CN106027457A - Identity card information transmission method and system - Google Patents
Identity card information transmission method and system Download PDFInfo
- Publication number
- CN106027457A CN106027457A CN201510765362.4A CN201510765362A CN106027457A CN 106027457 A CN106027457 A CN 106027457A CN 201510765362 A CN201510765362 A CN 201510765362A CN 106027457 A CN106027457 A CN 106027457A
- Authority
- CN
- China
- Prior art keywords
- electronic signature
- data
- card reader
- background server
- signature equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0457—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Abstract
The invention provides an identity card information transmission method and system, and the method comprises the steps: transmitting a safety channel building request to a background server if a card reader receives a card reading instruction; enabling the background server to generate a first random factor and to transmit the first random factor to the card reader; enabling the card reader to transmit the first random factor to electronic signature equipment; enabling the electronic signature equipment to generate first signature data and to transmit the first signature data to the card reader; enabling the card reader to receive first transmission data and to transmit the first transmission data to the background server; enabling the background server to verify a digital certificate of the electronic signature equipment, carrying out the signature verification of the first signature data, and ending a flow if the signature verification is not passed; generating a third random factor based on the first random factor and a second random factor if the signature verification is passed, obtaining encryption data, ad transmitting second transmission data to the card reader; enabling the electronic signature equipment to verify the digital certificate of the background server, carrying out the signature verification of second signature data, obtaining the third random factor, and calculating a first transmission secret key through employing the third random factor.
Description
Technical field
The present invention relates to a kind of electronic technology field, particularly relate to a kind of ID card information transmission method and system.
Background technology
Store in resident's China second-generation identity card is the ciphertext of ID card information, needs the safety control module ability authorized through the Ministry of Public Security
The ciphertext of the ID card information of storage in energy decryption identity card.Card reader needs to carry out information alternately with background server, just can obtain
Obtain the cleartext information of identity card.At present, when removing bank or security organization transacting business, need repeatedly the information of reading identity card,
At present in technology, each reading identity card card reader is required for interacting certification with background server, in verification process, and clothes
Business device can generate random password for encrypting interactive information, but this interactive authentication process is highly susceptible to attack, and assailant is led to
Often random password can be carried out lexicographic conjecture, here it is " Replay Attack ", when server is by Replay Attack, it is possible to pass through
Replay Attack is identified and termination process by the random password self generated, but in current interactive authentication scheme, service
When device is identified operation to Replay Attack, often carried out between card reader and server processing, also the most alternately and repeatedly
That is, when server identifies certain operation for rogue attacks, this operation has occupied suitable duration and system money
Source, causes time and the wasting of resources, additionally, due to ID card information data volume is relatively big, during ID card information reads,
Often interrupting because the factor such as network or card reader causes information to read, the reading mechanism of identity-based card information, card reader needs
Identity card re-read, and to re-start interactive authentication with server, further result in time and the wasting of resources.
Summary of the invention
Present invention seek to address that one of the problems referred to above.
The present invention provides below scheme, including:
Scheme one: a kind of ID card information transmission method, including: it is not provided with the card reader of SAM module and receives Card Reader and refer to
Order, sends escape way and sets up request to background server;Described background server receives described escape way and sets up request, raw
Become the first random factor, and described first random factor is sent to described card reader;Described card reader receives described first random
The factor, sends described first random factor to electronic signature equipment;Described electronic signature equipment receives described first random factor,
First data to be signed are signed by the private key utilizing described electronic signature equipment, generate the first signed data, send data by first
Sending to described card reader, wherein, described first data to be signed at least include described first random factor, and described first sends
Data at least include described first signed data and the digital certificate of described electronic signature equipment;Described card reader receives described first
Send data, send data by described first and send to described background server;Described background server receives described first and sends
Data, verify the digital certificate of described electronic signature equipment, after being verified, described first signed data are carried out sign test behaviour
Make, if sign test is not passed through, then terminate flow process;If sign test is passed through, the most described background server generates the second random factor,
And generate the 3rd random factor based on described first random factor and described second random factor, utilize described electronic signature equipment
3rd random factor described in public key encryption, obtains encryption data, utilizes the private key of described background server to enter described encryption data
Row signature, obtains the second signed data, utilizes described 3rd random factor to be calculated the second transmission key, by the second transmission number
According to sending to described card reader, wherein, described second transmission data include described second signed data, described encryption data and institute
State the digital certificate of background server;Described card reader receives described second transmission data, described second transmission data is sent extremely
Described electronic signature equipment;Described electronic signature equipment receives described second transmission data, verifies the numeral of described background server
Certificate, after being verified, carries out sign test operation to described second signed data, if sign test is passed through, then utilizes described electronics
The private key of signature device is decrypted operation to described encryption data, obtains described 3rd random factor, and utilize the described 3rd with
The machine factor is calculated the first transmission key;Described electronic signature equipment utilizes card reader and institute described in described first transmission double secret key
Stating the data of transmission between background server and carry out encryption and decryption, described background server utilizes to be read described in described second transmission double secret key
Between card device and described background server, the data of transmission carry out encryption and decryption.
Scheme two: according to the method for scheme one, described background server carries out sign test operation to described first signed data, including:
Described background server utilizes the described electronic signature in the digital certificate of described first random factor and described electronic signature equipment to set
Standby PKI carries out sign test operation to described first signed data;Described second signed data is tested by described electronic signature equipment
Sign operation, including: described electronic signature equipment utilize in the digital certificate of described encryption data and described background server described
The PKI of background server carries out sign test operation to described second signed data.
Scheme three: according to the method for scheme one: described first data to be signed also include: the first body of described electronic signature equipment
Part mark;Described first sends data also includes: the second identity of described electronic signature equipment.
Scheme four: according to the method for scheme three, the first identity of described electronic signature equipment includes: electronic signature equipment sequence
Row number and/or electronic signature equipment certificate number, the second identity of described electronic signature equipment includes: described electronic signature equipment
Serial number and/or described electronic signature equipment certificate number, and described electronic signature equipment serial number and described electronic signature equipment certificate
Number possess mapping relations, and described background server storage has described electronic signature equipment serial number to demonstrate,prove with described electronic signature equipment
The described mapping relations of book number.
Scheme five: according to the method for scheme three or four, described background server carries out sign test operation to described first signed data,
Including: described background server utilizes described first random factor, described second identity and the number of described electronic signature equipment
The PKI of the described electronic signature equipment in word certificate carries out sign test operation to described first signed data.
Scheme six: according to the method for any one of scheme two to five, described card reader receives the card seeking response that the first identity card returns
Instruction;Described card reader reads the configuration information of described first identity card;Described card reader is by external interface inquiry electronic signature
Whether equipment has stored described configuration information, in the case of described electronic signature equipment does not store described configuration information, logical
Cross described external interface to be stored in described electronic signature equipment by described configuration information;It is calculated in described electronic signature equipment
After described first transmission key, described method also includes: described card reader obtains the encryption identity card of storage in described identity card
Information, and send to described electronic signature equipment, receive the first transmission ciphertext that described electronic signature equipment returns, and by described
First transmission ciphertext is sent to described background server;Described electronic signature equipment utilizes Card Reader described in described first transmission double secret key
Between device and described background server, the data of transmission carry out encryption and decryption, including: described electronic signature equipment utilizes described first to pass
Configuration information described in defeated double secret key and the encryption of described encryption identity card information generate described first transmission ciphertext;Described background server
The data transmitted between card reader and described background server described in described second transmission double secret key are utilized to carry out encryption and decryption, including:
Described background server utilizes the first transmission ciphertext deciphering described in described second transmission double secret key, obtains described configuration information and described
Encryption identity card information.
Scheme seven: according to the method for scheme six, described card reader obtains the encryption identity card information of storage in described identity card and includes:
Described card reader inquires about in described electronic signature equipment whether store the encryption identity card information corresponding with described configuration information;?
In the case of determining that in described electronic signature equipment, storage has described encryption identity card information, read described by described external interface
The described encryption identity card information of storage in electronic signature equipment;Described encryption is not stored in determining described electronic signature equipment
In the case of ID card information, described card reader performs the Card Reader flow process of identity card, reads the encryption body in described first identity card
Part card information, and the described encryption identity card information read is stored in described electronic signature equipment by described external interface,
And associate with described configuration information.
Scheme eight: according to the method for scheme six, in the case of described electronic signature equipment does not store described configuration information, logical
Cross described external interface described configuration information is stored described electronic signature equipment to include: described card reader by described externally
Interface deletes configuration information and the encryption identity card information of storage in described electronic signature equipment, is deposited by the described configuration information read
Store up in described electronic signature equipment;Described card reader obtains the encryption identity card information of storage in described identity card and includes: described
Card reader inquires about in described electronic signature equipment whether stored encryption identity card information;Deposit in determining described electronic signature equipment
In the case of containing described encryption identity card information, read by described external interface described in described electronic signature equipment stores
Encryption identity card information;In the case of not storing described encryption identity card information in determining described electronic signature equipment, described
Card reader performs the Card Reader flow process of identity card, reads the encryption identity card information in described first identity card, and described in reading
Encryption identity card information is stored in described electronic signature equipment by described external interface.
Scheme nine: according to the method for scheme seven or eight, in described electronic signature equipment, the described encryption identity card information of storage includes
Multiple packets;Described electronic signature equipment utilizes configuration information and described encryption identity card letter described in described first transmission double secret key
Encryption for information generates described first transmission ciphertext, described encryption identity card information included including: described electronic signature equipment described in
Multiple packets obtain described first transmission ciphertext after utilizing described first transmission key encryption successively.
Scheme ten: according to the method for scheme nine, described method also includes: receiving the instruction weight that described background server sends
When passing the retransmission instructions of described encryption identity card information, described retransmission instructions is sent to described electronic signature equipment by described card reader,
Described electronic signature equipment utilizes retransmission instructions instruction described in described first transmission double secret key to need the packet retransmitted to be encrypted life
Becoming the second transmission ciphertext, and send to card reader, described second transmission ciphertext is retransmitted to described background server by described card reader,
Described background server utilizes the second transmission ciphertext deciphering described in described second transmission double secret key to obtain described retransmission instructions instruction needs
The packet retransmitted.
Scheme 11: according to the method for any one of scheme six to ten, in described card reader, described first transmission ciphertext is sent to institute
After stating background server, described method also includes: described card reader is not detected by identity card in the given time, empties institute
The configuration information of the identity card stored in stating electronic signature equipment and encryption identity card information.
Scheme 12: according to the method for any one of scheme six to ten one, in described card reader, described first transmission ciphertext is sent to
After described background server, described method also includes: described card reader obtains described background server and deciphers the identity card obtained
Cleartext information;Described identity card cleartext information is sent to described electronic signature equipment by described card reader;Described electronic signature equipment
Produce a random key;Described electronic signature equipment uses described random key to be encrypted described identity card cleartext information;
Described identity card cleartext information after encryption is stored in described electronic signature equipment by described electronic signature equipment.
Scheme 13: according to the method for scheme 12, in described card reader, described identity card cleartext information is stored described electronics
After in signature device, described method also includes: described card reader receives the card seeking response instruction that the second identity card returns;Institute
State card reader and read the configuration information of described second identity card;Whether described card reader has stored in judging described electronic signature equipment
The current described configuration information read;Described card reader receives the Card Reader instruction of the terminal being attached thereto;Judging described safety
In the case of chip internal memory contains the described configuration information of current reading, it is judged that after whether described electronic signature equipment has stored encryption
Described identity card cleartext information;Described identity card cleartext information after storage has encryption in judging described electronic signature equipment
In the case of, obtain described identity card cleartext information from described electronic signature equipment.
Scheme 14: according to the method for scheme 12, in described electronic signature equipment by the described identity card cleartext information after encryption
After storing in described electronic signature equipment, described method also includes: described card reader is not detected by body in the given time
Part card, the identity card cleartext information after the encryption stored in emptying described electronic signature equipment;And/or, described card reader is predetermined
In the case of being not detected by time before identity card or described electronic signature equipment execution power-off operation, described electronic signature equipment
Delete described random key.
Scheme 15: a kind of ID card information transmission system, including: it is not provided with the card reader of SAM module, electronic signature
Equipment and background server, wherein, described card reader, it is used for receiving Card Reader instruction, sends escape way and set up request to institute
State background server, receive the first random factor, described first random factor is sent to described electronic signature equipment, receive the
One sends data, sends data by described first and sends to described background server, receives the second transmission data, by described second
Transmission data send to described electronic signature equipment;Described background server, is used for receiving described escape way and sets up request, raw
Become described first random factor, and described first random factor sent to described card reader, receive described first and send data,
Verify the digital certificate of described electronic signature equipment, after being verified, described first signed data is carried out sign test operation, as
Really sign test is not passed through, then terminate flow process, if sign test is passed through, the most described background server generates the second random factor, and based on
Described first random factor and described second random factor generate the 3rd random factor, utilize the PKI of described electronic signature equipment to add
Close described 3rd random factor, obtains encryption data, utilizes the private key of described background server to sign described encryption data,
Obtain the second signed data, described second transmission data are sent to described card reader, utilizes described 3rd random factor to calculate
To the second transmission key, the data transmitted between card reader and described background server described in described second transmission double secret key are utilized to enter
Row encryption and decryption, wherein, described second transmission data include described second signed data, described encryption data and described background service
The digital certificate of device;Described electronic signature equipment, is used for receiving described first random factor, utilizes the private key of electronic signature equipment
To the first data to be signed signature, generate the first signed data, send data by described first and send to described card reader, wherein,
Described first data to be signed at least include described first random factor, and described first sends data to include described first signature less
Data and the digital certificate of described electronic signature equipment, receive described second transmission data, verify the numeral of described background server
Certificate, after being verified, carries out sign test operation to described second signed data, if sign test is passed through, then utilizes described electronics
The private key of signature device is decrypted operation to described encryption data, obtains described 3rd random factor, and utilize the described 3rd with
The machine factor is calculated the first transmission key, utilize described first transmission double secret key described between card reader and described background server
The data of transmission carry out encryption and decryption.
Scheme 16: according to the system of scheme 15: described background server, for carrying out sign test to described first signed data
Operation, including: described background server, for utilizing described first random factor and the digital certificate of described electronic signature equipment
In the PKI of described electronic signature equipment described first signed data is carried out sign test operation;Described electronic signature equipment, is used for
Described second signed data is carried out sign test operation, including: described electronic signature equipment, it is used for utilizing described encryption data and institute
The PKI stating the described background server in the digital certificate of background server carries out sign test operation to described second signed data.
Scheme 17: according to the system of scheme 15 or 16: described first data to be signed also include: described electronic signature sets
The first standby identity;Described first sends data also includes: the second identity of described electronic signature equipment.
Scheme 18: according to the system of scheme 17, the first identity of described electronic signature equipment includes: electronic signature sets
Standby serial number and/or electronic signature equipment certificate number, the second identity of described electronic signature equipment includes: described electronic signature
Equipment Serial Number and/or described electronic signature equipment certificate number, and described electronic signature equipment serial number and described electronic signature equipment
Certificate number possesses mapping relations, and described background server storage has described electronic signature equipment serial number to set with described electronic signature
The described mapping relations of standby certificate number.
Scheme 19: according to the system of scheme 17 or 18, described background server, for entering described first signed data
Row sign test operates, including: described background server, it is used for utilizing described first random factor, described second identity and institute
The PKI stating the described electronic signature equipment in the digital certificate of electronic signature equipment carries out sign test behaviour to described first signed data
Make.
Scheme 20: according to the system of any one of scheme ten six to ten nine, described card reader, is additionally operable to receiving described Card Reader
Before instruction, receive the card seeking response instruction that the first identity card returns;Read the configuration information of described first identity card;Pass through
Whether external interface inquiry electronic signature equipment stores described configuration information, has not stored in described electronic signature equipment described
In the case of configuration information, by described external interface, described configuration information is stored in described electronic signature equipment;Described reading
Card device, is additionally operable to, after described electronic signature equipment is calculated described first transmission key, obtain in described identity card and store
Encryption identity card information, and send to described electronic signature equipment, receive the first transmission that described electronic signature equipment returns close
Literary composition, and described first transmission ciphertext is sent to described background server;Described electronic signature equipment, is used for utilizing described first
Described in transmission double secret key, between card reader and described background server, the data of transmission carry out encryption and decryption, including: described electronic signature
It is close that configuration information and the encryption of described encryption identity card information described in first transmission double secret key described in equipment utilization generate described first transmission
Literary composition;Described background server, is used for utilizing described in described second transmission double secret key and transmits between card reader and described background server
Data carry out encryption and decryption, utilize the first transmission ciphertext deciphering described in described second transmission double secret key including: described background server,
Obtain described configuration information and described encryption identity card information.
Scheme 21: according to the system of scheme 20, described card reader, is additionally operable to obtain the encryption of storage in described identity card
ID card information, including: described card reader, it is additionally operable to inquire about in described electronic signature equipment whether having stored and described configuration letter
The encryption identity card information that breath is corresponding;In the case of in determining described electronic signature equipment, storage has described encryption identity card information,
The described encryption identity card information of storage in described electronic signature equipment is read by described external interface;Determining described electronics label
In the case of not storing described encryption identity card information in name equipment, described card reader performs the Card Reader flow process of identity card, reads
Encryption identity card information in described first identity card, and the described encryption identity card information read is deposited by described external interface
Store up in described electronic signature equipment, and associate with described configuration information.
Scheme 22: according to the system of scheme 20, described card reader, is additionally operable to not store in described electronic signature equipment
In the case of described configuration information, by described external interface, described configuration information is stored described electronic signature equipment and includes:
Described card reader, is additionally operable to be deleted configuration information and the crypto identity of storage in described electronic signature equipment by described external interface
Card information, stores the described configuration information read in described electronic signature equipment;Described card reader, is additionally operable to acquisition described
Whether in identity card, the encryption identity card information of storage includes: described card reader, be additionally operable to inquire about in described electronic signature equipment and deposit
Contain encryption identity card information;In the case of in determining described electronic signature equipment, storage has described encryption identity card information, logical
Cross described external interface and read the described encryption identity card information of storage in described electronic signature equipment;Determining described electronic signature
In the case of not storing described encryption identity card information in equipment, described card reader performs the Card Reader flow process of identity card, reads institute
State the encryption identity card information in the first identity card, and the described encryption identity card information read is stored by described external interface
In described electronic signature equipment.
Scheme 23: according to the system of scheme 21 or 22, the described encryption body of storage in described electronic signature equipment
Part card information includes multiple packet;Described electronic signature equipment, is used for utilizing configuration information described in described first transmission double secret key
Described first transmission ciphertext is generated with the encryption of described encryption identity card information, including: described electronic signature equipment, for by described
The plurality of packet that encryption identity card information includes obtains described first transmission after utilizing described first transmission key encryption successively
Ciphertext.
Scheme 24: according to the system of scheme 23, described card reader, is additionally operable to send out receiving described background server
When the instruction sent retransmits the retransmission instructions of described encryption identity card information, described retransmission instructions is sent to described electronic signature equipment;
Described electronic signature equipment, is additionally operable to utilize retransmission instructions instruction described in described first transmission double secret key to need the packet retransmitted to enter
Row encryption generates the second transmission ciphertext, and sends to described card reader;Described card reader, is additionally operable to described second transmission ciphertext
Retransmit to described background server;Described background server, is additionally operable to utilize the second transmission described in described second transmission double secret key close
Literary composition deciphering obtains the packet that the instruction of described retransmission instructions needs to retransmit.
Scheme 25: according to the system of any one of scheme 20 to two 14, described card reader, be additionally operable to by described first
After transmission ciphertext is sent to described background server, it is not detected by identity card in the given time, empties described electronic signature
The configuration information of the identity card of device memory storage and encryption identity card information.
Scheme 26: according to the system of any one of scheme 20 to two 15, described card reader, be additionally operable to by described first
After transmission ciphertext is sent to described background server, obtains described background server and decipher the identity card cleartext information obtained;Will
Described identity card cleartext information is sent to described electronic signature equipment;Described electronic signature equipment is additionally operable to produce a random key,
Use described random key that described identity card cleartext information is encrypted;Described identity card cleartext information after encryption is stored
In described electronic signature equipment.
Scheme 27: according to the system of scheme 26, described card reader, is additionally operable to depositing described identity card cleartext information
After storing up in described electronic signature equipment, receive the card seeking response instruction that the second identity card returns, read described second identity
The configuration information of card, it is judged that whether store the described configuration information of current reading in described electronic signature equipment, receive therewith
The Card Reader instruction of the terminal connected;In the case of judging the described configuration information that described safety chip internal memory contains current reading,
Judge described electronic signature equipment whether store encryption after described identity card cleartext information;Judging described electronic signature equipment
In the case of middle storage has the described identity card cleartext information after encryption, obtain described identity card in plain text from described electronic signature equipment
Information.
Scheme 28: according to the system of scheme 26, described card reader, being additionally operable to will encryption in described electronic signature equipment
After described identity card cleartext information store in described electronic signature equipment after, be not detected by identity card in the given time,
Identity card cleartext information after the encryption stored in emptying described electronic signature equipment;And/or, described card reader, it is additionally operable in institute
State after the described identity card cleartext information after encryption stores in described electronic signature equipment by electronic signature equipment, in pre-timing
In be not detected by the case of identity card or described electronic signature equipment perform before power-off operation, triggering described electronic signature and setting
The described random key of standby deletion;Described electronic signature equipment, is additionally operable under the triggering of described card reader, deletes described with secret
Key.
Scheme 29: the card reader being not provided with SAM module receives Card Reader instruction, sends escape way and sets up request extremely
Background server;Described background server receives described escape way and sets up request, generates the first random factor, and recognizes first
Card data send to described card reader, and wherein, described first authentication data at least includes: described first random factor and described after
The digital certificate of station server;After described card reader receives described first authentication data, described first authentication data is sent to electricity
Sub-signature device;Described electronic signature equipment receives described first authentication data, verifies the digital certificate of described background server,
After being verified, generate the second random factor, and utilize the second random factor described in the public key encryption of described background server,
To the first encryption data, described first random factor and described first encryption data are signed, obtain the first signed data,
Second authentication data is sent to described card reader, and is calculated the first transmission key based on described second random factor, wherein,
Described second authentication data includes the numeral card of described first signed data, described first encryption data and described electronic signature equipment
Book;After described card reader receives described second authentication data, described second authentication data is sent to described background server;Institute
State background server and receive described second authentication data, verify the digital certificate of described electronic signature equipment, after being verified,
Described first signed data is carried out sign test, if sign test is passed through, then utilizes the private key of described background server to add described first
Ciphertext data is decrypted operation, obtains described second random factor, if sign test is not passed through, then terminates flow process;Described backstage takes
Business device is calculated the second transmission key based on described second random factor;Described electronic signature equipment utilizes described first transmission close
Key carries out encryption and decryption to the data of transmission between described card reader and described background server, and described background server utilizes described the
Described in two transmission double secret key, between card reader and described background server, the data of transmission carry out encryption and decryption.
Scheme 30: the system of a kind of ID card information transmission, including: it is not provided with the card reader of SAM module, backstage clothes
Business device and electronic signature equipment, wherein: described card reader, be used for receiving Card Reader instruction, send escape way and set up request extremely
Background server;Described background server, is used for receiving described escape way and sets up request, generates the first random factor, and will
First authentication data sends to described card reader, and wherein, described first authentication data at least includes: described first random factor and
The digital certificate of described background server;Described card reader, after being additionally operable to receive described first authentication data, recognizes described first
Card data send to electronic signature equipment;Described electronic signature equipment, is used for receiving described first authentication data, verify described after
The digital certificate of station server, after being verified, generates the second random factor, and utilizes the public key encryption of described background server
Described second random factor, obtains the first encryption data, signs described first random factor and described first encryption data,
Obtain the first signed data, the second authentication data is sent to described card reader, and is calculated based on described second random factor
First transmission key, wherein, described second authentication data includes described first signed data, described first encryption data and described
The digital certificate of electronic signature equipment;Described card reader, after being additionally operable to receive described second authentication data, by described second certification
Data send to described background server;Described background server, is additionally operable to receive described second authentication data, verifies described electricity
The digital certificate of sub-signature device, after being verified, carries out sign test to described first signed data, if sign test is passed through, then
The private key utilizing described background server is decrypted operation to described first encryption data, obtains described second random factor, as
Really sign test is not passed through, then terminate flow process;And it is calculated the second transmission key based on described second random factor;Described electronics label
Name equipment, is additionally operable to utilize the data transmitted between card reader and described background server described in described first transmission double secret key to carry out
Encryption and decryption;Described background server, be additionally operable to utilize card reader and described background server described in described second transmission double secret key it
Between transmission data carry out encryption and decryption.
As seen from the above technical solution provided by the invention, in technical scheme, background server receives foundation
Secure channel request is set up to be connected with card reader and is started, and to when sign test mistake, disconnects the connection with card reader, and this process is the most non-
The ofest short duration, background server can judge rapidly the signed data mistake of electronic signature equipment, release and the interface channel of card reader,
Therefore, when the equipment being connected with background server is not the normal card reader used, but during Replay Attack equipment, on backstage
Server, by the case of Replay Attack, can disconnect rapidly and the interface channel of Replay Attack equipment, alleviates Replay Attack to rear
Taking of station server.And the most in the art, the sign test step preventing Replay Attack is placed on whole escape way of setting up to generate
The mid portion part the most rearward of the flow process of transmission key, it is impossible to quickly judge whether by repeat attack, due to sign test step
The most rearward, even if by repeat attack, can not quickly judge, can only continue to be subsequently generated the step of transmission key,
And sign test step starting most in whole flow process in the present invention, it is possible to just verify electronic signature equipment identity not in the very first time
After legal, terminate follow-up operation, quickly judge by Replay Attack, and then disconnect the connection with illegal card reader, it is ensured that
The safety of background server.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, the required accompanying drawing utilized in embodiment being described below
It is briefly described, it should be apparent that, the accompanying drawing in describing below is only some embodiments of the present invention, for this area
From the point of view of those of ordinary skill, on the premise of not paying creative work, it is also possible to obtain other accompanying drawings according to these accompanying drawings.
The flow chart of the ID card information transmission method that Fig. 1 provides for the embodiment of the present invention 1;
The structural representation of the ID card information transmission system that Fig. 2 provides for the embodiment of the present invention 2 and embodiment 8;
The flow chart of the ID card information transmission method that Fig. 3 provides for the embodiment of the present invention 3;
The structural representation of the ID card information transmission system that Fig. 4 provides for the embodiment of the present invention 4;
The flow chart of the ID card information transmission method that Fig. 5 provides for the embodiment of the present invention 5;
The flow chart of the ID card information transmission method that Fig. 6 provides for the embodiment of the present invention 6;
The flow chart of the ID card information transmission method that Fig. 7 provides for the embodiment of the present invention 7.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described,
Obviously, described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Reality based on the present invention
Execute example, the every other embodiment that those of ordinary skill in the art are obtained under not making creative work premise, broadly fall into
Protection scope of the present invention.
In describing the invention, it is to be understood that term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ",
Orientation or the position relationship of the instruction such as " afterwards ", "left", "right", " vertically ", " level ", " top ", " end ", " interior ", " outward " are base
In orientation shown in the drawings or position relationship, it is for only for ease of the description present invention and simplifies description rather than instruction or hint institute
The device that refers to or element must have specific orientation, with specific azimuth configuration and operation, therefore it is not intended that to the present invention
Restriction.Additionally, term " first ", " second " are only used for describing purpose, and it is not intended that instruction or hint relative importance
Or quantity or position.
In describing the invention, it should be noted that unless otherwise clearly defined and limited, term " install ", " being connected ",
" connect " and should be interpreted broadly, connect for example, it may be fixing, it is also possible to be to removably connect, or be integrally connected;Permissible
It is to be mechanically connected, it is also possible to be electrical connection;Can be to be joined directly together, it is also possible to be indirectly connected to by intermediary, can be two
The connection of individual element internal.For the ordinary skill in the art, can understand that above-mentioned term is in the present invention with concrete condition
In concrete meaning.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Embodiment 1
The present embodiment provides a kind of ID card information transmission method, and Fig. 1 is the flow chart of the method, as it is shown in figure 1, this enforcement
The ID card information transmission method that example provides mainly comprises the steps that
S101, is not provided with after the card reader of SAM module receives Card Reader instruction, sending escape way and setting up request to backstage
Server;
In an optional embodiment of the present embodiment, the card reader being not provided with SAM module can be to be not provided with SAM
The card reader of ID card of module, for reading identity card information, for the ease of describing, hereinafter referred to as card reader, this Card Reader
Device can be connected with background server by the way of wired, it is possible to wirelessly connects, and card reader can be with access network
Equipment (such as the terminal such as computer, mobile phone), the form transmitted by the network equipment is connected with background server foundation, and the present embodiment exists
This is not restricted.Card Reader instruction can be the user received by input modules such as its button carried, touch screens by card reader
The instruction of input, it is also possible to be that other equipment being connected with card reader (such as the terminal such as computer, mobile phone) is sent to identity card reader
's.Additionally, SAM module is the module that existing card reader is arranged, SAM module is only used for the identity reading card reader
Card information carries out authentication.
S102, background server receives escape way and sets up request, generates the first random factor, and is sent by the first random factor
To card reader;
In an optional embodiment of the present invention, the first random factor is single authentication data, can include random number and/or
Random event, does not limits at this.This first random factor can also be one or a string random number, or can be one or
A string random character, or a string random number and the combination in any of random combine.Background server generate every time first at random because of
Son is all randomly generated, and the first random factor generated from the last time is different, is possible to prevent Replay Attack, improves peace
Quan Xing.
S103, card reader receives the first random factor, sends the first random factor to electronic signature equipment;
Electronic signature equipment can be the equipment of the function with authentication, digital signature, such as USBkey (such as industrial and commercial bank U
Shield, agricultural bank K are precious), audio frequency KEY, there is the equipment such as smart card of electronic signature functionality.An optional reality in the present invention
Executing in mode, electronic signature equipment can pass through that USB interface, audio interface, blue tooth interface, NFC interface etc. are wired or wireless to be connect
Mouth is connected with card reader, and this is not restricted for the present embodiment.Owing to card reader not having safety chip, and sign electronically and set
Get everything ready safety chip, this safety chip (Z8D64U (state close lot number SSX43), Z32 such as Guoming Technology Co., Ltd
(state close lot number SSX20)) internal have independent processor and memory element, PKI digital certificate and key can be stored, with
And other characteristics, data are carried out encryption and decryption computing, provides the user data encryption and identification safety authentication service, protection
Business privacy and data safety.Therefore, the present embodiment needs to carry out the number of encryption and decryption, signature, sign test, digital certificate authentication
According to being both needed to through electronic signature equipment, to ensure the mutual safety between card reader and background server.
S104, electronic signature equipment receives the first random factor, utilizes the private key of electronic signature equipment to the first data to be signed label
Name, generates the first signed data, sends data by first and sends to card reader, and wherein, the first data to be signed at least include the
One random factor, first sends data to include less the digital certificate of the first signed data and electronic signature equipment;
In an optional embodiment of the present embodiment, the first data to be signed also include: the first identity of electronic signature equipment
Mark, first sends data also includes: the second identity of electronic signature equipment.Further, the of electronic signature equipment
One identity includes: electronic signature equipment serial number and/or electronic signature equipment certificate number, the second identity of electronic signature equipment
Mark includes: electronic signature equipment serial number and/or electronic signature equipment certificate number, and electronic signature equipment serial number and electronics label
Name device certificate number possesses mapping relations, and background server storage has electronic signature equipment serial number and electronic signature equipment certificate number
Possess mapping relations, after background server receives electronic signature equipment serial number, it is possible to by inquiry electronic signature equipment sequence
Number with the mapping relations of electronic signature equipment certificate number, obtain electronic signature equipment certificate number, vice versa, by electronic signature
Equipment Serial Number and/or card reader certificate number, background server can this electronic signature equipment of fixation and recognition, and obtain electronic signature
The information such as the information of dispatching from the factory of equipment, history Card Reader information, history error message, history report information and historical transactional information, with
Being easy to background server utilizes the electronic signature equipment serial number received or electronic signature equipment certificate number to realize risk management.
S105, card reader receives the first transmission data, sends data by first and send to background server;
In the present embodiment, card reader comprises the digital certificate and first of electronic signature equipment of electronic signature equipment PKI to major general
Signed data is sent along to background server, in order to the legitimacy of electronic signature equipment is verified by background server, it is ensured that
The legitimacy of transaction and safety;After electronic signature equipment receives the first random factor that background server sends, except entering
Walk to, outside few signature operation to the first random factor, not carry out other any operations, so that background server can be
Receive the first transmission data of card reader passback in the short time and be authenticated, improve background server and electronic signature is set
Standby authentication efficiency.
S106, background server receives the first transmission data, verifies the digital certificate of electronic signature equipment, after being verified,
First signed data is carried out sign test operation, if sign test is not passed through, then terminates flow process;
In an optional embodiment of the present embodiment, background server can utilize root certificate to set the electronic signature received
Standby digital certificate is verified, to prevent illegal molecule from distorting the PKI of electronic signature equipment, it is achieved to electronic signature equipment
Safety certification, improves the safety that both sides are mutual.Background server is from authentication center's (Certificate Authority is called for short CA)
Downloading root certificate, root certificate is the basis that CA and user set up trusting relationship.If the verification passes, then continue follow-up flow process,
If checking is not passed through, then can terminate flow process at this moment, it is of course also possible in the obstructed out-of-date end flow process of sign test.
In the present embodiment, receive from step S101 background server and set up from the beginning of secure channel request sets up with card reader and be connected,
Not passing through when sign test in S106, terminate flow process, background server disconnects the connection with card reader, and this process is the ofest short duration,
Background server can judge rapidly the signed data mistake of electronic signature equipment, discharges and the interface channel of card reader, therefore, when
During Replay Attack equipment disguise as card reader, in the case of background server is by Replay Attack, can disconnect rapidly and attacking with playback
Hit the interface channel of equipment, alleviate Replay Attack and background server is taken.And the most in the art, Replay Attack will be prevented
Sign test step be placed on whole escape way of setting up and generate the mid portion part the most rearward of flow process of transmission key, it is impossible to quickly
Judge whether, by repeat attack, owing to sign test step compares rearward, even if by repeat attack, can not quickly judge,
Can only continue to be subsequently generated the step of transmission key, and sign test step starting most in whole flow process in the present invention, it is possible to first
Time just verify electronic signature equipment identity illegal after, terminate follow-up operation, quickly judge by Replay Attack,
And then disconnect the connection with illegal card reader, it is ensured that the safety of background server.
In an optional embodiment of the present embodiment, background server carries out sign test operation to the first signed data, including:
Background server utilizes the PKI of the electronic signature equipment in the digital certificate of the first random factor and electronic signature equipment to sign first
Name data carry out sign test operation.The PKI using the electronic signature equipment in the digital certificate of electronic signature equipment carries out sign test operation,
Ensured background server do not prestore electronic signature equipment digital certificate in the case of, it is possible to complete sign test operation.
In an optional embodiment of the present embodiment, when the first data to be signed include the first identity, and first sends
When data include the second identity, background server carries out sign test operation and includes the first signed data: background server profit
With the PKI of the electronic signature equipment in the digital certificate of the first random factor, the second identity and electronic signature equipment to first
Signed data carries out sign test operation.Data to be signed include the first identity, can make sign test result more accurately and reliably,
After background server receives the second identity again, it is possible to carry out risk control management according to the second identity.
S107, if sign test is passed through, then background server generates the second random factor, and based on the first random factor and second with
The machine factor generates the 3rd random factor, utilizes public key encryption the 3rd random factor of electronic signature equipment, obtains encryption data, profit
Sign by the private key pair encryption data of background server, obtain the second signed data, the second transmission data are sent to Card Reader
Device, wherein, the second transmission data include the digital certificate of the second signed data, encryption data and background server;
In the present embodiment, the second random factor is single authentication data, can include random number and/or random event.This is second years old
Random factor can also be one or a string random number, or can be one or a string random character, or a string random number and
The combination in any of random combine.After background server generates the second random factor, background server and electronic signature equipment can be adopted
Generating the 3rd random factor with the algorithm consulted in advance based on the first random factor and the second random factor, concrete algorithm has multiple,
The present embodiment does not limits, such as stitching algorithm, difference algorithm, slot algorithm etc., such as, the first random factor and second with
The machine factor is N position, it is preferable that for improving the formation efficiency of the 3rd random factor, by the first random factor and second at random because of
Son carries out head and the tail and splices the 3rd random factor generating 2N position, or, by the front X position in the first random factor and second at random because of
Rear Y position in son is spliced, and generates the 3rd random factor of X+Y position, wherein, 1≤X≤N, 1≤Y≤N.Passing through
After a series of checkings in subsequent step, background server and electronic signature equipment all can utilize the 3rd random factor to use phase
Same algorithm generates transmission key.
S108, background server utilizes the 3rd random factor to be calculated the second transmission key;
In the present embodiment, background server can utilize the 3rd random factor to use the algorithm identical with electronic signature equipment side
Generate transmission key, to ensure that electronic signature equipment can utilize this transmission key by card reader with background server and card reader
The information of carrying out is mutual, carries out encryption and decryption by the data in this transmission double secret key transmitting procedure, to ensure the safety of transmission data.
This step S108 and subsequent step S109~S111 order in no particular order.
S109, card reader receives the second transmission data, sends the second transmission data to electronic signature equipment;
S110, electronic signature equipment receives the second transmission data, verifies the digital certificate of background server, after being verified,
Second signed data is carried out sign test operation, if sign test is passed through, then utilizes the private key pair encryption data of electronic signature equipment to carry out
Decryption oprerations, obtains the 3rd random factor;
In the present embodiment, electronic signature equipment can utilize the digital certificate of the root certificate background server to receiving to test
Card, to prevent illegal molecule from distorting the PKI of background server, it is achieved the safety certification to background server, improves both sides mutual
Safety.Electronic signature equipment downloads root certificate, root certificate from authentication center's (Certificate Authority is called for short CA)
It it is CA and the user basis of setting up trusting relationship.If the verification passes, then continue follow-up flow process, if checking is not passed through, then
Terminating flow process, now, electronic signature equipment disconnects with the connection of background server, and electronic signature equipment will not be again to background service
Device sends data, so that electronic signature equipment will not be attacked by illegal background server.
In an optional embodiment of the present embodiment, electronic signature equipment carries out sign test operation to the second signed data, including:
Electronic signature equipment utilizes the PKI of the background server in the digital certificate of encryption data and background server to the second signed data
Carry out sign test operation.The PKI using the background server in the digital certificate of background server carries out sign test operation, has ensured
Electronic signature equipment do not prestore background server digital certificate in the case of, it is possible to complete sign test operation.Further, as
Really the sign test of the second signed data cannot be passed through, then terminate flow process, disconnects the connection of card reader and background server.
S111, electronic signature equipment utilizes the 3rd random factor to be calculated the first transmission key;
In the present embodiment, electronic signature equipment can utilize the 3rd random factor to use the algorithm identical with background server side
Generate transmission key, this transmission key can be utilized to carry out information by card reader and background server with electronic signature equipment mutual,
Encryption and decryption is carried out, to ensure the safety of transmission data by the data in this transmission double secret key transmitting procedure.
Can be identical transmission as optional embodiment a kind of in the present embodiment, the first transmission key and the second transmission key
Key, i.e. symmetric key, card reader and background server are utilized respectively this symmetric key data encrypting and deciphering to transmission;Can also
The double secret key of to be one group include encryption key and decruption key, it is close that card reader and background server can be utilized respectively encryption therein
Key, to transmission data encryption, utilizes decruption key therein to transmission data deciphering.
S112, electronic signature equipment utilizes the data of transmission between the first transmission double secret key card reader and background server to carry out adding solution
Close, background server utilizes the data of transmission between the second transmission double secret key card reader and background server to carry out encryption and decryption.
In the present embodiment, use transmission key to carry out data transmission between electronic signature equipment and background server, improve number
Safety according to transmission.
Embodiment 2
The present embodiment provides a kind of ID card information transmission system, and Fig. 2 is the structural representation of this system, this system and the present invention
The ID card information transmission method one_to_one corresponding that embodiment 1 provides, is described only briefly at this:
As in figure 2 it is shown, the ID card information transmission system that the present embodiment provides includes: be not provided with the card reader of SAM module
202, electronic signature equipment 201 and background server 203, in an optional embodiment of the present embodiment, is not provided with
The card reader 202 of SAM module can be the card reader of ID card being not provided with SAM module, for reading identity card information,
For the ease of describing, hereinafter referred to as card reader 202, this card reader 202 can be by wired with background server 203
Mode connects, it is possible to wirelessly connect, card reader 202 can with access network device (such as the terminal such as computer, mobile phone),
The form transmitted by the network equipment is set up with background server 203 and is connected, and this is not restricted for the present embodiment.Wherein,
Card reader 202, is used for receiving Card Reader instruction, sends escape way and sets up request to background server 203, receive first with
The machine factor, sends the first random factor to electronic signature equipment 201, receives the first transmission data, the first transmission data is sent out
Deliver to background server 203, receive the second transmission data, the second transmission data are sent to electronic signature equipment 201;
Background server 203, is used for receiving escape way and sets up request, generate the first random factor, and by the first random factor
Send to card reader 202, receive the first transmission data, verify the digital certificate of electronic signature equipment 201, after being verified,
First signed data is carried out sign test operation, if sign test is not passed through, then terminates flow process, if sign test is passed through, then background service
Device 203 generates the second random factor, and generates the 3rd random factor based on the first random factor and the second random factor, utilizes electricity
Public key encryption the 3rd random factor of sub-signature device 201, obtains encryption data, utilizes the private key of background server 203 to adding
Ciphertext data is signed, and obtains the second signed data, sends the second transmission data to card reader 202, utilize the 3rd at random because of
Son is calculated the second transmission key, utilizes the number of transmission between the second transmission double secret key card reader 202 and background server 203
According to carrying out encryption and decryption, wherein, the second transmission data include the second signed data, encryption data and the numeral of background server 203
Certificate;
In an optional embodiment of the present embodiment, background server 203, it is additionally operable to utilize the first random factor and electronics
The PKI of the electronic signature equipment 201 in the digital certificate of signature device 201 carries out sign test operation to the first signed data.Use
The PKI of the electronic signature equipment 201 in the digital certificate of electronic signature equipment 201 carries out sign test operation, has ensured and has taken on backstage
Business device 203 do not prestore electronic signature equipment 201 digital certificate in the case of, it is possible to complete sign test operation.
Electronic signature equipment 201, for receiving the first random factor, utilizes the private key of electronic signature equipment 201 to wait to sign to first
Name data signature, generates the first signed data, sends data by first and sends to card reader 202, wherein, and the first number to be signed
According at least including the first random factor, first sends data to include the first signed data and the numeral of electronic signature equipment 201 less
Certificate, receives the second transmission data, and the digital certificate of checking background server 203, after being verified, to the second number of signature
According to carrying out sign test operation, if sign test is passed through, then the private key pair encryption data of electronic signature equipment 201 are utilized to be decrypted operation,
Obtain the 3rd random factor, and utilize the 3rd random factor to be calculated the first transmission key, utilize the first transmission double secret key Card Reader
Between device 202 and background server 203, the data of transmission carry out encryption and decryption.
In an optional embodiment of the present embodiment, electronic signature equipment 201, it is additionally operable to utilize encryption data and backstage clothes
The PKI of the background server 203 in the digital certificate of business device 203 carries out sign test operation to the second signed data.Use backstage takes
The PKI of background server in the digital certificate of business device carries out sign test operation, has ensured and has not prestored backstage in electronic signature equipment
In the case of the digital certificate of server, it is possible to complete sign test operation.Further, if the sign test of the second signed data cannot
Pass through, then terminate flow process, disconnect the connection of card reader and background server.
In an optional embodiment of the present embodiment, the first data to be signed also include: the first of electronic signature equipment 201
Identity;First sends data also includes: the second identity of electronic signature equipment 201.Further, electronic signature
First identity of equipment 201 includes: electronic signature equipment 201 serial number and/or electronic signature equipment 201 certificate number, electricity
Second identity of sub-signature device 201 includes: electronic signature equipment 201 serial number and/or electronic signature equipment 201 certificate
Number, and electronic signature equipment 201 serial number and electronic signature equipment 201 certificate number possess mapping relations.Further, backstage
Server 203, is additionally operable to utilize in the digital certificate of the first random factor, the second identity and electronic signature equipment 201
The PKI of electronic signature equipment 201 carries out sign test operation to the first signed data.Data to be signed include the first identity,
Can make sign test result more accurately and reliably.When electronic signature equipment 201 serial number possesses with electronic signature equipment 201 certificate number
During mapping relations, background server 203 storage has electronic signature equipment 201 serial number to have with electronic signature equipment 201 certificate number
Standby mapping relations, after background server 203 receives electronic signature equipment 201 serial number, it is possible to set by inquiry electronic signature
Standby 201 serial numbers and the mapping relations of electronic signature equipment 201 certificate number, obtain electronic signature equipment 201 certificate number, otherwise
As the same, by electronic signature equipment 201 serial number and/or electronic signature equipment 203 certificate number, background server 203 can be determined
Position identifies this electronic signature equipment 201, and obtains the information of dispatching from the factory of electronic signature equipment 201, history Card Reader information, history mistake
The information such as false information, history report information and historical transactional information, in order to background server 203 utilizes the electronic signature received
Equipment 201 serial number or electronic signature equipment 201 certificate number realize risk management.
In the present embodiment, receive from background server 203 and set up from the beginning of secure channel request sets up with card reader and be connected, after arriving
Station server 203 sign test is not passed through, and terminates flow process, and background server 203 disconnects the connection with card reader, and this process is the most non-
The ofest short duration, background server 203 can judge rapidly the signed data mistake of electronic signature equipment 201, release and card reader 202
Interface channel, therefore, when Replay Attack equipment disguise as card reader 202, at background server 203 by Replay Attack
In the case of, can disconnect rapidly and the interface channel of Replay Attack equipment, alleviate Replay Attack taking background server 203.
And the most in the art, the sign test step preventing Replay Attack is placed on the whole flow process setting up escape way generation transmission key
Mid portion part the most rearward, it is impossible to quickly judge whether by repeat attack, owing to sign test step compares rearward, even if being subject to
To repeat attack, can not quickly judge, can only continue to be subsequently generated the step of transmission key, and in the present invention, sign test walks
Suddenly starting most in whole flow process, it is possible to the very first time just verify electronic signature equipment 201 identity illegal after, terminate
Follow-up operation, quickly judges by Replay Attack, and then disconnects the connection with illegal card reader 202, it is ensured that background service
The safety of device 203.
Embodiment 3
A kind of method present embodiments providing ID card information safe transmission.A kind of identity card letter that Fig. 3 provides for the present embodiment
The flow chart of the method for breath safe transmission, as it is shown on figure 3, comprise the steps:
S301: the card reader being not provided with SAM (ID card verification security control) module receives Card Reader instruction, safety is led to
The road request of setting up sends to background server;
In the present embodiment, the card reader being not provided with SAM module can be the card reader being not provided with SAM module, is used for
Reading identity card information, for the ease of describing, hereinafter referred to as card reader, this card reader can have reception Card Reader instruction
The input equipment such as key device, touch screen, when user inputs Card Reader instruction, card reader receives Card Reader instruction, and card reader is also
Can have external communication interface, this communication interface is connected with terminal, receives the Card Reader instruction that terminal sends, and terminal can be tool
Have and carry out that communication sends the PC of instruction, PAD (panel computer), smart mobile phone, intelligence wearable set, electronic signature equipment
Equipment such as (such as industrial and commercial bank's U-shield, agricultural bank K are precious).Additionally, SAM module is the module that existing card reader is arranged, SAM
The ID card information that module is only used for reading card reader carries out authentication.
After S302: background server receives escape way foundation request, generate the first random factor;
In the present embodiment, the first random factor is single authentication data, can include random number and/or random event, at this not
Limit.This first random factor can also be one or a string random number, or can be one or a string random character, or
The a string random number of person and the combination in any of random combine.The first random factor that background server generates every time is all randomly generated,
The first random factor generated from the last time is different, is possible to prevent Replay Attack, improves safety.
First authentication data is sent to card reader by S303: background server, and wherein, the first authentication data at least includes: first
Random factor and the digital certificate of background server;
After S304: card reader receives the first authentication data, the first authentication data is sent to electronic signature equipment;
Owing to not having safety chip in card reader, and electronic signature equipment has safety chip, and this safety chip is (such as its people
The Z8D64U (state close lot number SSX43) of technical concern company limited, Z32 (state close lot number SSX20)) internal have independent
Processor and memory element, can store PKI digital certificate and key, and other characteristics, data are carried out encryption and decryption fortune
Calculate, provide the user data encryption and identification safety authentication service, protection business privacy and data safety.Therefore, the present embodiment
Middle need to carry out encryption and decryption, signature, sign test, the data of digital certificate authentication are both needed to through electronic signature equipment, to ensure Card Reader
Mutual safety between device and background server.In an optional embodiment of the present invention, electronic signature equipment can pass through USB
The wired or wireless interfaces such as interface, audio interface, blue tooth interface, NFC interface are connected with card reader, and the present embodiment is not made at this
Limit.
In the present embodiment, the digital certificate of background server is sent to electronic signature equipment by card reader, so that electronic signature equipment
Digital certificate is verified, the most legal to confirm the certificate of background server;First random factor is sent to electronic signature
Equipment, so that this first random factor is signed by electronic signature equipment, background server is again by this first random factor pair
Signature carries out sign test, so that background server confirms the identity security of electronic signature equipment, and is prevented from Replay Attack.
After S305: electronic signature equipment receives the first authentication data, the legitimacy of the digital certificate of background server is tested
Card, if the verification passes, then performs step S306, otherwise, terminates flow process;
In the specific implementation, electronic signature equipment can utilize the digital certificate of the root certificate background server to receiving to test
Card, to prevent illegal molecule from distorting the PKI of background server, it is achieved the safety certification to background server, improves both sides mutual
Safety.Electronic signature equipment downloads root certificate, root certificate from authentication center's (Certificate Authority is called for short CA)
It it is CA and the user basis of setting up trusting relationship.If the verification passes, then continue follow-up flow process, if checking is not passed through, then
Terminating flow process, now, background server disconnects with the connection of card reader and electronic signature equipment, and card reader will not be again to backstage
Server sends data, so that card reader will not be attacked by illegal background server.
S306: after being verified, electronic signature equipment generates the second random factor;
In the present embodiment, the second random factor is single authentication data, can include random number and/or random event.This is second years old
Random factor can also be one or a string random number, or can be one or a string random character, or a string random number and
The combination in any of random combine.
After by a series of checkings in subsequent step, background server and electronic signature equipment all can utilize this second random
The factor uses identical algorithm to generate transmission key.
S307: electronic signature equipment utilizes the PKI of the background server in the digital certificate of background server to the second random factor
It is encrypted operation, generates the first encryption data E1;
In the present embodiment, electronic signature equipment and background server be based on second random factor calculate transmission key, therefore,
Second random factor encryption be can ensure that the second random factor is not stolen, thus ensure that electronic signature equipment is random by second
The factor transmits the safety to background server, and then it is close to ensure that electronic signature equipment and background server generate transmission
The safety of key and reliability.
First random factor and the first encryption data are signed by S308: electronic signature equipment, generate the first signed data;
In the present embodiment, card reader is signed after the first random factor and the first encryption data being merged, and sign test can be made to tie
Fruit is more accurately and reliably.
Second authentication data is sent to card reader by S309: electronic signature equipment, and wherein, the second authentication data at least includes: the
One encryption data, the first signed data and the digital certificate of electronic signature equipment;
In the present embodiment, its digital certificate is sent to background server by electronic signature equipment by card reader, so that background service
Digital certificate is verified by device, the most legal to confirm the certificate of electronic signature equipment;First encryption data is sent to backstage
Server, so that background server utilizes this first encryption data that the first signed data is carried out sign test, to confirm that electronic signature sets
Standby identity security.
After S310: card reader receives the second authentication data, the second authentication data is sent to background server;
S311: background server receives the second authentication data, verifies the legitimacy of the digital certificate of electronic signature equipment;
In the specific implementation, background server can utilize the digital certificate of the root certificate electronic signature equipment to receiving to test
Card, to prevent illegal molecule from distorting the PKI of electronic signature equipment, it is achieved the safety certification to electronic signature equipment, improves both sides
Mutual safety.Background server downloads root certificate from authentication center's (Certificate Authority is called for short CA), and root is demonstrate,proved
Book is the basis that CA and user set up trusting relationship.If the verification passes, then continue follow-up flow process, if checking is not passed through,
Then terminate flow process.Now, background server disconnects with the connection of card reader and electronic signature equipment, and background server will not be again
Data are sent, so that background server will not be attacked by illegal card reader and illegal electronic signature device to card reader.
S312: after being verified, background server carries out sign test to the first signed data;If sign test is not passed through, then terminate stream
Journey;If sign test is passed through, then perform step S313;
In the present embodiment, background server carries out sign test to the first signed data, including: background server utilizes the first encryption
The PKI of the electronic signature equipment in the digital certificate of data and electronic signature equipment carries out sign test to the first signed data, specifically
Sign test mode is prior art, and here is omitted.
In the present embodiment, if sign test is passed through, show that the first signed data is signed by electronic signature equipment, more enter
One step realizes the safety certification to electronic signature equipment;If sign test is not passed through, then terminate flow process, now, background server with
The connection of card reader and electronic signature equipment disconnects, and background server will not send data to card reader again, so that backstage
Server will not be attacked by illegal card reader and illegal electronic signature device.
S313: background server utilizes the private key of background server to be decrypted the first encryption data, it is thus achieved that the second random factor;
S314: background server is calculated the second transmission key based on the second random factor;
In the present embodiment, background server can utilize this second random factor to use the algorithm identical with electronic signature equipment side
Generate transmission key, to ensure to carry out information alternately by this transmission key, by this between background server and card reader
Data in transmission double secret key transmitting procedure carry out encryption and decryption, to ensure the safety of transmission data.
S315: electronic signature equipment is calculated the first transmission key based on the second random factor;
In the present embodiment, electronic signature equipment can utilize this second random factor to use the algorithm identical with background server side
Generate transmission key, to ensure to carry out information alternately by this transmission key, by this between background server and card reader
Data in transmission double secret key transmitting procedure carry out encryption and decryption, to ensure the safety of transmission data.This step S315 and step
S309~S314 order in no particular order.
Can be identical transmission as optional embodiment a kind of in the present embodiment, the first transmission key and the second transmission key
Key, i.e. symmetric key, electronic signature equipment and background server are utilized respectively this symmetric key data encrypting and deciphering to transmission;
The double secret key of can also to be one group include encryption key and decruption key, electronic signature equipment and background server can be utilized respectively
Encryption key therein, to transmission data encryption, utilizes decruption key therein to transmission data deciphering.
S316: electronic signature equipment utilizes the data of transmission between the first transmission double secret key card reader and background server to carry out adding solution
Close, background server utilizes the data of transmission between the second transmission double secret key card reader and background server to carry out encryption and decryption.
By the method for the ID card information safe transmission that the present embodiment provides, it is possible to use electronic signature equipment card reader with after
Escape way is set up between station server, the data encryption utilizing transmission double secret key to transmit in escape way, improve data and pass
Defeated safety.
Embodiment 4
Present embodiments provide the system of a kind of ID card information safe transmission.A kind of identity card letter that Fig. 4 provides for the present embodiment
The structure chart of system 100 of breath safe transmission, as shown in Figure 4, this system include being not provided with SAM module card reader 10,
Background server 20 and electronic signature equipment 30.The card reader being not provided with SAM module can be to be not provided with SAM module
Card reader, for reading identity card information, for the ease of describing, hereinafter referred to as card reader 10.
In the present embodiment, card reader 10, it is used for receiving Card Reader instruction, the escape way request of setting up is sent to background service
Device 20;
In the present embodiment, card reader 10 can have the key device receiving Card Reader instruction, when user pushes button, Card Reader
Device 10 receives Card Reader instruction, and card reader 10 can also have external communication interface, and this communication interface is connected with terminal, receives
The Card Reader instruction that terminal sends, terminal can be to have to carry out the PC of communication transmission instruction, PAD (panel computer), intelligence
The equipment such as mobile phone, intelligence wearable set, electronic signature equipment (such as industrial and commercial bank's U-shield, agricultural bank K are precious).
Background server 20, after being used for receiving escape way foundation request, generates the first random factor, and by the first certification number
According to sending to card reader 10, wherein, the first authentication data at least includes: the first random factor and the numeral of background server 20
Certificate;
In the present embodiment, the first random factor is single authentication data, can include random number and/or random event.This is first years old
Random factor can also be one or a string random number, or can be one or a string random character, or a string random number and
The combination in any of random combine.The first random factor that background server 20 generates every time is all randomly generated, raw with the last time
The first random factor become is different, is possible to prevent Replay Attack, improves safety.
In the present embodiment, the digital certificate of background server 20 is sent to card reader 10 by background server 20, so that card reader
10 pairs of digital certificates are verified, the most legal to confirm the certificate of background server 20;Background server 20 is random by first
The factor is sent to electronic signature equipment 30, so that this first random factor is signed by electronic signature equipment 30 by card reader 10
Name, background server 20 carries out sign test by this first random factor to signature again, so that background server 20 confirms electronics label
The identity security of name equipment 30, and it is prevented from Replay Attack.
Card reader 10, after being additionally operable to receive the first authentication data, sends the first authentication data to electronic signature equipment 30;
Owing to not having safety chip in card reader, and electronic signature equipment has safety chip, and this safety chip is (such as its people
The Z8D64U (state close lot number SSX43) of technical concern company limited, Z32 (state close lot number SSX20)) internal have independent
Processor and memory element, can store PKI digital certificate and key, and other characteristics, data are carried out encryption and decryption fortune
Calculate, provide the user data encryption and identification safety authentication service, protection business privacy and data safety.Therefore, the present embodiment
Middle need to carry out encryption and decryption, signature, sign test, the data of digital certificate authentication are both needed to through electronic signature equipment, to ensure Card Reader
Mutual safety between device and background server.
Electronic signature equipment 30, for after receiving the first authentication data, legal to the digital certificate of background server 20
Property is verified, after being verified, electronic signature equipment 30 generates the second random factor;Utilize the number of background server 20
The PKI of the background server 20 in word certificate is encrypted operation to the second random factor, generates the first encryption data E1;Right
First random factor and the first encryption data are signed, and generate the first signed data;To the first random factor and the first encryption number
According to signing, generate the first signed data;Sending the second authentication data to card reader 10, wherein, the second authentication data is extremely
Include less: the first encryption data, the first signed data and the digital certificate of electronic signature equipment 30;
In the specific implementation, electronic signature equipment 30 can utilize the digital certificate of the root certificate background server 20 to receiving
Verify, to prevent illegal molecule from distorting the PKI of background server 20, it is achieved the safety certification to background server 20,
Improve the safety that both sides are mutual.Electronic signature equipment 30 is downloaded from authentication center's (Certificate Authority is called for short CA)
Root certificate, root certificate is the basis that CA and user set up trusting relationship.If the verification passes, then continue subsequent operation, if
Checking is not passed through, then terminate subsequent operation, now, card reader 10 and electronic signature equipment 30 and the company of background server 20
Connecing disconnection, card reader 10 will not send data to background server 20 again, so that card reader 10 will not be by illegal backstage
The attack of server.
In the present embodiment, the second random factor is single authentication data, can include random number and/or random event.This is second years old
Random factor can also be one or a string random number, or can be one or a string random character, or a string random number and
The combination in any of random combine.
In the present embodiment, after a series of checkings by background server 20 and electronic signature equipment 30, background server
20 all can utilize this second random factor to use identical algorithm to generate transmission key with electronic signature equipment 30.
In the present embodiment, background server 20 and Card Reader 10 are based on the second random factor and calculate transmission key, therefore, right
Second random factor encryption can ensure that the second random factor is not stolen, thus ensures that electronic signature equipment 30 is random by second
The factor transmits the safety to background server, and then ensures that electronic signature equipment 30 generates with background server 20
The safety of transmission key and reliability.
In the present embodiment, electronic signature equipment 30 is signed after first random factor and the first encryption data being merged, permissible
Make sign test result more accurately and reliably.
In the present embodiment, the digital certificate of electronic signature equipment 30 is sent to backstage by electronic signature equipment 30 by card reader 10
Server 20, so that digital certificate is verified by background server 20, to confirm whether the certificate of electronic signature equipment 30 closes
Method;First encryption data is sent to background server 20, so that background server 20 utilizes this first encryption data to first
Signed data carries out sign test, to confirm the identity security of electronic signature equipment 30.
Additionally, electronic signature equipment 30, it is additionally operable to be calculated the first transmission key based on the second random factor;
In the present embodiment, electronic signature equipment 30 can utilize the employing of this second random factor identical with background server 20 side
Algorithm generate transmission key, to ensure to carry out information by this transmission key between background server 20 and card reader 10
Alternately, carry out encryption and decryption by the data in this transmission double secret key transmitting procedure, to ensure the safety of transmission data.
Card reader 30, after being additionally operable to receive the second authentication data, sends the second authentication data to background server 20;
Background server 20, is additionally operable to receive the second authentication data, enters the legitimacy of the digital certificate of electronic signature equipment 30
Row checking;After being verified, the first signed data is carried out sign test;If sign test is not passed through, then terminate subsequent operation;If testing
Label pass through, then utilize the private key of background server 20 to be decrypted the first encryption data, it is thus achieved that the second random factor;And based on
Second random factor is calculated the second transmission key.
In the specific implementation, background server 20 can utilize the numeral of the root certification authentication electronic signature equipment 30 to receiving
Certificate is verified, to prevent illegal molecule from distorting the PKI of electronic signature equipment 30, it is achieved the peace to electronic signature equipment 30
Full certification, improves the safety that both sides are mutual.Background server 20 is from authentication center's (Certificate Authority is called for short CA)
Downloading root certificate, root certificate is the basis that CA and user set up trusting relationship.If the verification passes, then continue subsequent operation,
If checking is not passed through, then terminate subsequent operation.Now, background server 20 and card reader 10 and electronic signature equipment 30
Connection disconnect, background server 20 will not send data to card reader 10 again, so that background server 20 will not be subject to
Illegal card reader and the attack of illegal electronic signature device.
In the present embodiment, the implementation that background server 20 carries out sign test to the first signed data includes: background server
The PKI of the electronic signature equipment 30 in 20 digital certificates utilizing the first encryption data and electronic signature equipment 30 is signed first
Name data carry out sign test, and concrete sign test mode is prior art, and here is omitted.
In the present embodiment, if sign test is passed through, show that the first signed data is signed by electronic signature equipment 30, more
Realize the safety certification to electronic signature equipment 30 further;If sign test is not passed through, then end operation, now, background service
Device 20 disconnects with the connection of card reader 10 and electronic signature equipment 30, background server 20 will not again to card reader 10 and
Electronic signature equipment 30 sends data, sets so that background server 20 will not be signed by illegal card reader and illegal electronic
Standby attack.
In the present embodiment, background server 20 can utilize the employing of this second random factor identical with electronic signature equipment 30 side
Algorithm generate transmission key, to ensure to be entered by this transmission key between background server 20 and electronic signature equipment 30
Row information is mutual, carries out encryption and decryption by the data in this transmission double secret key transmitting procedure, to ensure the safety of transmission data.
Can be identical transmission as optional embodiment a kind of in the present embodiment, the first transmission key and the second transmission key
Key, i.e. symmetric key, electronic signature equipment 30 and background server 20 are utilized respectively this symmetric key and add the data of transmission
Deciphering;The double secret key of can also to be one group include encryption key and decruption key, electronic signature equipment 30 and background server 20
Can be utilized respectively encryption key therein to transmission data encryption, utilize decruption key therein to transmission data deciphering.
Additionally, electronic signature equipment 30, it is additionally operable to utilize between the first transmission double secret key card reader 10 and background server 20 biography
Defeated data carry out encryption and decryption, background server 20, are additionally operable to utilize the second transmission double secret key card reader 10 and background server
Between 20, the data of transmission carry out encryption and decryption.
By the system of the ID card information safe transmission that the present embodiment provides, electronic signature equipment 30 can pass through card reader 10
And set up escape way between background server 20, the data encryption utilizing transmission double secret key to transmit in escape way, improve
The safety of data transmission.
Embodiment 5
The schematic flow sheet of a kind of identity card card reading method that Fig. 5 provides for the present embodiment, as it is shown in figure 5, the present embodiment provides
Identity card card reading method mainly include the following steps that (501-506).
Step 501: card reader receives the card seeking response instruction that the first identity card returns;
In the present embodiment, card reader is sent out card seeking by its radio-frequency module at interval of a period of time and instructs, the first identity card
After receiving the card seeking instruction that card reader sends, the first identity card can send card seeking response instruction from trend card reader, and card reader receives
The card seeking response instruction that first identity card returns.The card seeking response that card reader is returned by the first identity card instructs and the first identity card
Set up communication connection.
It should be noted that general card reader is provided with the safety control module of Ministry of Public Security's mandate in order to decipher what card reader read
Encryption identity card information, but the cost being integrated with the safety control module that the Ministry of Public Security authorizes in card reader is high, in the present embodiment,
Card reader is not provided with the safety control module (SAM module) that the Ministry of Public Security authorizes, and safety control module is arranged on far-end, permissible
It is arranged in background server, it is also possible to be independently arranged, is connected by wired (such as, USB interface etc.) with background server,
Can also be by wireless (such as, WIFI, bluetooth etc.), concrete the present embodiment is not construed as limiting.By by card reader and SAM mould
Block is provided separately, and can share a SAM module with multiple card reader, such that it is able to cost-effective.
Step 502: card reader reads the configuration information of the first identity card;
In the present embodiment, card reader, after receiving the card seeking response instruction that the first identity card returns, determines current readable range
Inside there is identity card, then directly read the configuration information in the first identity card.Configuration information includes: serial number, application data (are used
In showing this ID card is provided with which application), host-host protocol (such as, transport protocol type, bit digit rate, largest frames
Length etc.).
In actual applications, in the first identity card storage information include with clear-text way storage identity card configuration information and with
The encryption identity card information of encrypted test mode storage.Wherein, the configuration information of identity card, refer to the configuration parameter of identity card, such as
The serial number etc. of identity card, card reader can be with this configuration information of Direct Recognition, it is not necessary to the safety control module that the Ministry of Public Security authorizes enters
Row deciphering.Encryption identity card information, refer in identity card with ciphertext storage identity card, such as identification card number, name, sex,
The information such as address and photo, after the safety control module that this encryption identity card information is only authorized by the Ministry of Public Security is decrypted,
The cleartext information of this identity card can be obtained.The safety control module that the Ministry of Public Security authorizes, when deciphering encryption identity card information, needs logical
Cross configuration information could decipher, therefore, when reading identity card, need the configuration information stored in identity card and crypto identity
Card information is both provided to the safety control module that the Ministry of Public Security authorizes.In the present embodiment, regardless of whether receive Card Reader instruction, read
As long as card device there are identity card (i.e. receiving the card seeking response instruction that identity card returns) in readable range being detected, then reading should
The configuration information of identity card.
Step 503: whether card reader is by having stored configuration information in external interface inquiry electronic signature equipment;
In the present embodiment, after card reader reads the configuration information in the first identity card, card reader inquires about electronics by external interface
Whether signature device stores the configuration information of the first identity card that card reader reads in 502 in steps, has step without storage
The configuration information read in rapid 502, performs step 504;If it addition, the configuration information that storage is read in 502 in steps,
The most directly perform step 505.
Step 504: configuration information is stored in electronic signature equipment by external interface;
In the present embodiment, card reader inquiry electronic signature equipment does not has the situation of the configuration information read in storing step 502
Under, the configuration information read in step 502 is stored in electronic signature equipment by card reader by external interface.
In the present embodiment, card reader and electronic signature equipment can pass through wired connection, such as, USB interface, audio interface
Deng, it is also possible to wirelessly connect, such as, the such as mode such as NFC, bluetooth.Electronic signature equipment can be to have label
The safety equipment of name function, such as, the K treasured etc. that the U-shield of industrial and commercial bank's use, agricultural bank use.Concrete the present embodiment is not construed as limiting.
Step 505: card reader receives Card Reader instruction;
In the present embodiment, step 503 receives with card reader the step that Card Reader instruction is two not free sequencings,
In actual applications, card reader is probably when performing step 503 and receives Card Reader instruction, it is also possible to be to perform step 503
Receive Card Reader instruction afterwards, it is also possible to performing step 503 again after receiving Card Reader instruction, concrete the present embodiment does not limits
Fixed.
In the present embodiment, Card Reader instruction is the instruction for reading identity card information, and card reader can pass through terminal (such as computer
Or mobile phone etc.) receive Card Reader instruction, it is possible to obtaining Card Reader by card reader self instructs, and card reader obtains the mode of Card Reader instruction
The present embodiment does not limit, as long as card reader can receive Card Reader instruction the most within the scope of the present invention.Card reader
The encryption identity card information of storage in identity card is obtained by the Card Reader instruction received.
Step 506, electronic signature equipment and background server consult transmission key.
In the present embodiment, electronic signature equipment includes step 50,601 50612 with the negotiation transport keybag of background server, should
Flow process is corresponding with the step 101-step 112 of the embodiment of the present invention 1, specifically refers to the description in embodiment 1, at this no longer
Repeat.
Step 507, card reader obtains the encryption identity card information of storage in identity card;
In an optional embodiment of the embodiment of the present invention, in electronic signature equipment, storage has the feelings of encryption identity card information
Under condition, card reader can obtain encryption identity card information by external interface from electronic signature equipment, or, card reader also may be used
Directly to read encryption identity card information from the first identity card, specifically can refer to the description in embodiment 6 and 7.
Step 508: electronic signature equipment utilizes the first transmission double secret key configuration information and the encryption generation first of encryption identity card information
Transmission ciphertext, and the first transmission ciphertext is sent to card reader;
Step 509: the first transmission ciphertext is sent to background server by card reader;
Step 510: background server utilize the second transmission double secret key first transmit ciphertext deciphering obtain configuration information and crypto identity
Card information.
In the present embodiment, card reader obtains in identity card after the encryption identity card information of storage, and electronic signature equipment utilizes first
Transmission double secret key configuration information and the encryption of encryption identity card information generate the first transmission ciphertext, and the first transmission ciphertext is sent by card reader
To background server.Concrete, card reader can be passed through terminal (such as computer or mobile phone etc.) and be connected also with background server foundation
Communication, it is also possible to (such as bluetooth, infrared or NFC near-field communication etc.) directly set up company with background server wirelessly
Connect and communication.
In the related, perform identity card read flow process time, detect there are identity card in readable range time, not
The information of storage in meeting reading identity card, and it is to wait for Card Reader instruction, after receiving Card Reader instruction, then read from identity card
Configuration information and encryption identity card information.And the present embodiment provide identity card Card Reader scheme in, card reader detect readable
In the range of when there are identity card, just directly read the configuration information of identity card, after receiving Card Reader instruction, only need to obtain body
The encryption identity card information of storage in part card, without reading configuration information again, such that it is able to save the Card Reader time, improves use
Family is experienced.
As the optional embodiment of one of the present embodiment, after the first transmission ciphertext is sent to background server by card reader,
Background server can interact with SAM module, obtains the identity card cleartext information of deciphering, and background server utilizes second
Transmission double secret key identity card cleartext information is encrypted, it is thus achieved that the first encryption identity card information, the first encryption identity card information is sent out
Give card reader.Therefore, in this optional embodiment, after the first transmission ciphertext is sent to background server by card reader,
The method can also include: after card reader obtains the first encryption identity card information that background server sends, by the first crypto identity
Card information sends to electronic signature equipment, after electronic signature equipment obtains the first encryption identity card information that card reader sends, utilizes
First transmission double secret key the first encryption identity card information is decrypted, and obtains background server and deciphers the identity card cleartext information obtained,
Electronic signature equipment produces a random key;Electronic signature equipment uses random key to be encrypted identity card cleartext information,
Identity card cleartext information after encryption is stored in safety chip by electronic signature equipment.By the identity card cleartext information by encryption
It is stored in safety chip, can be in the case of card reader need repeatedly reading identity card information, directly from electronic signature equipment
Middle acquisition, i.e. electronic signature equipment utilize random key to be decrypted, the identity card cleartext information after encryption by identity after deciphering
Card cleartext information exports to card reader, it is not necessary to the most again entered encryption identity card information by background server and SAM module
Row deciphering, in order to save the time of secondary Card Reader, and, by using random key that identity card cleartext information is encrypted,
Can ensure that the safety of identity card cleartext information.
As the optional embodiment of one of the present embodiment, in card reader, identity card cleartext information is stored in electronic signature equipment
Afterwards, card reader receives the card seeking response instruction that the second identity card returns, and card reader reads the configuration information of the second identity card,
Whether card reader stores the configuration information of current reading in judging electronic signature equipment, card reader receives the terminal being attached thereto
The Card Reader instruction of (such as, the PC of bank front end), is judging that electronic signature equipment internal memory contains the configuration letter of current reading
In the case of breath, it is judged that whether electronic signature equipment stores the identity card cleartext information after encryption, is judging electronic signature equipment
In the case of internal memory contains the identity card cleartext information after encryption, card reader obtains electronics by external interface to electronic signature equipment
Identity card cleartext information after the encryption stored in signature device, i.e. electronic signature equipment use random key to the identity after encryption
Card cleartext information is decrypted, and after deciphering, exports identity card cleartext information to card reader.Such as, card reader can will be deciphered
After identity card cleartext information be sent to terminal, it is also possible to directly display the identity card cleartext information after deciphering.
Concrete, in the case of the second identity card and the first identity card are same identity card, card reader reads the second identity card
Configuration information, and judge that in electronic signature equipment, storage has the configuration information of current reading, after card reader receives Card Reader instruction, sentences
Whether store the identity card cleartext information after encryption in disconnected electronic signature equipment, judging that electronic signature equipment internal memory contains encryption
After identity card cleartext information in the case of, card reader obtains the identity card cleartext information in electronic signature equipment after the deciphering of storage,
That is, electronic signature equipment uses random key to be decrypted the identity card cleartext information after encryption, after deciphering by identity card in plain text
Information exports to card reader.It addition, in the case of the second identity card and the first identity card are different identity card, card reader reads
The configuration information of the second identity card, and judge the configuration information not having storage to have current reading in electronic signature equipment, card reader is held
The Card Reader flow process of row the second identity card, the Card Reader flow process reading the second identity card is identical with the Card Reader flow process reading the first identity card,
Do not repeat them here.Judge whether it is secondary Card Reader by configuration information, and judging that storage has the body corresponding with configuration information
During part card cleartext information, directly obtain from electronic signature equipment, i.e. electronic signature equipment utilizes random key to the body after encryption
Part card cleartext information is decrypted, and exports identity card cleartext information to card reader, saved the time of secondary Card Reader after deciphering.
In the present embodiment, electronic signature equipment can the identity card cleartext information of the only encryption of one identity card of storage, such as,
Can arrange a memory space in electronic signature equipment, this memory space is for storing the identity card cleartext information of encryption, separately
One memory space can also be set outward for storing configuration information.Card reader, when identity card being detected, reads this identity card
Configuration information, if this configuration information is not stored in electronic signature equipment, then empties configuration information in electronic signature equipment
The information of storage in the memory space of the identity card cleartext information of memory space and encryption, then the configuration information currently read is preserved
To the memory space of configuration information, thereby may be ensured that the configuration information of storage in electronic signature equipment and the identity card plaintext of encryption
Information belongs to same identity card.In identity card Card Reader flow process continuous after execution, electronic signature equipment is being got by card reader
After the identity card cleartext information that background server deciphering obtains, re-use random key and this identity card cleartext information is encrypted, then
It is saved in the memory space of the identity card cleartext information of encryption.Card reader is receiving host computer (such as, the PC of bank front end
Machine) send Card Reader instruction time, it can be determined that the configuration information of current identity card and the configuration information of storage in electronic signature equipment
The most consistent, if unanimously, then electronic signature equipment utilizes the random key identity card plaintext to the encryption in electronic signature equipment
The identity card cleartext information of the encryption in the memory space of information is decrypted, and exports card reader after deciphering.
Certainly, electronic signature equipment can also store the identity card cleartext information of the encryption of multiple identity card, such as, in storage
During the identity card cleartext information encrypted, the identity card cleartext information of this encryption is associated storage with the configuration information of identity card.Card Reader
Device, when identity card being detected, reads the configuration information of this identity card, if this configuration information is not stored in electronic signature equipment
In, then the configuration information currently read is saved in the memory space of the configuration information of electronic signature equipment, obtains card reader is follow-up
When taking the identity card cleartext information of this identity card, electronic signature equipment uses random key to be encrypted, by the identity card after encryption
Cleartext information associates storage with this configuration information.When the Card Reader of subsequently received host computer instructs, card reader may determine that electronics
Whether signature device stores the configuration information of current identity card, if it has, whether further judge in electronic signature equipment
Storage has the identity card cleartext information of the encryption associated with this configuration information, if it has, then electronic signature equipment utilizes random key
The identity card cleartext information of this encryption is deciphered, after deciphering, exports card reader.
As the optional embodiment of one of the present embodiment, in card reader, the identity card cleartext information after encryption is stored electronics label
After in name equipment, in order to ensure the safety of ID card information, if card reader is not detected by identity card in the given time,
Identity card cleartext information after the encryption stored in then emptying electronic signature equipment.Concrete, card reader is by the identity card after encryption
After cleartext information stores in electronic signature equipment, card reader judges whether to detect in the given time identity card, works as Card Reader
In the case of device is not detected by identity card in the given time, card reader is deleted in electronic signature equipment by external interface and is stored
Configuration information and encryption identity card information.
As the optional embodiment of one of the present embodiment, in card reader, identity card cleartext information is stored in electronic signature equipment,
Electronic signature equipment produce random key, and utilize random key to this to identity card cleartext information encrypt after, if card reader
Before being not detected by identity card in the given time or performing power-off operation, delete the random key in electronic signature equipment.Specifically
, after identity card cleartext information is stored in electronic signature equipment by card reader, card reader judges whether to examine in the given time
Measuring identity card, in the case of card reader is not detected by identity card in the given time, card reader is indicated by external interface
Electronic signature equipment deletes random key.Certainly, after identity card cleartext information is stored in electronic signature equipment by card reader,
When electronic signature equipment performs power-off operation, electronic signature equipment also deletes random key.After deleting random key, even if should
Electronic signature equipment is illegally accessed, and also cannot be decrypted the identity card cleartext information of the encryption of storage in electronic signature equipment,
Thus ensure that the safety of ID card information, and then the identity card cleartext information of encryption can be stored by electronic signature equipment
In flash memory (flash).
Alternatively, in the present embodiment, the configuration information of identity card and the identity card cleartext information of encryption can be in the way of cachings
Storing in electronic signature equipment, according to the characteristic of caching, under electronic signature equipment after electricity, electronic signature equipment empties automatically
The information of storage, thereby may be ensured that the safety of ID card information.
A kind of identity card card reading method provided by the present embodiment, was just read and by body before card reader receives Card Reader instruction
The configuration information of part card stores electronic signature equipment, and after receiving Card Reader instruction, card reader need not reading identity card again
Configuration information, it is only necessary in reading identity card storage encryption identity card information, saved the Card Reader time.It addition, after passing through
During station server deciphering obtains identity card cleartext information and is stored in the electronic signature equipment of card reader, when transacting business needs repeatedly
In the case of reading identity card information, the identity card cleartext information of encryption can be obtained from electronic signature equipment, it is not necessary to backstage
Server is repeatedly deciphered, thus further reduces the Card Reader time.
Embodiment 6
The schematic flow sheet of the identity card card reading method that Fig. 6 provides for the present embodiment, as shown in Figure 6, the body that the present embodiment provides
Part card information transferring method mainly includes the following steps that.
Step 501~506 identical in step 601~606, with embodiment 5, does not repeats them here.
Step 607: whether store the encryption identity card information corresponding with configuration information in card reader inquiry electronic signature equipment;
In the present embodiment, after card reader receives Card Reader instruction, whether inquiry electronic signature equipment stores and configuration information
Corresponding encryption identity card information, when in electronic signature equipment, storage has the situation of the encryption identity card information corresponding with configuration information
Under, perform step 608;When the situation not having storage to have the encryption identity card information corresponding with configuration information in electronic signature equipment
Under, perform step 609.
In the present embodiment, whether card reader inquiry electronic signature equipment stores the encryption identity card letter corresponding with configuration information
During breath, can send inquiry request to electronic signature equipment, request electronic signature equipment inquiry is corresponding with the configuration information read
Encryption identity card information, if electronic signature equipment inquires this encryption identity card information, then can return this encryption identity card letter
Breath, it is also possible to only notice card reader inquires this encryption identity card information, without inquiring, then notice card reader is not deposited
Store up this encryption identity card information.Concrete form the present embodiment limits.
Step 608: card reader obtains this encryption identity card information from electronic signature equipment;
In the present embodiment, during card reader judges electronic signature equipment, storage has the encryption identity card information corresponding with configuration information
In the case of, card reader obtains the encryption identity card information of the identity card corresponding with this configuration information from electronic signature equipment.
Step 609: card reader performs Card Reader flow process, reads the encryption identity card information in the first identity card, the encryption that will read
ID card information is stored in electronic signature equipment, and associates, this encryption identity card information i.e. at electronics with above-mentioned configuration information
This encryption identity card information is associated storage with above-mentioned configuration information by signature device.
The most in the present embodiment, the configuration information of identity card associates storage, therefore, electronic signature with encryption identity card information
Equipment can store configuration information and the encryption identity card information of multiple identity cards simultaneously.
In the present embodiment, storage is not had to have the encryption identity card corresponding with configuration information to believe during card reader judges electronic signature equipment
In the case of breath, card reader needs to perform Card Reader flow process, reads the encryption identity card information of storage, card reader in the first identity card
After reading encryption identity card information from the first identity card, the encryption identity card information of reading is stored in electronic signature equipment.
In the present embodiment, electronic signature equipment can store multiple configuration information, at the crypto identity of card reader reading identity card
After card information, card reader needs with the configuration information read in step 602, the encryption identity card information read is associated storage, with
Just encryption identity card information can be obtained by configuration information.
Step 610~612 identical with step 508-510 in embodiment 5, does not repeats them here.
As the optional embodiment of one of the present embodiment, in step 609, the encryption identity card of storage in electronic signature equipment
Information includes multiple packet, and in step 611, encryption identity card information is sent to background server and includes by card reader: electricity
Sub-signature device utilizes the first transmission double secret key configuration information and encryption identity card information to be encrypted, and to obtain the first transmission ciphertext concurrent
Delivering to card reader, the first transmission ciphertext is sent to background server by card reader.Concrete, card reader reads in the first identity card
Encryption identity card information after, be divided into multiple packet to be stored in electronic signature equipment encryption identity card information, work as card reader
After receiving Card Reader instruction, multiple packets that encryption identity card information is included by electronic signature equipment utilize the first transmission close successively
Obtaining the first transmission ciphertext after key encryption and send to card reader, the first transmission ciphertext is sent to background server by card reader.Logical
Cross and be divided into multiple packet to store encryption identity card information, carry out Fast retransmission when facilitating subsequent transmission to make mistakes, it is not necessary to by institute
Encryption identity card information is had to retransmit.
As the optional embodiment of one of the present embodiment, during the retransmission instructions that station server sends upon receipt, card reader will
Retransmission instructions sends to electronic signature equipment, and electronic signature equipment utilizes the first transmission double secret key retransmission instructions instruction to need re-transmission
Packet is encrypted generation the second transmission ciphertext, and sends to card reader, and the second transmission ciphertext is retransmitted and taken to backstage by card reader
Business device, background server utilizes the second transmission double secret key second to transmit ciphertext and deciphers the data obtaining retransmission instructions instruction needs re-transmission
Bag.Concrete, when the packet transmission transmitting ciphertext makes mistakes to background server, background server passes through retransmission instructions
Instruction card reader needs the packet retransmitted, and electronic signature equipment only need to be utilized the needs after the first transmission key encryption by card reader
The data packet retransmission retransmitted, to background server, saves the time of reading identity card.
As the optional embodiment of one of the present embodiment, after the first transmission ciphertext is sent to background server by card reader,
In order to ensure ID card information safety, card reader is not detected by identity card in the given time, empties electronic signature equipment internal memory
The configuration information of the identity card of storage and encryption identity card information.Concrete, card reader can be sent out card seeking at interval of a period of time
Instruction, after the first transmission ciphertext is sent to background server by card reader, card reader is not detected by body in the given time
Part card, illustrate identity card the most not in the range of card reader can read, in electronic signature equipment store encryption identity card information
Being no longer necessary to configuration information, therefore, card reader will empty electronic signature equipment by external interface, and (card reader can be to electronics
Signature device sends flush instructions, and instruction electronic signature equipment empties corresponding content) configuration information of identity card that stores and adding
Close ID card information.By detecting identity card in the given time and emptying the information of storage in electronic signature equipment, can save
The memory space of electronic signature equipment, it is ensured that the safety of ID card information.
Alternatively, in the present embodiment, configuration information and the encryption identity card information of identity card can store in the way of caching
In electronic signature equipment, according to the characteristic of caching, under electronic signature equipment after electricity, automatically empty the information of caching, thus can
To ensure the safety of ID card information.
Other unaccomplished matter is same as in Example 5, does not repeats them here.
The identity card card reading method provided by the present embodiment, was just read and at electronics label before card reader receives Card Reader instruction
The configuration information of name equipment storage identity card, after receiving Card Reader instruction, card reader need not the configuration of reading identity card again
Information, it is only necessary to the encryption identity card information of storage in reading identity card, has saved the Card Reader time.It addition, adding identity card
Close ID card information is divided into multiple packet to be stored in the electronic signature equipment of card reader, in order to background server is referred to by re-transmission
Order instruction card reader need retransmit packet time, card reader only need to by need retransmit data packet retransmission to background server,
Further reduce the time of reading identity card.
Embodiment 7
The schematic flow sheet of the ID card information transmission method that Fig. 7 provides for the present embodiment, as it is shown in fig. 7, the present embodiment provides
ID card information transmission method mainly include the following steps that.
In step 701~712, with embodiment 6, step 601~612 something in common do not repeat them here, the most just with in embodiment 6
Hold difference to illustrate.
Unlike embodiment 6, in order to save memory space, the present embodiment is only deposited in the electronic signature equipment of card reader
The configuration information of one identity card of storage and encryption identity card information.
Unlike embodiment 6, in step 704, card reader is deleted in electronic signature equipment by external interface and is stored
Configuration information and encryption identity card information, the configuration information of reading is stored in electronic signature equipment.Concrete, at Card Reader
In the case of device judges the configuration information not having to read in storing step 702 in electronic signature equipment, first card reader deletes electronics
The configuration information stored before in signature device and encryption identity card information, refer to for example, it is possible to send deletion to electronic signature equipment
Order, the configuration information stored before instruction electronic signature equipment deletion and encryption identity card information, and by reading in step 702
Configuration information is stored in electronic signature equipment.
Unlike embodiment 6, in step 709, card reader performs Card Reader flow process, reads adding in the first identity card
Close ID card information, is stored in the encryption identity card information of reading in electronic signature equipment.Concrete, card reader judges electronics
In the case of not stored configuration information before in signature device, card reader needs to perform Card Reader flow process, reads in the first identity card
The encryption identity card information of storage, after card reader reads encryption identity card information from the first identity card, the crypto identity that will read
Card information is stored in electronic signature equipment.Unlike embodiment 6, owing to electronic signature equipment only storing a body
The information of part card, therefore, electronic signature equipment need not the configuration information read in step 702 and storage in step 709
Encryption identity card information association stores.
As the optional embodiment of one of the present embodiment, in electronic signature equipment, the encryption identity card information of storage can also include
Multiple packets, when encryption identity card information is sent to background server by card reader, encryption identity card is believed by electronic signature equipment
Multiple packets that breath includes obtain the first transmission ciphertext after utilizing the first transmission key encryption successively, and utilize card reader by first
Transmission ciphertext sends to background server.By being divided into multiple packet to store encryption identity card information, subsequent transmission is facilitated to go out
Stagger the time and carry out Fast retransmission, it is not necessary to all encryption identity card information are retransmitted.
As the optional embodiment of one of the present embodiment, after card reader receives the retransmission instructions that background server sends, will
Retransmission instructions sends to electronic signature equipment, and electronic signature equipment utilizes the first transmission double secret key retransmission instructions instruction to need re-transmission
Packet is encrypted generation the second transmission ciphertext, and sends to card reader, and the second transmission ciphertext is retransmitted and taken to backstage by card reader
Business device, background server utilizes the second transmission double secret key second to transmit ciphertext and deciphers the data obtaining retransmission instructions instruction needs re-transmission
Bag.Concrete, a packet of the encryption identity card information after utilizing the first transmission key encryption transmits to background server
When makeing mistakes, background server sends retransmission instructions to card reader, and instruction needs the packet retransmitted, Card Reader in retransmission instructions
After device receives the retransmission instructions that background server sends, instruction electronic signature equipment utilizes the first transmission key encryption retransmission instructions
The packet needing to retransmit of instruction, and the obtain second transmission ciphertext is retransmitted to background server.Background server is by weight
Teletype command instruction card reader needs the packet retransmitted, and card reader only need to indicate electronic signature equipment encryption to need the packet retransmitted,
Obtain the second transmission ciphertext to retransmit to background server, save the time of reading identity card.
In this embodiment it is possible to distribute two memory spaces in the safety chip of electronic signature equipment, i.e. configuration information storage
Space and encryption identity card memory space, store configuration information memory space by the configuration information of same identity card, encrypts body
Part card information stores encryption identity card memory space, when identity card having been detected, first reads the configuration information of this identity card,
If the configuration information of this identity card is not stored in safety chip, then empties configuration information memory space and encryption identity card is deposited
The information of storage space storage, then the configuration information currently read is stored configuration information memory space, subsequent execution Card Reader flow process
After reading encryption identity card information from identity card, encryption identity card information is stored the storage of encryption identity card memory space.
If the configuration information of this identity card is stored in safety chip, then when receiving Card Reader instruction, directly from electronic signature equipment
Encryption identity card memory space in obtain encryption identity card information.Adopt in this way, it can be ensured that the identity card before used
The safety of information, it is to avoid ID card information is illegally used.
Alternatively, in the present embodiment, configuration information and the encryption identity card information of identity card can store in the way of caching
In electronic signature equipment, according to the characteristic of caching, under electronic signature equipment after electricity, automatically empty the information of caching, thus can
To ensure the safety of ID card information.
The identity card card reading method provided by the present embodiment, was just read and at electronics label before card reader receives Card Reader instruction
The configuration information of name equipment storage identity card, after receiving Card Reader instruction, card reader need not the configuration of reading identity card again
Information, it is only necessary to the encryption identity card information of storage in reading identity card, has saved the Card Reader time.It addition, read in card reader
In identity card before the encryption identity card information of storage, it is judged that whether electronic signature equipment stores add corresponding with configuration information
Close ID card information, can avoid repeating to read encryption identity card information from identity card, accelerate card reading speed.It addition, it is logical
Cross and encryption identity card information is divided into multiple packet, in order to background server needs re-transmission by retransmission instructions instruction card reader
During packet, retransmission instructions only need to be sent to card reader by card reader, and card reader sends retransmission instructions to electronics by external interface
Signature device, electronic signature equipment encryption sends to card reader after needing the packet retransmitted, and card reader retransmits to background server
, further reduce the time of reading identity card.It addition, electronic signature equipment has only to be provided with one identity of storage
The configuration information of card and the memory space of encryption identity card information, while having saved the memory space of safety chip, it is ensured that
The safety of ID card information.
Embodiment 8
Present embodiments provide a kind of ID card information secure transmission system.This system uses structure same as in Example 2, as
Shown in Fig. 2, including being not provided with SAM (ID card verification security control) electronic signature equipment 201, the card reader 202 of module
With background server 203, system and the embodiment 2 only the present embodiment provided in the present embodiment provide the difference of system carry out as
Lower explanation.
As the optional embodiment of the one in the present embodiment, card reader 202, it is additionally operable to before receiving the instruction of described Card Reader,
Receive the card seeking response instruction that the first identity card returns;Read the configuration information of the first identity card;By external interface inquiry electricity
Whether sub-signature device 201 has stored configuration information, in the case of electronic signature equipment 201 does not store configuration information,
By external interface, configuration information is stored in electronic signature equipment 201.Set 201 in electronic signature and be calculated the first transmission
After key: card reader 202, it is additionally operable to, after described electronic signature equipment is calculated described first transmission key, obtain
The encryption identity card information of storage in identity card, and send to electronic signature equipment 201, receive electronic signature equipment 201 and return
First transmission ciphertext, and by first transmission ciphertext be sent to background server 203;
Electronic signature equipment 201, is additionally operable to utilize between the first transmission double secret key card reader 202 and background server 203 transmission
Data carry out encryption and decryption, utilize the first transmission double secret key configuration information and encryption identity card letter including: electronic signature equipment 201
Encryption for information generates the first transmission ciphertext.
In this optional mode, card reader 202 is sent out card seeking by its radio-frequency module at interval of a period of time and instructs, and first
After identity card receives the card seeking instruction that card reader 202 sends, the first identity card can send card seeking response from trend card reader 202 and refer to
Order, card reader 202 receives the card seeking response instruction that the first identity card returns.Card reader 202 is by seeking that the first identity card returns
Card response instruction sets up communication connection with the first identity card.
It should be noted that general card reader 202 is provided with the safety control module of Ministry of Public Security's mandate in order to decipher card reader 202
The encryption identity card information read, but the cost being integrated with the safety control module that the Ministry of Public Security authorizes in card reader 202 is high, this
In embodiment, card reader 202 is not provided with the safety control module (SAM module) that the Ministry of Public Security authorizes, and safety control module sets
Put at far-end, can be arranged in background server 203, it is also possible to be independently arranged, with background server 203 by wired (example
Such as, USB interface etc.) connect, it is also possible to by wireless (such as, WIFI, bluetooth etc.), concrete the present embodiment is not construed as limiting.
By card reader 202 being provided separately with SAM module, a SAM module can be shared with multiple card reader 202, thus can
With cost-effective.
In the present embodiment, card reader 202, after receiving the card seeking response instruction that the first identity card returns, determines the most readable
In the range of have identity card, then directly read the configuration information in the first identity card.
In actual applications, in the first identity card storage information include with clear-text way storage identity card configuration information and with
The encryption identity card information of encrypted test mode storage.Wherein, the configuration information of identity card, refer to the configuration parameter of identity card, such as
The serial number etc. of identity card, card reader 202 can be with this configuration information of Direct Recognition, it is not necessary to the security control mould that the Ministry of Public Security authorizes
Block is decrypted.Encryption identity card information, refer in identity card with ciphertext storage identity card, such as identification card number, name,
The information such as sex, address and photo, the safety control module that this encryption identity card information is only authorized by the Ministry of Public Security is decrypted
After, the cleartext information of this identity card could be obtained.The Ministry of Public Security authorize safety control module decipher encryption identity card information time,
Need could be deciphered by configuration information, therefore, when reading identity card, need the configuration information stored in identity card and add
Close ID card information is both provided to the safety control module that the Ministry of Public Security authorizes.In the present embodiment, regardless of whether receive Card Reader and refer to
Order, as long as card reader 202 there are identity card (i.e. receiving the card seeking response instruction that identity card returns) in readable range being detected,
Then read the configuration information of this identity card.
In the present embodiment, after card reader 202 reads the configuration information in the first identity card, card reader 202 passes through external interface
Judge whether electronic signature equipment 201 stores the configuration information of the first identity card that card reader 202 formerly reads, if do not had
There is storage, then configuration information is stored in electronic signature equipment 201;If it addition, storage has card reader 202 formerly to read
Configuration information, then directly card reader 202 receives Card Reader instruction.
As the optional embodiment of the one in the present embodiment, card reader 202, it is additionally operable to obtain the encryption body of storage in identity card
Part card information includes: card reader 202 inquires about whether store the crypto identity corresponding with configuration information in electronic signature equipment 201
Card information;In the case of storage has encryption identity card information in determining electronic signature equipment 201, read electricity by external interface
The encryption identity card information of storage in sub-signature device 201;Encryption identity card is not stored in determining electronic signature equipment 201
In the case of information, card reader performs the Card Reader flow process of identity card, reads the encryption identity card information in the first identity card, and will
The encryption identity card information read is stored in electronic signature equipment 201 by external interface, and associates with configuration information.
In the present embodiment, in the case of electronic signature equipment 201 does not store configuration information, will configuration by external interface
Information stores electronic signature equipment 201 and includes: card reader 202 is additionally operable to delete electronic signature equipment 201 by external interface
The configuration information of middle storage and encryption identity card information, store the configuration information of reading in electronic signature equipment 201;Card Reader
Device 202 obtains the encryption identity card information of storage in identity card and includes: card reader is additionally operable to inquire about in electronic signature equipment 201 and is
No storage has encryption identity card information;In the case of in determining electronic signature equipment 201, storage has encryption identity card information, logical
Cross external interface and read the encryption identity card information of storage in electronic signature equipment 201;Do not have in determining electronic signature equipment 201
In the case of having storage encryption identity card information, card reader 202 performs the Card Reader flow process of identity card, reads in the first identity card
Encryption identity card information, and the encryption identity card information of reading is stored in electronic signature equipment 201 by external interface.
As the optional embodiment of one of the present embodiment, card reader 202 transmission ciphertext is sent to background server 203 it
After, background server 203 can interact with SAM module, obtains the identity card cleartext information of deciphering, background server
203 utilize the second transmission double secret key identity card cleartext information to be encrypted, it is thus achieved that the first encryption identity card information, encrypt first
ID card information is sent to card reader 202.Therefore, in this optional embodiment, the first transmission ciphertext is sent out by card reader 202
After giving background server 203, the method can also include: card reader 202 obtains first that background server 203 sends
Sending after encryption identity card information to electronic signature equipment 201, electronic signature equipment 201 utilizes the first transmission double secret key first to add
Close ID card information is decrypted, and the identity card cleartext information that deciphering obtains, electronic signature equipment 201 produces a random key;
Use random key that identity card cleartext information is encrypted, the identity card cleartext information after encryption is stored in safety chip.
By being stored in safety chip by the identity card cleartext information of encryption, card reader 202 can be believed at needs repeatedly reading identity card
In the case of breath, from electronic signature equipment 201 safety chip, directly obtain the identity card cleartext information of encryption, it is not necessary to pass through
Encryption identity card information is decrypted by background server 203 and SAM module the most again, in order to save the time of secondary Card Reader,
Further, by using random key that identity card cleartext information is encrypted, it is ensured that the safety of identity card cleartext information.
Concrete, card reader 202 can be passed through terminal (such as computer or mobile phone etc.) and be connected with background server 203 foundation and lead to
News, it is also possible to (such as bluetooth, infrared or NFC near-field communication etc.) are directly set up with background server 203 wirelessly
Connect and communication.
As the optional embodiment of the one in the present embodiment, as the optional embodiment of the one in the present embodiment, electronic signature
In equipment 201, the encryption identity card information of storage includes multiple packet;Electronic signature equipment 201 utilizes the first transmission double secret key
Configuration information and the encryption of encryption identity card information generate the first transmission ciphertext, including: electronic signature equipment 201 is additionally operable to encrypt
Multiple packets that ID card information includes obtain the first transmission ciphertext after utilizing the first transmission key encryption successively.
As the optional embodiment of the one in the present embodiment, the instruction that station server 203 sends upon receipt retransmits encryption body
When part demonstrate,proves the retransmission instructions of information, card reader 202 is additionally operable to send to electronic signature equipment 201, electronic signature retransmission instructions
Equipment 201 is additionally operable to utilize the first transmission double secret key retransmission instructions instruction to need the packet retransmitted to be encrypted generation the second transmission
Ciphertext, and send to card reader 202, card reader 202 is additionally operable to retransmit the second transmission ciphertext to background server 203, backstage
Server 203 is additionally operable to utilize the second transmission double secret key second to transmit ciphertext deciphering and obtains the data that retransmission instructions instruction needs to retransmit
Bag.Background server 203 needs the packet retransmitted by retransmission instructions instruction card reader 202, and card reader 202 only need to will need
Packet to be retransmitted retransmits to background server after utilizing the first transmission key encryption, saves the time of reading identity card.
As the optional embodiment of one of the present embodiment, card reader 202 is additionally operable to the first transmission ciphertext is being sent to backstage clothes
After business device 203, it is not detected by identity card in the given time, empties electronic signature equipment 201 internal memory by external interface
The configuration information of the identity card of storage and encryption identity card information.Further, card reader 202 is additionally operable to by the first transmission ciphertext
After being sent to background server 203, obtain background server 203 and decipher the identity card cleartext information obtained;By proof of identification
Literary composition information is sent to electronic signature equipment 201.Electronic signature equipment 201 is additionally operable to produce a random key, uses with secret
Identity card cleartext information is encrypted by key, is stored in electronic signature equipment 201 by the identity card cleartext information after encryption.
As the optional embodiment of one of the present embodiment, card reader 202, it is additionally operable to identity card letter in plain text in card reader 202
After breath stores in electronic signature equipment 201, receive the card seeking response instruction that the second identity card returns, read the second identity
The configuration information of card, it is judged that whether store the configuration information of current reading in electronic signature equipment 201, receive and be attached thereto
Terminal Card Reader instruction;The feelings of the configuration information of current reading are contained at the safety chip internal memory judging electronic signature equipment 201
Under condition, it is judged that whether electronic signature equipment 201 stores the identity card cleartext information after encryption;Judging electronic signature equipment 201
In the case of middle storage has the identity card cleartext information after encryption, obtain identity card cleartext information from electronic signature equipment 201.When
So, card reader 202, it is additionally operable to, in electronic signature equipment 201, the identity card cleartext information after encryption is stored electronic signature and sets
After in standby 201, it is not detected by identity card in the given time, after the encryption stored in emptying electronic signature equipment 201
Identity card cleartext information;And/or, described card reader, it is additionally operable to the described proof of identification after encryption in described electronic signature equipment
After literary composition information stores in described electronic signature equipment, it is not detected by identity card or electronic signature equipment 201 in the given time
In the case of performing before power-off operation, trigger electronic signature equipment 201 and delete random key;Described electronic signature equipment, also uses
Under the triggering in described card reader, delete described random key.After deleting random key, though this electronic signature equipment 201
It is illegally accessed, also the identity card cleartext information of the encryption of storage in electronic signature equipment 201 cannot be decrypted, thus protect
Demonstrate,prove the safety of ID card information, and then make safety chip the identity card cleartext information of encryption can be stored flash memory (flash)
In.
Alternatively, in the present embodiment, the configuration information of identity card and the identity card cleartext information of encryption can be in the way of cachings
Store in electronic signature equipment 201, according to the characteristic of caching, after 201 times electricity of electronic signature equipment, automatically empty storage
Information, thereby may be ensured that the safety of ID card information.
The ID card information secure transmission system provided by the present embodiment, was attended school before card reader 202 receives Card Reader instruction
Taking and store the configuration information of identity card, after receiving Card Reader instruction, card reader 202 need not joining of reading identity card again
Confidence ceases, it is only necessary to the encryption identity card information of storage in reading identity card, has saved the Card Reader time.It addition, taken by backstage
Business device 203 deciphering obtains identity card cleartext information and is stored in the electronic signature equipment 201 being connected with card reader 202, when doing
In the case of reason service needed repeatedly reading identity card information, the proof of identification of encryption can be obtained from electronic signature equipment 201
Literary composition information, it is not necessary to background server is repeatedly deciphered, thus further reduces the Card Reader time.
Any process described otherwise above or method describe and are construed as in flow chart or at this, represent include one or
The module of code, fragment or the part of the executable instruction of the more steps for realizing specific logical function or process, and
The scope of the preferred embodiment of the present invention includes other realization, wherein can not be by order that is shown or that discuss, including root
According to involved function by basic mode simultaneously or in the opposite order, performing function, this should be by embodiments of the invention institute
Belong to those skilled in the art to be understood.
Should be appreciated that each several part of the present invention can realize by hardware, software, firmware or combinations thereof.In above-mentioned enforcement
In mode, multiple steps or method can be with storing the software or firmware that in memory and be performed by suitable instruction execution system
Realize.Such as, if realized with hardware, with the most the same, available following technology well known in the art
In any one or their combination realize: have and patrol for the discrete of logic gates that data signal is realized logic function
Collect circuit, there is the special IC of suitable combination logic gate circuit, programmable gate array (PGA), field programmable gate
Array (FPGA) etc..
Those skilled in the art are appreciated that it is permissible for realizing all or part of step that above-described embodiment method carries
Instruct relevant hardware by program to complete, program can be stored in a kind of computer-readable recording medium, this program exists
During execution, including one or a combination set of the step of embodiment of the method.
Additionally, each functional unit in each embodiment of the present invention can be integrated in a processing module, it is also possible to be each
Unit is individually physically present, it is also possible to two or more unit are integrated in a module.Above-mentioned integrated module is the most permissible
The form using hardware realizes, it would however also be possible to employ the form of software function module realizes.If integrated module is with software function mould
The form of block realizes and as independent production marketing or when utilizing, it is also possible to be stored in a computer read/write memory medium.
Storage medium mentioned above can be read only memory, disk or CD etc..
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " concrete example ",
Or specific features, structure, material or the feature that the description of " some examples " etc. means to combine this embodiment or example describes comprises
In at least one embodiment or example of the present invention.In this manual, the schematic representation to above-mentioned term not necessarily refers to
It is identical embodiment or example.And, the specific features of description, structure, material or feature can at any one or
Multiple embodiments or example combine in an appropriate manner.
Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is exemplary,
Being not considered as limiting the invention, those of ordinary skill in the art is in the case of without departing from the principle of the present invention and objective
Above-described embodiment can be changed within the scope of the invention, revise, replace and modification.The scope of the present invention is by appended power
Profit requires and equivalent limits.
Claims (10)
1. an ID card information transmission method, it is characterised in that including:
The card reader being not provided with SAM module receives Card Reader instruction, sends escape way and sets up request to background server;
Described background server receives described escape way and sets up request, generates the first random factor, and will described first random because of
Son sends to described card reader;
Described card reader receives described first random factor, sends described first random factor to electronic signature equipment;
Described electronic signature equipment receives described first random factor, and the private key utilizing described electronic signature equipment is to be signed to first
Data signature, generates the first signed data, sends data by first and sends to described card reader, wherein, described first to be signed
Data at least include described first random factor, and described first sends data to include described first signed data and described electronics less
The digital certificate of signature device;
Described card reader receives described first and sends data, sends data by described first and sends to described background server;
Described background server receives described first and sends data, verifies the digital certificate of described electronic signature equipment, logical in checking
Later, described first signed data is carried out sign test operation, if sign test is not passed through, then terminate flow process;
If sign test is passed through, the most described background server generates the second random factor, and based on described first random factor and described
Second random factor generates the 3rd random factor, utilizes the 3rd random factor described in the public key encryption of described electronic signature equipment,
To encryption data, utilize the private key of described background server that described encryption data is signed, obtain the second signed data, profit
It is calculated the second transmission key with described 3rd random factor, the second transmission data are sent to described card reader, wherein, institute
State the second transmission data and include described second signed data, described encryption data and the digital certificate of described background server;
Described card reader receives described second transmission data, sends described second transmission data to described electronic signature equipment;
Described electronic signature equipment receives described second transmission data, verifies the digital certificate of described background server, logical in checking
Later, described second signed data is carried out sign test operation, if sign test is passed through, then utilize the private key of described electronic signature equipment
Described encryption data is decrypted operation, obtains described 3rd random factor, and utilize described 3rd random factor to be calculated
First transmission key;
Described electronic signature equipment utilizes the number transmitted between card reader and described background server described in described first transmission double secret key
According to carrying out encryption and decryption, described background server utilize described second transmission double secret key described between card reader and described background server
The data of transmission carry out encryption and decryption.
Method the most according to claim 1, it is characterised in that:
Described background server carries out sign test operation to described first signed data, including:
Described background server utilizes the described electronics label in the digital certificate of described first random factor and described electronic signature equipment
The PKI of name equipment carries out sign test operation to described first signed data;
Described electronic signature equipment carries out sign test operation to described second signed data, including:
Described electronic signature equipment utilizes the described background server in the digital certificate of described encryption data and described background server
PKI described second signed data is carried out sign test operation.
Method the most according to claim 1, it is characterised in that:
Described first data to be signed also include: the first identity of described electronic signature equipment;Described first sends data also
Including: the second identity of described electronic signature equipment.
The most according to the method in claim 2 or 3, it is characterised in that before described card reader receives Card Reader instruction,
Described method also includes:
Described card reader receives the card seeking response instruction that the first identity card returns;
Described card reader reads the configuration information of described first identity card;
Whether described card reader is by having stored described configuration information, at described electronics label in external interface inquiry electronic signature equipment
In the case of name equipment does not store described configuration information, by described external interface, described configuration information is stored described electronics
In signature device;
After described electronic signature equipment is calculated described first transmission key, described method also includes:
Described card reader obtains the encryption identity card information of storage in described identity card, and sends to described electronic signature equipment, connects
Receive the first transmission ciphertext that described electronic signature equipment returns, and described first transmission ciphertext is sent to described background server;
Described electronic signature equipment utilizes the number transmitted between card reader and described background server described in described first transmission double secret key
According to carrying out encryption and decryption, including: described electronic signature equipment utilizes configuration information and described encryption described in described first transmission double secret key
ID card information encryption generates described first transmission ciphertext;
Described background server utilizes the data transmitted between card reader and described background server described in described second transmission double secret key
Carry out encryption and decryption, including: described background server utilizes the first transmission ciphertext deciphering described in described second transmission double secret key, obtains
Described configuration information and described encryption identity card information.
5. an ID card information transmission system, it is characterised in that including: be not provided with the card reader of SAM module, electronics
Signature device and background server, wherein,
Described card reader, is used for receiving Card Reader instruction, sends escape way and sets up request extremely described background server, receives first
Random factor, sends described first random factor to described electronic signature equipment, receives the first transmission data, by described first
Send data to send to described background server, receive the second transmission data, described second transmission data are sent to described electronics
Signature device;
Described background server, is used for receiving described escape way and sets up request, generate described first random factor, and by described
First random factor sends to described card reader, receives described first and sends data, verifies the numeral card of described electronic signature equipment
Book, after being verified, carries out sign test operation to described first signed data, if sign test is not passed through, then terminates flow process, as
Really sign test is passed through, and the most described background server generates the second random factor, and based on described first random factor and described second with
The machine factor generates the 3rd random factor, utilizes the 3rd random factor described in the public key encryption of described electronic signature equipment, is encrypted
Data, utilize the private key of described background server to sign described encryption data, obtain the second signed data, by described
Two transmission data send to described card reader, utilize described 3rd random factor to be calculated the second transmission key, utilize described the
Described in two transmission double secret key, between card reader and described background server, the data of transmission carry out encryption and decryption, and wherein, described second passes
Transmission of data includes described second signed data, described encryption data and the digital certificate of described background server;
Described electronic signature equipment, is used for receiving described first random factor, utilizes the private key of electronic signature equipment to wait to sign to first
Name data signature, generates the first signed data, sends data by described first and sends to described card reader, wherein, described first
Data to be signed at least include described first random factor, and described first sends data to include described first signed data and institute less
State the digital certificate of electronic signature equipment, receive described second transmission data, verify the digital certificate of described background server,
After being verified, described second signed data is carried out sign test operation, if sign test is passed through, then utilize described electronic signature equipment
Private key described encryption data is decrypted operation, obtain described 3rd random factor, and utilize described 3rd random factor meter
Calculation obtains the first transmission key, utilizes the number transmitted between card reader and described background server described in described first transmission double secret key
According to carrying out encryption and decryption.
System the most according to claim 5, it is characterised in that:
Described background server, for described first signed data is carried out sign test operation, including:
Described background server, described for utilize in the digital certificate of described first random factor and described electronic signature equipment
The PKI of electronic signature equipment carries out sign test operation to described first signed data;
Described electronic signature equipment, for described second signed data is carried out sign test operation, including:
Described electronic signature equipment, the described backstage in the digital certificate utilizing described encryption data and described background server
The PKI of server carries out sign test operation to described second signed data.
System the most according to claim 5, it is characterised in that:
Described first data to be signed also include: the first identity of described electronic signature equipment;Described first sends data also
Including: the second identity of described electronic signature equipment.
8. according to the system described in claim 6 or 7, it is characterised in that
Described card reader, is additionally operable to before receiving the instruction of described Card Reader, and the card seeking response receiving the first identity card return refers to
Order;Read the configuration information of described first identity card;Join described in whether external interface inquiry electronic signature equipment has stored
Confidence ceases, and in the case of described electronic signature equipment does not store described configuration information, is joined described by described external interface
Confidence breath stores in described electronic signature equipment;
Described card reader, is additionally operable to, after described electronic signature equipment is calculated described first transmission key, obtain described body
The encryption identity card information of storage in part card, and send to described electronic signature equipment, receive the return of described electronic signature equipment
First transmission ciphertext, and described first transmission ciphertext is sent to described background server;
Described electronic signature equipment, is used for utilizing described first to transmit described in double secret key and passes between card reader and described background server
Defeated data carry out encryption and decryption, including: described electronic signature equipment utilizes configuration information and institute described in described first transmission double secret key
State the encryption of encryption identity card information and generate described first transmission ciphertext;
Described background server, is used for utilizing described in described second transmission double secret key and transmits between card reader and described background server
Data carry out encryption and decryption, utilize the first transmission ciphertext deciphering described in described second transmission double secret key including: described background server,
Obtain described configuration information and described encryption identity card information.
9. the method for an ID card information transmission, it is characterised in that including:
The card reader being not provided with SAM module receives Card Reader instruction, sends escape way and sets up request to background server;
Described background server receives described escape way and sets up request, generates the first random factor, and the first authentication data is sent out
Delivering to described card reader, wherein, described first authentication data at least includes: described first random factor and described background server
Digital certificate;
After described card reader receives described first authentication data, described first authentication data is sent to electronic signature equipment;
Described electronic signature equipment receives described first authentication data, verifies the digital certificate of described background server, is verified
After, generate the second random factor, and utilize the second random factor described in the public key encryption of described background server, obtain first and add
Ciphertext data, signs to described first random factor and described first encryption data, obtains the first signed data, recognize second
Card data send to described card reader, and are calculated the first transmission key based on described second random factor, wherein, and described the
Two authentication datas include described first signed data, described first encryption data and the digital certificate of described electronic signature equipment;
After described card reader receives described second authentication data, described second authentication data is sent to described background server;
Described background server receives described second authentication data, verifies the digital certificate of described electronic signature equipment, logical in checking
Later, described first signed data is carried out sign test, if sign test is passed through, then utilize the private key of described background server to described
First encryption data is decrypted operation, obtains described second random factor, if sign test is not passed through, then terminates flow process;
Described background server is calculated the second transmission key based on described second random factor;
Described electronic signature equipment utilizes the number transmitted between card reader and described background server described in described first transmission double secret key
According to carrying out encryption and decryption, described background server utilize described second transmission double secret key described between card reader and described background server
The data of transmission carry out encryption and decryption.
10. the system of ID card information transmission, it is characterised in that including: be not provided with SAM module card reader,
Background server and electronic signature equipment, wherein:
Described card reader, is used for receiving Card Reader instruction, sends escape way and sets up request to background server;
Described background server, is used for receiving described escape way and sets up request, generate the first random factor, and by the first certification
Data send to described card reader, and wherein, described first authentication data at least includes: described first random factor and described backstage
The digital certificate of server;
Described card reader, after being additionally operable to receive described first authentication data, sends described first authentication data and sets to signing electronically
Standby;
Described electronic signature equipment, is used for receiving described first authentication data, verifies the digital certificate of described background server, test
Card, by rear, generates the second random factor, and utilizes the second random factor described in the public key encryption of described background server, obtains
First encryption data, signs to described first random factor and described first encryption data, obtains the first signed data, will
Second authentication data sends to described card reader, and is calculated the first transmission key based on described second random factor, wherein,
Described second authentication data includes the numeral card of described first signed data, described first encryption data and described electronic signature equipment
Book;
Described card reader, after being additionally operable to receive described second authentication data, sends described second authentication data and takes to described backstage
Business device;
Described background server, is additionally operable to receive described second authentication data, verifies the digital certificate of described electronic signature equipment,
After being verified, described first signed data is carried out sign test, if sign test is passed through, then utilize the private of described background server
Key is decrypted operation to described first encryption data, obtains described second random factor, if sign test is not passed through, then terminates stream
Journey;And it is calculated the second transmission key based on described second random factor;
Described electronic signature equipment, is additionally operable to utilize described first to transmit described in double secret key and passes between card reader and described background server
Defeated data carry out encryption and decryption;
Described background server, is additionally operable to utilize described in described second transmission double secret key and transmits between card reader and described background server
Data carry out encryption and decryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510765362.4A CN106027457B (en) | 2015-11-10 | 2015-11-10 | A kind of ID card information transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510765362.4A CN106027457B (en) | 2015-11-10 | 2015-11-10 | A kind of ID card information transmission method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106027457A true CN106027457A (en) | 2016-10-12 |
| CN106027457B CN106027457B (en) | 2019-05-17 |
Family
ID=57082626
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510765362.4A Active CN106027457B (en) | 2015-11-10 | 2015-11-10 | A kind of ID card information transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106027457B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107196922A (en) * | 2017-05-03 | 2017-09-22 | 国民认证科技(北京)有限公司 | Identity identifying method, user equipment and server |
| CN109660988A (en) * | 2019-01-02 | 2019-04-19 | 百度在线网络技术(北京)有限公司 | Communicate authentication processing method, device and electronic equipment |
| CN109698830A (en) * | 2018-12-25 | 2019-04-30 | 飞天诚信科技股份有限公司 | A kind of method and system communicated with identity card |
| CN110020524A (en) * | 2019-03-31 | 2019-07-16 | 西安邮电大学 | A kind of mutual authentication method based on smart card |
| CN114900304A (en) * | 2021-12-29 | 2022-08-12 | 北京爱知之星科技股份有限公司 | Digital signature method and apparatus, electronic device, and computer-readable storage medium |
| CN116156495A (en) * | 2023-04-11 | 2023-05-23 | 支付宝(杭州)信息技术有限公司 | Security environment body checking method and system based on wireless signals |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103813321A (en) * | 2014-02-13 | 2014-05-21 | 天地融科技股份有限公司 | Agreement key based data processing method and mobile phone |
| EP2768178A1 (en) * | 2013-02-14 | 2014-08-20 | Gemalto SA | Method of privacy-preserving proof of reliability between three communicating parties |
| CN104618115A (en) * | 2015-01-27 | 2015-05-13 | 李明 | Identity card information obtaining method and system |
| CN104657691A (en) * | 2015-01-27 | 2015-05-27 | 李明 | Identity card information acquisition method, device and system |
-
2015
- 2015-11-10 CN CN201510765362.4A patent/CN106027457B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2768178A1 (en) * | 2013-02-14 | 2014-08-20 | Gemalto SA | Method of privacy-preserving proof of reliability between three communicating parties |
| CN103813321A (en) * | 2014-02-13 | 2014-05-21 | 天地融科技股份有限公司 | Agreement key based data processing method and mobile phone |
| CN104618115A (en) * | 2015-01-27 | 2015-05-13 | 李明 | Identity card information obtaining method and system |
| CN104657691A (en) * | 2015-01-27 | 2015-05-27 | 李明 | Identity card information acquisition method, device and system |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107196922A (en) * | 2017-05-03 | 2017-09-22 | 国民认证科技(北京)有限公司 | Identity identifying method, user equipment and server |
| CN107196922B (en) * | 2017-05-03 | 2020-08-04 | 国民认证科技(北京)有限公司 | Identity authentication method, user equipment and server |
| CN109698830A (en) * | 2018-12-25 | 2019-04-30 | 飞天诚信科技股份有限公司 | A kind of method and system communicated with identity card |
| CN109698830B (en) * | 2018-12-25 | 2021-01-15 | 飞天诚信科技股份有限公司 | Method and system for communicating with identity card |
| CN109660988A (en) * | 2019-01-02 | 2019-04-19 | 百度在线网络技术(北京)有限公司 | Communicate authentication processing method, device and electronic equipment |
| CN109660988B (en) * | 2019-01-02 | 2021-09-28 | 百度在线网络技术(北京)有限公司 | Communication authentication processing method and device and electronic equipment |
| CN110020524A (en) * | 2019-03-31 | 2019-07-16 | 西安邮电大学 | A kind of mutual authentication method based on smart card |
| CN110020524B (en) * | 2019-03-31 | 2021-05-18 | 西安邮电大学 | Bidirectional authentication method based on smart card |
| CN114900304A (en) * | 2021-12-29 | 2022-08-12 | 北京爱知之星科技股份有限公司 | Digital signature method and apparatus, electronic device, and computer-readable storage medium |
| CN114900304B (en) * | 2021-12-29 | 2023-06-09 | 北京爱知之星科技股份有限公司 | Digital signature method and apparatus, electronic device, and computer-readable storage medium |
| CN116156495A (en) * | 2023-04-11 | 2023-05-23 | 支付宝(杭州)信息技术有限公司 | Security environment body checking method and system based on wireless signals |
| CN116156495B (en) * | 2023-04-11 | 2023-07-07 | 支付宝(杭州)信息技术有限公司 | Security environment body checking method and system based on wireless signals |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106027457B (en) | 2019-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106027250B (en) | A kind of ID card information safe transmission method and system | |
| CN106027457B (en) | A kind of ID card information transmission method and system | |
| CN103621127B (en) | For the access point controller of wireless authentication, method and integrated circuit | |
| CN103501191B (en) | A kind of mobile payment device based on NFC technology and method thereof | |
| CN106156677B (en) | Identity card card reading method and system | |
| CN103532719B (en) | Dynamic password generation method, dynamic password generation system, as well as processing method and processing system of transaction request | |
| CN103516525B (en) | Dynamic password generation method and system | |
| CN103326862B (en) | Electronically signing method and system | |
| CN106161032A (en) | A kind of identity authentication method and device | |
| CN101300808A (en) | Method and arrangement for secure autentication | |
| CN106027249B (en) | Identity card card reading method and system | |
| CN103974255B (en) | A kind of vehicle access system and method | |
| CN103401844A (en) | Operation request processing method and system | |
| CN102281143B (en) | Remote unlocking system of intelligent card | |
| CN107332671A (en) | A kind of safety mobile terminal system and method for secure transactions based on safety chip | |
| CN107135205A (en) | A kind of method for network access and system | |
| CN106789024A (en) | A kind of remote de-locking method, device and system | |
| CN106022081A (en) | Card reading method for identity-card card-reading terminal, and terminal and system for identity-card card-reading | |
| CN106878122A (en) | A kind of method for network access and system | |
| Dang et al. | Pricing data tampering in automated fare collection with NFC-equipped smartphones | |
| CN106056014A (en) | Identity card reading method, identity card reading system and card reader | |
| CN106027256B (en) | A kind of identity card card reading response system | |
| CN105989481B (en) | Data interaction method and system | |
| CN103514540B (en) | A kind of excellent shield service implementation method and system | |
| CN106372557B (en) | Certificate card information acquisition method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |