for holding consultation by the card reader and the background server
Key;
The card reader is also used to obtain the encryption identity card information stored in the resident identification card, by the crypto identity
Card information is sent to the electronic signature equipment;
The electronic signature equipment is also used for first transmission key to the configuration information and the encryption identity card
Information is encrypted, and obtains transmission ciphertext, the transmission ciphertext is sent to the card reader;
The card reader is also used to the transmission ciphertext being sent to background server;
The background server is also used to receive the transmission ciphertext, and close to the transmission using second transmission key
Text is decrypted, and obtains the configuration information and the encryption identity card information;
The background server is also used to the configuration information and the encryption identity card information being sent to SAM module;
The SAM module obtains described first for being decoded according to the configuration information to the encryption identity card information
The identity card cleartext information is returned to the background server by the identity card cleartext information of resident identification card.
17. system according to claim 16, which is characterized in that the background server and the electronic signature equipment are logical
It crosses following manner and obtains second transmission key and the first transmission key:
The background server establishes request for receiving the exit passageway, generates the first random factor, and by described first
Random factor is sent to the electronic signature equipment by the card reader;
The electronic signature equipment, for receiving first random factor, using the private key of the electronic signature equipment to
One data to be signed signature, generates the first signed data, and the first transmission data are sent to the backstage by the card reader
Server, wherein first data to be signed include at least first random factor, and described first sends data to Shao Bao
Include the digital certificate of first signed data and the electronic signature equipment;
The background server is also used to receive described first and sends data, verifies the digital certificate of the electronic signature equipment,
After being verified, carrying out sign test operation to first signed data terminates process if sign test does not pass through;If tested
Label pass through, then generate the second random factor, and based on first random factor and the second random factor generate third it is random because
Son, third random factor described in the public key encryption using the electronic signature equipment, obtains encryption data, utilizes backstage clothes
The private key of business device signs to the encryption data, obtains the second signed data, is calculated using the third random factor
To the second transmission key, the second transmission data are sent to the electronic signature equipment by the card reader, wherein institute
State the digital certificate that the second transmission data include second signed data, the encryption data and the background server;
The electronic signature equipment is also used to receive the second transmission data, verifies the digital certificate of the background server,
After being verified, sign test operation is carried out to second signed data, if sign test passes through, is set using the electronic signature
Operation is decrypted to the encryption data in standby private key, obtains the third random factor, and using the third it is random because
The first transmission key is calculated in son.
18. system according to claim 17, which is characterized in that the background server and the electronic signature equipment are logical
It crosses following manner and obtains second transmission key and the first transmission key:
The background server establishes request for receiving the exit passageway, generates the first random factor, and first is authenticated
Data are sent to the electronic signature equipment by the card reader, wherein first authentication data includes at least: described
The digital certificate of one random factor and the background server;
The electronic signature equipment is verified the digital certificate of the background server, is tested for receiving first authentication data
After card passes through, the second random factor is generated, and using the second random factor described in the public key encryption of the background server, is obtained
First encryption data signs to first random factor and first encryption data, obtains the first signed data, will
Card reader described in second authentication data is sent to the background server, and is calculated first based on second random factor
Transmission key, wherein second authentication data includes first signed data, first encryption data and the electronics
The digital certificate of signature device;
The background server is also used to receive second authentication data, verifies the digital certificate of the electronic signature equipment,
After being verified, sign test is carried out to first signed data, if sign test passes through, utilizes the private of the background server
Operation is decrypted to first encryption data in key, obtains second random factor, based on second random factor
Calculation obtains the second transmission key, if sign test does not pass through, terminates process.
19. system according to claim 16, which is characterized in that the card reader obtains the resident in the following manner
The encryption identity card information stored in identity card:
It inquires in the electronic signature equipment and whether is stored with encryption identity card information corresponding with the configuration information;
In the case where being stored with the encryption identity card information in determining the electronic signature equipment, pass through the external interface
Read the encryption identity card information stored in the electronic signature equipment;
In the case where in determining the electronic signature equipment without storing the encryption identity card information, the reading of identity card is executed
Card process, reads the encryption identity card information in first resident identification card, and by the encryption identity card information of reading
It is associated with into the electronic signature equipment, and with the configuration information by external interface storage.
20. system according to claim 16, which is characterized in that
In the case where the electronic signature equipment does not store the configuration information, the card reader is in the following manner by institute
Stating configuration information storage includes: to be deleted in the electronic signature equipment by the external interface into the electronic signature equipment
The configuration information and encryption identity card information of storage store the configuration information of reading into the electronic signature equipment;
The card reader obtains the encryption identity card information stored in the resident identification card in the following manner:
It inquires and whether is stored with encryption identity card information in the electronic signature equipment;
In the case where being stored with the encryption identity card information in determining the electronic signature equipment, pass through the external interface
Read the encryption identity card information stored in the electronic signature equipment;
In the case where in determining the electronic signature equipment without storing the encryption identity card information, the reading of identity card is executed
Card process, reads the encryption identity card information in first resident identification card, and by the encryption identity card information of reading
Through external interface storage into the electronic signature equipment.
21. system described in 9 or 20 according to claim 1, which is characterized in that
The encryption identity card information stored in the electronic signature equipment includes multiple data packets;
The electronic signature equipment in the following manner encrypts the configuration information and the encryption identity card information, obtains
To transmission ciphertext, the transmission ciphertext is sent to the card reader: using first transmission key respectively to the configuration
Information, each data of the encryption identity card information are encrypted, and multiple encrypted packets are obtained, by multiple encrypted packets
It is sent to the card reader.
22. system according to claim 21, which is characterized in that
When receiving the retransmission instructions for the instruction re-transmission encryption identity card information that the background server is sent, the reading
Card device sends to the electronic signature equipment and requests, the data packet for requesting the retransmission instructions instruction to need to retransmit;
The electronic signature equipment obtains the data packet that the retransmission instructions instruction needs to retransmit, and uses first transmission key
It needs the data packet retransmitted to encrypt to described, and needs the data packet retransmitted to be sent to the card reader for encrypted;
The card reader receives the data packet that the encrypted needs that the electronic signature equipment returns retransmit, and by the encryption
The data packet retransmission that needs afterwards retransmit gives the background server.
23. 6 to 20 described in any item systems according to claim 1, which is characterized in that the card reader is also used to will be described
Configuration information and the encryption identity card information are sent to after the background server, do not detect residence in the given time
People's identity card empties the configuration information and encryption identity card information of the resident identification card stored in the electronic signature equipment.
24. 6 to 20 described in any item systems according to claim 1, which is characterized in that
The card reader is also used to the configuration information and the encryption identity card information being sent to the background server
Later, the identity card cleartext information encrypted from the background server is obtained, the identity card cleartext information of the encryption is sent out
Give the electronic signature equipment;
The electronic signature equipment is also used to carry out using identity card cleartext information of first transmission key to the encryption
Decryption, obtains the identity card cleartext information, generates a random key, using the random key to the identity card plaintext
Information is encrypted, and the encrypted identity card cleartext information is stored.
25. system according to claim 24, which is characterized in that
The card reader is also used to receive the card seeking response instruction of the second resident identification card return, reads the second resident body
The configuration information of part card, judges whether be stored with the configuration information currently read in the electronic signature equipment, receives
The card reading for the terminal being attached thereto instructs, and is judging to be stored with the configuration information currently read in the electronic signature equipment
In the case where, judge whether the electronic signature equipment is stored with the encrypted identity card cleartext information;Described in judgement
In the case where being stored with the encrypted identity card cleartext information in electronic signature equipment, obtained from the electronic signature equipment
The identity card cleartext information.
26. system according to claim 25, which is characterized in that
The card reader is also used to the encrypted identity card cleartext information storing into the electronic signature equipment it
Afterwards, resident identification card is not detected in the given time, empties the encrypted identity stored in the electronic signature equipment
Demonstrate,prove cleartext information;And/or
The electronic signature equipment is also used to not detect resident identification card or described in the given time in the card reader
In the case that electronic signature equipment executes before power-off operation, the random key is deleted.
27. system according to claim 17, which is characterized in that
The background server carries out sign test operation to first signed data, comprising:
The background server utilizes the electricity in first random factor and the digital certificate of the electronic signature equipment
The public key of sub- signature device carries out sign test operation to first signed data;
The electronic signature equipment carries out sign test operation to second signed data, comprising:
The electronic signature equipment is taken using the backstage in the digital certificate of the encryption data and the background server
The public key of business device carries out sign test operation to second signed data.
28. system according to claim 17, which is characterized in that
First data to be signed further include: the first identity of the electronic signature equipment;Described first sends data
Further include: the second identity of the electronic signature equipment.
29. system according to claim 28, which is characterized in that
First identity of the electronic signature equipment includes: electronic signature equipment sequence number and/or electronic signature equipment card
Book number, the second identity of the electronic signature equipment include: the electronic signature equipment sequence number and/or the electronics label
Name device certificate number, and the electronic signature equipment sequence number and the electronic signature equipment certificate number have mapping relations.
30. the system according to claim 28 or 29, which is characterized in that
The background server carries out sign test operation to first signed data, comprising:
The background server utilizes first random factor, the number of second identity and the electronic signature equipment
The public key of the electronic signature equipment in word certificate carries out sign test operation to first signed data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510765066.4A CN106027249B (en) | 2015-11-10 | 2015-11-10 | Identity card card reading method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510765066.4A CN106027249B (en) | 2015-11-10 | 2015-11-10 | Identity card card reading method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106027249A CN106027249A (en) | 2016-10-12 |
CN106027249B true CN106027249B (en) | 2019-09-06 |
Family
ID=57082600
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510765066.4A Active CN106027249B (en) | 2015-11-10 | 2015-11-10 | Identity card card reading method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106027249B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108075887A (en) * | 2016-11-15 | 2018-05-25 | 北京维森科技有限公司 | For method, cloud platform, user equipment and the system of CPU card encryption certification |
CN106652134A (en) * | 2016-12-19 | 2017-05-10 | 北京公共交通控股(集团)有限公司 | Vehicle identification and control system and method of bus station |
CN107404478B (en) * | 2017-07-21 | 2020-09-25 | 金联汇通信息技术有限公司 | eID coding query method, system and corresponding server thereof |
CN107809432A (en) * | 2017-11-06 | 2018-03-16 | 广州市森锐科技股份有限公司 | A kind of acquisition of ID card information and anti-tamper system and method |
CN109101821A (en) * | 2018-06-26 | 2018-12-28 | 上海常仁信息科技有限公司 | A kind of robot ID card information acquisition system and method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104618115A (en) * | 2015-01-27 | 2015-05-13 | 李明 | Identity card information obtaining method and system |
CN104636777A (en) * | 2015-01-15 | 2015-05-20 | 李明 | Identity card information obtaining system |
CN104639538A (en) * | 2015-01-15 | 2015-05-20 | 李明 | Identity card information obtaining method and system |
CN104820814A (en) * | 2015-05-07 | 2015-08-05 | 熊小军 | Second-generation ID card anti-counterfeiting verification system |
CN104966035A (en) * | 2015-05-20 | 2015-10-07 | 李明 | Identity card information acquiring method, device, and system |
-
2015
- 2015-11-10 CN CN201510765066.4A patent/CN106027249B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104636777A (en) * | 2015-01-15 | 2015-05-20 | 李明 | Identity card information obtaining system |
CN104639538A (en) * | 2015-01-15 | 2015-05-20 | 李明 | Identity card information obtaining method and system |
CN104618115A (en) * | 2015-01-27 | 2015-05-13 | 李明 | Identity card information obtaining method and system |
CN104820814A (en) * | 2015-05-07 | 2015-08-05 | 熊小军 | Second-generation ID card anti-counterfeiting verification system |
CN104966035A (en) * | 2015-05-20 | 2015-10-07 | 李明 | Identity card information acquiring method, device, and system |
Non-Patent Citations (1)
Title |
---|
"华视CVR-100U/D身份证阅读器使用手册";bj520042;《http://jz.docin.com/p-1338133128.html》;20151029;第6页倒数第1段,第8页倒数第4段 |
Also Published As
Publication number | Publication date |
---|---|
CN106027249A (en) | 2016-10-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101802682B1 (en) | Systems and methods for linking devices to user accounts | |
CN108270571B (en) | Internet of Things identity authorization system and its method based on block chain | |
CN106156677B (en) | Identity card card reading method and system | |
CN106027250B (en) | A kind of ID card information safe transmission method and system | |
CN105050081B (en) | Method, device and system for connecting network access device to wireless network access point | |
CN103621127B (en) | For the access point controller of wireless authentication, method and integrated circuit | |
CN103501191B (en) | A kind of mobile payment device based on NFC technology and method thereof | |
CN106027249B (en) | Identity card card reading method and system | |
CN106027457B (en) | A kind of ID card information transmission method and system | |
CN106527673A (en) | Method and apparatus for binding wearable device, and electronic payment method and apparatus | |
CN108881304A (en) | A kind of pair of internet of things equipment carries out the method and system of safety management | |
EP1349034A2 (en) | Service providing system in which services are provided from service provider apparatus to service user apparatus via network | |
CN109949461B (en) | Unlocking method and device | |
CN103714639A (en) | Method and system enabling safe operation of POS terminal to be achieved | |
CN103532719B (en) | Dynamic password generation method, dynamic password generation system, as well as processing method and processing system of transaction request | |
CN105488367B (en) | A kind of guard method, backstage and the system of SAM device | |
CN106161032A (en) | A kind of identity authentication method and device | |
CN105827656B (en) | Identity identifying method and device based on NFC payment | |
CN103780620B (en) | Network security method and network security system | |
CN106789024B (en) | A kind of remote de-locking method, device and system | |
CN113689607A (en) | Intelligent door lock code scanning unlocking method and system based on application program | |
CN106878122A (en) | A kind of method for network access and system | |
CN106056014B (en) | Identity card card reading method, system and card reader | |
CN101425901A (en) | Control method and device for customer identity verification in processing terminals | |
CN104715360B (en) | Cash collecting system is paid without card and pays cashing method without card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |